data security

Kaspersky Software Banned in U.S. Government

September 19th, 2017

U.S. Acting Secretary of Homeland Security Elaine Duke issued a directive to Departments and agencies to stop using Kaspersky software in stipulated timeline citing security risks.

As per the Department of Homeland Security (DHS), “based on the information security risks presented by the use of Kaspersky products on federal information systems,” particularly since Kaspersky products generally provide broad access to files and elevated privileges on the computers on which they’re installed.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS mentioned. 

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS added.

Kapsersky replied that it has no inappropriate ties with any government, and said the DHS allegations regarding ties to Russian intelligence and other agencies are “completely unfounded.”

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” Kaspersky said. “The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”

Christopher Krebs, a senior DHS official asked Kaspersky to prove in 90 days that it do not possess any risk. “We’ve determined that [the software] poses an unacceptable amount of risk based on our assessment,” he said. “If they want to provide additional information or mitigation strategies, our door is open.”

Kaspersky Lab founder Eugene Kaspersky mentioned, “When they say we have strong ties with Russian espionage it’s not true.”

“We cooperate with many law enforcement agencies around the world — in the past with the U.S. as well,” Kaspersky added.

“U.S. government officials are pressuring software companies to implement encryption backdoors because they think it will help them catch potential terrorists,” Venafi CEO Jeff Hudson said.

“At the same time, they banned security software from a Russian company for use in the U.S. government because they are concerned about security backdoors,” Hudson added. “They want to have it both ways, which is understandable.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Cloud Security Error Affects Half a Million Voters

September 16th, 2017

Kromtech researchers recently found a misconfigured CouchDB database which affected information of 593,328 Alaskan voters.

“When the database was configured, administrators bypassed important security settings that were set to ‘public’ instead of ‘private,’ allowing anyone with an Internet connection to gain access [to] the repository,” Kromtech chief security communications officer Bob Diachenko wrote in a blog post analyzing the breach.

TargetSmart CEO Tom Bonier mentioned that the breach was due to the third party. “We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database approximately 593,000 Alaska voters appears to have been inadvertently exposed, but not accessed by anyone other than the security researchers on our team and the team that identified the exposure,” he said.

Kromtech vice president of strategic alliances Alex Kernishniuk said that system needs to be updated”This is yet another wakeup call for companies, governments, and political organizations to audit their networks, servers and storage devices and ensure they take the proper security precautions,” he said.

Kromtech also discovered another breach where it affected 3,065,805 WWE fans’ personal information and 48,000 Indian citizens’ personal data.

Dome9 co-founder and CEO Zohar Alon told eSecurity Planet by email that it’s more important than ever for companies to define strict controls and practices for the handling of sensitive data.

“Attackers are looking for two things: repositories with data of value to organizations, and weak security practices,” he said.

“As more data makes its way to the public cloud and security practices around CouchDB become more standardized and robust, attackers will shift their attention to other low-hanging fruit, and exploit commonly known security gaps such as misconfigurations,” Alon added.

“With 2017 having already set new records in terms of the magnitude of cyber attacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields,” Bitdefender Senior eThreat Analyst Bogdan Botezatu said in a statement.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

New Cyber Security Strategy – Deceiving the Deceivers

September 5th, 2017

New cyber security battle is fought in a new way. Deception is the old strategy used in business, warfare and politics. It is now implemented in IT security.

Cyber criminals are long using deception policy to gain information. Now, new generation start-ups are using the same idea to avoid them. They are confusing the attackers by masking the real system.

“The idea is to mask real high-value assets in a sea of fake attack surfaces,” said Ori Bach, VP of products and marketing at TrapX Security. “By doing so, attackers are disoriented.”

Once attackers enter the system through malicious ways, they are free to roam inside. As per the Gartner analyst Lawrence Pingree, attackers must “trust” the environment that they insert malware into.

“Deception exploits their trust and tempts the attacker toward alarms,” said Pingree. “Deception also can be used to move an attacker away from sensitive assets and focus their efforts on fake assets – burning their time and the attacker’s investment.”

The main aspect is to manage real user endpoint lures.

“Distributed deception platforms (DDP) are solutions that create faked systems (often real operating systems, but used as sacrificial machines), lures (such as fake drive maps and browser histories) and honeytokens (fake credentials) on real end-user systems to entice and mislead the attacker to faked assets in order to enhance detection and to delay their actions as they attack those decoy assets,” wrote Pingree.

Experts believe that deceptive technology must not only create honeypots but a whole system to make it real.

“Ideally, organizations can use DDP solutions to create ‘intimate threat intelligence’ and use that to enrich their other tools to enhance prevention at the network and other security defensive layers,” said Pingree.

“Since you never know where you might be attacked, the ideal deception strategy should cover as many layers of the network and as many types of assets as possible,” said Bach. “For a deception tool to be effective in an enterprise environment, it must be integrated with the infrastructure (e.g. Active Directory, the networking infrastructure) and the security ecosystem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Attack on Critical Infrastructure

September 2nd, 2017

Symantec researchers recently investigated and published findings of new cyber attacks which targeted the energy sector in Europe and North America. Attack group is known as Dragonfly which is involved in such activities since 2011.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the Symantec researchers wrote in a blog post.

Symantec cyber security researcher Eric Chien mentioned Reuters that many of companies have been targeted which few based in U.S.

“As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software,” the researchers mentioned.

Attackers were trying to gain remote access to the system.

“Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks,” the researchers wrote. “This custom malware is not available on the black market, and has not been observed being used by any other known attack groups.”

RiskVision CEO Joe Fantuzzi mentioned that there is a rise in the attack on the energy sector. “Critical infrastructure is clearly becoming more of a target for hackers as it provides access not only to sensitive information but the ability to dramatically impact and/or harm large numbers of people,” he said.

Fantuzzi added that energy sector company should do risk analysis. “Unfortunately, security defenses protecting these systems have often been neglected or routinely deprioritized, and as a result, are substandard or completely outdated, thus giving cyber criminals an easy entry into these networks,” he said.

 ___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Current State of IOT

August 30th, 2017

As per the recent reports, a list of IP addresses and login credentials for more than 8,000 telnet-accessible Internet of Things (IoT) devices was posted on Pastebin. GDI Foundation chairman Victor Gevers mentioned that out of 8,233 devices only 144 has different login credentials. He also mentioned that the common credentials are root:[blank] (782 instances), admin:admin (634), root:root (320), admin:default (21), and default:.

Varonis technical evangelist Brian Vecci told that a leak as big as this one opens the door to a wide variety of infections and exploits. “Not only do consumers need to be mindful of what they put on their network and do what they can to secure their devices, but manufacturers have an obligation to make security an essential part of the design with IoT products,” he said.

Vecci said that defaults settings is an open invitation for attackers.

“Device manufacturers need to build better security into the design of their products and services to ensure that even if a consumer doesn’t take the time to customize the device, it’s not accessible and inviting abuse,” Vecci added. “Some manufacturers, for example, are beginning to minimize the risk of devices being hacked by randomizing factory default credentials and disabling remote access by default.”

As per the recent Irdeto survey, 90 percent mentioned that the cyber security should be inbuilt in IOT devices.

“Today’s connected world needs consumers to be vigilant about security threats,” Irdeto director of IoT security Mark Hearn said in a statement. “On the device manufacturer side, there must be a better ‘defense-in-depth’ approach to cyber security that integrates multiple layers of security into a system. This approach, combined with ongoing security updates to protect against the latest threats, is critical to mitigate attacks targeting IoT technologies.”

New IoT Cybersecurity Improvement Act of 2017 was introduced in the US to tackle security issues.

“My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products,” bill co-sponsor Sen. Mark Warner said at the time.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

App Install Advertising Fraud

August 27th, 2017

The recent trend shows that there are new ways of online advertising today which aim for mobile apps install. As per the security firm DataVisor, the app installs advertising marketplace is a hot spot for regular attacks by fraudsters. This industry is of approximately $300 million per year.

DataVisor’s new “The Underworld of App Install Advertising” report mentioned that on average, premium ad networks had app install fraud rates of less one percent. Non-premium advertising network stands at five percent.

Ting-Fang Yen, Director of Research at DataVisor mentioned eSecurityPlanet that premium ad network doesn’t usually outsource or broker out their traffic to other channels. They either advertise on their own sites or only partner with reputable publishers they know, she said.

DataVisor Global Intelligence Network analyzed 140 million app installs and 11 billion user events to determine this report.

“We were surprised to see how much fraudsters are faking in-app activities and retention behavior,” Yen said.

Yen mentioned that fraudulent installs generated at least one in-app event.

“This means that fraudsters are becoming much more sophisticated. They are moving beyond just installs to go after the bigger payouts from cost-per-engagement (CPE) campaigns,” Yen said.

Yen mentioned ways to limit the risk by detecting fraud. Techniques involve the use of heuristics such as device identification, IP filtering, or click-to-install-time anomalies to distinguish fake installs from genuine users.

“Fraudsters are constantly exploring new ways to take advantage of loopholes and avoid detection,” Yen said. “This dynamic nature of fraud means that advertisers must remain vigilant and select the right partners and targeting criteria for each campaign they run.”

Advanced fraud detection solutions which can adapt to constantly changing attack patterns should be implemented.

“As fraudsters become increasingly sophisticated at faking installs, we expect more advertisers to adopt cost-per-engagement user acquisition models to avoid fraudulent traffic,” Yen said.

“Fraud is dynamic, and fraudsters are always on the look out for vulnerable points of entry,” she said. “If an ad network scrutinizes their traffic and deploys anti-fraud solutions, fraudsters will move to another channel that is less vigilant about traffic quality.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

AI to Hunt Security Threat

August 25th, 2017

Versive which is based in Seattle recently raised  $12.7 million in a round of funding from Goldman Sachs, Formation 8, Madrona Venture Group and Vulcan Capital. Total investment till date is $54.7 million.

Versive Security Engine is the firm’s products which uses artificial intelligence (AI) technologies for critical threats involving networks and the data. As per the CEO Joseph Polverari, product is “an intelligent, automated threat-hunting solution, built on Versive’s award-winning, enterprise-scale artificial intelligence platform,”

“The Versive Security Engine was developed specifically to help cyber security practitioners effectively harness the power of AI to detect, identify, and mitigate advanced adversaries in ways not previously possible,” continued Polverari.

Versive has also announced a strategic partnership with big data and machine learning specialist Cloudera. Company plans to combine Versive’s AI technology and Cloudera’s analytics and machine learning capabilities.

“Using the Cloudera platform, Apache Spot’s open-data models, and the Versive Security Engine, enterprises can detect attackers that would be unseen with other approaches,” said Sam Heywood, director of Cloudera Cybersecurity Strategy.

Venture capital has increased participation in AI based Cybersecurity firms.

Bricata raised $8 million in a Series A round. It uses AI and machine learning technologies in its intrusion detection and prevention solution.

Darktrace announced that it had raised $75 million in a Series D round of funding.

“It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”Nicole Eagan, CEO at Darktrace said.

AI-enabled risk-detection solution, San Jose, Calif.-based Balbix mentioned that it got $8.6 million in investments.

Balbix is predictive risk analytics platform which shows results in a heat map.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data Breach at Tewksbury Hospital

August 23rd, 2017

Tewksbury Hospital which is based in Massachusetts recently found out that there was unauthorized EHR access. The incident may have potentially led to a data breach.

As per the statement by a former Tewksbury Hospital patient, the electronic medical record was accessed inappropriately by an unauthorized individual.  After the investigation, a hospital found out that an employee may have accessed the data without proper justification.

It also found out that 1,000 other current and former patients information was accessed. Affected information included patient names, addresses, phone numbers, dates of birth, gender, diagnoses, and other information regarding medical treatment.

The employee has been terminated by the facility. The person no longer has access to the hospital’s HER system. Tewksbury Hospital also mentioned that there is no evidence of information misuse.

Patients are notified of the current incident. The Massachusetts Attorney General’s Office, the Massachusetts Office for Consumer Affairs and Business Regulation, and OCR are also notified.

“To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” read a statement on the Massachusetts Health and Human Services website. “We are also reassessing how we review our workforce members’ use of the electronic medical records system, and we will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”

Affected individuals are encouraged to call toll free number for any further information about the incident. They can also take following steps –

  • Request initial fraud alert
  • Order a Credit Report and review the account (look for inquiries listed on the credit report from businesses that accessed your credit without a request)
  • Request a security freeze

If you are affected by the data breach you have the right to file a police report and obtain a copy of it. Massachusetts law gives you right to obtain any police report filed in regards to the incident.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Staff Shortage for Cyber Security

August 15th, 2017

The findings of recent Tripwire survey of 108 people at Black Hat USA 2017 has below findings-

Eighty-five percent of cyber security pros mentioned that they need more people

Eighty four percent mentioned that they need new technology

Twenty-eight percent mentioned that they need vendor services

Seventy percent mentioned that hiring experienced professionals is on priority

Thirty percent mentioned that they are willing for on job training

“Tools alone can’t solve the challenges in cyber security,” Tripwire vice president Tim Erlin said in a statement. “Organizations need talented staff to drive process improvements, administer tools and push for continuous improvement.”

“If you think the answer to the problems that keep you up at night is a new cyber security tool, it’s time to reassess,” Erlin added. “Security is built on strong foundations, and the best practices need to adapt to the changing threat landscape, but the core of what’s necessary for defense remains consistent.”

As per the research firm Gartner,  information security spending will climb to $86.4 billion in 2017

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” Gartner principal research analyst Sid Deshpande mentioned in a statement.

Sid also mentioned that investing on new tech is not the complete solution “As seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said.

“Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening.”

“Cyber attacks and data breaches are on the rise and being broadcast in the media, and with it a need for more security professionals, services and tools to protect organizations,” AsTech chief security strategist Nathan Wenzler said.

“Further, if we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and towards applications and people,” Wenzler added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.