data security

New Cyber Security Strategy – Deceiving the Deceivers

September 5th, 2017

New cyber security battle is fought in a new way. Deception is the old strategy used in business, warfare and politics. It is now implemented in IT security.

Cyber criminals are long using deception policy to gain information. Now, new generation start-ups are using the same idea to avoid them. They are confusing the attackers by masking the real system.

“The idea is to mask real high-value assets in a sea of fake attack surfaces,” said Ori Bach, VP of products and marketing at TrapX Security. “By doing so, attackers are disoriented.”

Once attackers enter the system through malicious ways, they are free to roam inside. As per the Gartner analyst Lawrence Pingree, attackers must “trust” the environment that they insert malware into.

“Deception exploits their trust and tempts the attacker toward alarms,” said Pingree. “Deception also can be used to move an attacker away from sensitive assets and focus their efforts on fake assets – burning their time and the attacker’s investment.”

The main aspect is to manage real user endpoint lures.

“Distributed deception platforms (DDP) are solutions that create faked systems (often real operating systems, but used as sacrificial machines), lures (such as fake drive maps and browser histories) and honeytokens (fake credentials) on real end-user systems to entice and mislead the attacker to faked assets in order to enhance detection and to delay their actions as they attack those decoy assets,” wrote Pingree.

Experts believe that deceptive technology must not only create honeypots but a whole system to make it real.

“Ideally, organizations can use DDP solutions to create ‘intimate threat intelligence’ and use that to enrich their other tools to enhance prevention at the network and other security defensive layers,” said Pingree.

“Since you never know where you might be attacked, the ideal deception strategy should cover as many layers of the network and as many types of assets as possible,” said Bach. “For a deception tool to be effective in an enterprise environment, it must be integrated with the infrastructure (e.g. Active Directory, the networking infrastructure) and the security ecosystem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Attack on Critical Infrastructure

September 2nd, 2017

Symantec researchers recently investigated and published findings of new cyber attacks which targeted the energy sector in Europe and North America. Attack group is known as Dragonfly which is involved in such activities since 2011.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the Symantec researchers wrote in a blog post.

Symantec cyber security researcher Eric Chien mentioned Reuters that many of companies have been targeted which few based in U.S.

“As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software,” the researchers mentioned.

Attackers were trying to gain remote access to the system.

“Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks,” the researchers wrote. “This custom malware is not available on the black market, and has not been observed being used by any other known attack groups.”

RiskVision CEO Joe Fantuzzi mentioned that there is a rise in the attack on the energy sector. “Critical infrastructure is clearly becoming more of a target for hackers as it provides access not only to sensitive information but the ability to dramatically impact and/or harm large numbers of people,” he said.

Fantuzzi added that energy sector company should do risk analysis. “Unfortunately, security defenses protecting these systems have often been neglected or routinely deprioritized, and as a result, are substandard or completely outdated, thus giving cyber criminals an easy entry into these networks,” he said.

 ___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Current State of IOT

August 30th, 2017

As per the recent reports, a list of IP addresses and login credentials for more than 8,000 telnet-accessible Internet of Things (IoT) devices was posted on Pastebin. GDI Foundation chairman Victor Gevers mentioned that out of 8,233 devices only 144 has different login credentials. He also mentioned that the common credentials are root:[blank] (782 instances), admin:admin (634), root:root (320), admin:default (21), and default:.

Varonis technical evangelist Brian Vecci told that a leak as big as this one opens the door to a wide variety of infections and exploits. “Not only do consumers need to be mindful of what they put on their network and do what they can to secure their devices, but manufacturers have an obligation to make security an essential part of the design with IoT products,” he said.

Vecci said that defaults settings is an open invitation for attackers.

“Device manufacturers need to build better security into the design of their products and services to ensure that even if a consumer doesn’t take the time to customize the device, it’s not accessible and inviting abuse,” Vecci added. “Some manufacturers, for example, are beginning to minimize the risk of devices being hacked by randomizing factory default credentials and disabling remote access by default.”

As per the recent Irdeto survey, 90 percent mentioned that the cyber security should be inbuilt in IOT devices.

“Today’s connected world needs consumers to be vigilant about security threats,” Irdeto director of IoT security Mark Hearn said in a statement. “On the device manufacturer side, there must be a better ‘defense-in-depth’ approach to cyber security that integrates multiple layers of security into a system. This approach, combined with ongoing security updates to protect against the latest threats, is critical to mitigate attacks targeting IoT technologies.”

New IoT Cybersecurity Improvement Act of 2017 was introduced in the US to tackle security issues.

“My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products,” bill co-sponsor Sen. Mark Warner said at the time.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

App Install Advertising Fraud

August 27th, 2017

The recent trend shows that there are new ways of online advertising today which aim for mobile apps install. As per the security firm DataVisor, the app installs advertising marketplace is a hot spot for regular attacks by fraudsters. This industry is of approximately $300 million per year.

DataVisor’s new “The Underworld of App Install Advertising” report mentioned that on average, premium ad networks had app install fraud rates of less one percent. Non-premium advertising network stands at five percent.

Ting-Fang Yen, Director of Research at DataVisor mentioned eSecurityPlanet that premium ad network doesn’t usually outsource or broker out their traffic to other channels. They either advertise on their own sites or only partner with reputable publishers they know, she said.

DataVisor Global Intelligence Network analyzed 140 million app installs and 11 billion user events to determine this report.

“We were surprised to see how much fraudsters are faking in-app activities and retention behavior,” Yen said.

Yen mentioned that fraudulent installs generated at least one in-app event.

“This means that fraudsters are becoming much more sophisticated. They are moving beyond just installs to go after the bigger payouts from cost-per-engagement (CPE) campaigns,” Yen said.

Yen mentioned ways to limit the risk by detecting fraud. Techniques involve the use of heuristics such as device identification, IP filtering, or click-to-install-time anomalies to distinguish fake installs from genuine users.

“Fraudsters are constantly exploring new ways to take advantage of loopholes and avoid detection,” Yen said. “This dynamic nature of fraud means that advertisers must remain vigilant and select the right partners and targeting criteria for each campaign they run.”

Advanced fraud detection solutions which can adapt to constantly changing attack patterns should be implemented.

“As fraudsters become increasingly sophisticated at faking installs, we expect more advertisers to adopt cost-per-engagement user acquisition models to avoid fraudulent traffic,” Yen said.

“Fraud is dynamic, and fraudsters are always on the look out for vulnerable points of entry,” she said. “If an ad network scrutinizes their traffic and deploys anti-fraud solutions, fraudsters will move to another channel that is less vigilant about traffic quality.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

AI to Hunt Security Threat

August 25th, 2017

Versive which is based in Seattle recently raised  $12.7 million in a round of funding from Goldman Sachs, Formation 8, Madrona Venture Group and Vulcan Capital. Total investment till date is $54.7 million.

Versive Security Engine is the firm’s products which uses artificial intelligence (AI) technologies for critical threats involving networks and the data. As per the CEO Joseph Polverari, product is “an intelligent, automated threat-hunting solution, built on Versive’s award-winning, enterprise-scale artificial intelligence platform,”

“The Versive Security Engine was developed specifically to help cyber security practitioners effectively harness the power of AI to detect, identify, and mitigate advanced adversaries in ways not previously possible,” continued Polverari.

Versive has also announced a strategic partnership with big data and machine learning specialist Cloudera. Company plans to combine Versive’s AI technology and Cloudera’s analytics and machine learning capabilities.

“Using the Cloudera platform, Apache Spot’s open-data models, and the Versive Security Engine, enterprises can detect attackers that would be unseen with other approaches,” said Sam Heywood, director of Cloudera Cybersecurity Strategy.

Venture capital has increased participation in AI based Cybersecurity firms.

Bricata raised $8 million in a Series A round. It uses AI and machine learning technologies in its intrusion detection and prevention solution.

Darktrace announced that it had raised $75 million in a Series D round of funding.

“It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”Nicole Eagan, CEO at Darktrace said.

AI-enabled risk-detection solution, San Jose, Calif.-based Balbix mentioned that it got $8.6 million in investments.

Balbix is predictive risk analytics platform which shows results in a heat map.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data Breach at Tewksbury Hospital

August 23rd, 2017

Tewksbury Hospital which is based in Massachusetts recently found out that there was unauthorized EHR access. The incident may have potentially led to a data breach.

As per the statement by a former Tewksbury Hospital patient, the electronic medical record was accessed inappropriately by an unauthorized individual.  After the investigation, a hospital found out that an employee may have accessed the data without proper justification.

It also found out that 1,000 other current and former patients information was accessed. Affected information included patient names, addresses, phone numbers, dates of birth, gender, diagnoses, and other information regarding medical treatment.

The employee has been terminated by the facility. The person no longer has access to the hospital’s HER system. Tewksbury Hospital also mentioned that there is no evidence of information misuse.

Patients are notified of the current incident. The Massachusetts Attorney General’s Office, the Massachusetts Office for Consumer Affairs and Business Regulation, and OCR are also notified.

“To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” read a statement on the Massachusetts Health and Human Services website. “We are also reassessing how we review our workforce members’ use of the electronic medical records system, and we will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”

Affected individuals are encouraged to call toll free number for any further information about the incident. They can also take following steps –

  • Request initial fraud alert
  • Order a Credit Report and review the account (look for inquiries listed on the credit report from businesses that accessed your credit without a request)
  • Request a security freeze

If you are affected by the data breach you have the right to file a police report and obtain a copy of it. Massachusetts law gives you right to obtain any police report filed in regards to the incident.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Staff Shortage for Cyber Security

August 15th, 2017

The findings of recent Tripwire survey of 108 people at Black Hat USA 2017 has below findings-

Eighty-five percent of cyber security pros mentioned that they need more people

Eighty four percent mentioned that they need new technology

Twenty-eight percent mentioned that they need vendor services

Seventy percent mentioned that hiring experienced professionals is on priority

Thirty percent mentioned that they are willing for on job training

“Tools alone can’t solve the challenges in cyber security,” Tripwire vice president Tim Erlin said in a statement. “Organizations need talented staff to drive process improvements, administer tools and push for continuous improvement.”

“If you think the answer to the problems that keep you up at night is a new cyber security tool, it’s time to reassess,” Erlin added. “Security is built on strong foundations, and the best practices need to adapt to the changing threat landscape, but the core of what’s necessary for defense remains consistent.”

As per the research firm Gartner,  information security spending will climb to $86.4 billion in 2017

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” Gartner principal research analyst Sid Deshpande mentioned in a statement.

Sid also mentioned that investing on new tech is not the complete solution “As seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said.

“Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening.”

“Cyber attacks and data breaches are on the rise and being broadcast in the media, and with it a need for more security professionals, services and tools to protect organizations,” AsTech chief security strategist Nathan Wenzler said.

“Further, if we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and towards applications and people,” Wenzler added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.

IoT Security Bill

August 2nd, 2017

This week the Internet of Things Cybersecurity Improvement Act of 2017 was introduced by a bipartisan group of U.S. senators. The rules sets minimum conditions and requirements for the security of Internet-connected devices purchased by the U.S. government. It also provides legal protections to security researchers.

Features:

(1) Devices which are connected to the internet should be patchable

(2) Industry standard protocols should be implemented

(3) Hard-coded passwords that can’t be changed should be leveraged

(4) Security vulnerabilities should not be present

It also asked the Office of Management and Budget to create alternative security conditions for devices with limited data processing and software functionality.

As per the bill, the definition of an Internet-connected device “is capable of connecting to and is in regular connection with the Internet,” and “has computer processing capabilities that can collect, send, or receive data.”

“While I’m tremendously excited about the innovation and productivity that Internet of Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” Sen. Mark Warner said in a statement.

“This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices,” Warner added. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

Arxan Technologies VP EMEA Mark Noctor hopes that other government will also follow “While there has been useful work in the area from bodies such as ENISA in Europe, it appears that an act of law is the best way to get vendors to ensure security,” he said.

“While the focus on basic measures such as password management is a good starting point, we’d also like to see future legislation build on this to require more advanced security measures, such as using code hardening to protect a connected device’s software from being broken into and reverse engineered for malicious purposes,” Doctor said.

Security research is also provided legal protections.

“I’ve long been making the case for reforms to the outdated and overly broad Computer Fraud and Abuse Act and the Digital Millennium Copyright Act,” Sen. Ron Wyden said in a statement.

“This bill is a bipartisan, common-sense step in the right direction.”

“This bill is designed to let researchers look for critical vulnerabilities in devices purchased by the government without fear of prosecution or being dragged to court by an irritated company,” Wyden added. “Enacting this bill would also help stop botnets that take advantage of Internet-connected devices that are currently ludicrously easy prey for criminals.”

____________________________________________________________________________________________

No server, IT knowledge or training is needed as everything is included in an Alertsec subscription.

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.