Info Security

Subscribe to Info Security  feed
Updated: 13 min 41 sec ago

Magecart Delivers Malware to 1-800-FLOWERS

Wed, 12/05/2018 - 12:32
Magecart Delivers Malware to 1-800-FLOWERS

Once again payment card data has been lifted from an e-commerce site, with the Canadian online outpost of 1-800-FLOWERS falling victim to Magecart. What’s alarming about this most recent disclose, though, is that the incident has lasted for over four years.

In its notice of breach disclosure shared with California’s attorney general, the company clarified that the incident “may have involved your payment card information used to place an order on our website, (the 'Canadian Website'). The incident did not involve orders placed on the website.”

During the course of an ongoing investigation that began on October 30, 2018, intelligence revealed that an unauthorized user had access to payment card data from cards used to make purchases on the Canadian website from August 15, 2014, to September 15, 2018, according to the notice.

Since discovering the breach, said it has taken appropriate actions to help prevent future attacks. “We have redesigned the Canadian Website and implemented additional security measures. We are also working with the payment card networks so that banks and other entities that issue payment cards can be made aware.”

Over the course of those four years, the card-skimming malware lifted full names, payment card numbers, security codes and expiration dates. While the Canadian company has not disclosed the total number of affected customers, it did disclose the breach to the California attorney general’s office, indicating that more than 500 Californians were affected. The company reported $238.5 million in its fiscal 2018 third-quarter results.

“Payment card-skimming malware continues to be a security challenge for retailers around the globe,” said Stephan Chenette, co-founder and CTO, AttackIQ. “British Airways, Newegg, Kitronik and now 1-800-FLOWERS have all been victimized by this malware this year, highlighting the need for enterprises to proactively invest in continuous security validation through automated testing if they want to detect security flaws and gaps before adversaries find them.”

Categories: Cyber Risk News

#BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018

Wed, 12/05/2018 - 12:02
#BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018

Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services.

Kaljurand said that Estonia was one of the first countries to introduce e-government, e-police and e-taxation among thousands of services, and while the attacks were “humiliating and disturbing” it enabled its resilience to be “proof tested.”

She added: “More than 10 years have passed and many things have changed and improved, but some things are as important today as in 2007. What did we learn? The importance of decision making, and having cybersecurity high on the political agenda.”

She also discussed the need for an “all nation approach” with all stakeholders involved, including civil society, industry, academia and international cooperation. “Cyber doesn’t have borders, if we want to be efficient we need to operate with others,” she argued.

Echoing comments made in the conference opening by Black Hat founder Jeff Moss, Kaljurand said that in 2004, when Estonia joined NATO, no-one was talking about cybersecurity, but in 2018, everyone is.

She went on to say that for the first time in history, a single state working alone cannot be efficiently dealing with attacks “and in a sphere where civil society is the watchdog, our responsibility is to keep exchanges secure.” The state has a role to play in preserving trust, she said.

Looking back at 2018, Kaljurand said that two things changed: the evolving state practice of attribution and increased offensive capabilities.

For attribution, she said that “too little and too late had been done by nation states,” and she called the attribution of the NotPetya to Russia by the UK a “breakthrough” as it was backed by other nations, but not by western Europe.

In terms of offensive capabilities, she said that for years it was “not OK” to talk about them, and Australia was the first to confirm it had an offensive capability in 2016, while NATO embraced the use of cyber-weaponry in the same way as land, air and sea in November 2017.

“It is a good thing that conversations take place, as whatever countermeasures taken, they have to be in correspondence with international law,” she said. “It raises many questions including private hack backs, but better to have it than have it behind closed doors.”

Kaljurand concluded by saying that it is time for nation states to form real, working partnerships, and for “cyber-giants to take responsibility and operate.”

She said: “We have the ability to contribute to the discussion more than ever before, so the initiative starts at the bottom. Take it seriously and support each other and governments will listen to us more.”

Categories: Cyber Risk News

Ukraine: We Blocked Major Russian Attack on Judiciary

Wed, 12/05/2018 - 11:25
Ukraine: We Blocked Major Russian Attack on Judiciary

The Ukrainian authorities claim to have blocked a major cyber-attack by Russia targeting the country’s judiciary.

A brief statement from the country’s security service (SBU) said the attack on the “information and telecommunications system” of the judiciary began with a phishing email.

Fake accounting documents were stuffed with malware and used as a lure for recipients to open and infect their machines, the statement continued.

“According to experts, the intention of the Russian Federation special services was to block the sustainable functioning of the judicial information system of Ukraine,” it claimed. The malware itself was designed to carry out “unauthorized interference” and information theft.

The SBU added that at least some of the malware’s command and control servers were located in Russia.

The Eastern European nation will be on high alert this year given the escalating tensions with Russia. In December 2015 and 2016, energy providers were targeted in attacks that left hundreds of thousands without power.

Russia has continued to target the country since it annexed Crimea and occupied parts of eastern Ukraine in 2014. Most famously, the destructive NotPetya and BadRabbit attacks were primarily aimed first at Ukraine, although they ended up spreading beyond its borders.

Sam Curry, chief security officer at Cybereason, argued that the “world needs to pay attention to the Ukraine” and how it is being targeted by Russia.

“The Ukraine is just far enough out of reach for Western powers, with a carefully nurtured Russian minority and from the former buffer states that the playbook is obvious,” he added. “Ukraine and any other adjacent nation in a similar position needs to be leery of attacks that soften, test, probe and seek to destabilize, because destabilization is a heartbeat away from so-called police actions, nation building and adventurism.”

Categories: Cyber Risk News

#BHEU: How Google Aurora Attacks Changed the Consciousness of Cybersecurity

Wed, 12/05/2018 - 10:56
#BHEU: How Google Aurora Attacks Changed the Consciousness of Cybersecurity

Opening the Black Hat Europe conference, founder Jeff Moss cited the 2010 attacks on Google as a point where attacks became more serious, as this enabled people in cybersecurity to “speak to a new audience.”

Looking back at 2018, Moss said that this year has felt like a new era with “new awareness.” Recalling the dot com boom and bust era, he explained that was when we put things on the internet and first began to realize the value of risk, and the rush to find security professionals “to protect before anything needed protecting.”

However, the attacks by China on Google in 2010 changed that, he claimed, saying that overnight it became acceptable to say that you had been hacked.

He added: “That enabled us to speak to a new audience, the media took us a bit more seriously and the world took us a bit more seriously, and that was really a 'before and after' event. I feel now that this is happening again on non-traditional topics.

“It feels like power and politics have entered our arena, it is not just law enforcement and organized crime, it feels like great powers are playing in our area and nation states with different agendas and different rules, are now playing in our backyard.”

Moss said that these are still our networks, but it now involves election meddling, fake news and propaganda, and social risks of giant social media platforms. These are not traditional issues for the industry to deal with “but we will be the ones being asked to fix it.”

He added that we are in a new era to provide advice and fix some of these issues, “and I think that is super exciting and super scary at the same time, but it is not like it was two years ago – there is an acceptance that we are in a new era.”

He concluded that while Google made it OK to talk about being attacked, election meddling in the US has made it OK to talk about cybersecurity and democracy, and also the harms of social media platforms.

Categories: Cyber Risk News

BEC Crime Gang Lines Up 50,000 Global Execs

Wed, 12/05/2018 - 10:26
BEC Crime Gang Lines Up 50,000 Global Execs

Researchers have uncovered what appears to be a major BEC crime gang which used commercial lead-gen services to identify 50,000 executives to target.

Dubbed 'London Blue' in a new report from Agari, the group is Nigerian in origin, with collaborators in the UK, US and Western Europe. It first came to light after making the mistake of targeting the security vendor’s own CFO.

“London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence (lead generation), sales management (assignment of leads), email marketing (semi-customized BEC attack emails), sales (the con itself, conducted with individual attention to the victim), financial operations (receiving, moving and extracting the funds), and human resources (recruiting and managing money mules),” the report explained.

“London Blue’s effectiveness depends on working with commercial data brokers to assemble lists of target victims around the world. Doing so gives it the attack volume of a mass spam campaign, but with the target-specific customization of spear-phishing attacks. By combining commercially available tools with criminal tactics, the attackers are able to deliver semi-customized attacks on companies of all sizes in countries located around the world.”

After compiling the list of 50,000 executives, 71% of which are CFOs, members of the team then carry out additional research to fill in any missing details that will help personalize the scams.

Most targets were located in the US, with others in Spain, the UK, Finland, the Netherlands and Mexico.

Interestingly, the gang itself previously focused on credential phishing and Craigslist scams before being attracted by the potentially bigger pay-out associated with BEC.

According to the FBI, scammers have made over $12.5bn from BEC attacks since 2013.

Although these scams typically don't feature malware, and are therefore harder to spot with traditional tools, security controls can be implemented to spot spoofed domains and/or use machine learning to raise the alarm if an executive's writing style appears to change.

Categories: Cyber Risk News

IoT Backbone is Riddled with Security Issues

Wed, 12/05/2018 - 10:03
IoT Backbone is Riddled with Security Issues

Two popular IoT communications protocols are riddled with vulnerabilities and systemic issues which are exposing countless global organizations to industrial espionage, targeted attacks and DoS, according to Trend Micro.

The security giant’s latest report, The Fragility of Industrial IoT’s Data Backbone, focuses on two of the most popular machine-to-machine protocols in use today: Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).

As security is not built-in to these protocols by default, they exposed 219 million messages globally in just the four months of the research period.

The report detailed how these security deficiencies leak credentials, sensitive information, and industry-related process data — which could be used to enable reconnaissance and industrial espionage.

Security problems with the design, implementation and deployment of devices using these protocols could allow attackers to remotely control endpoints, while hackers could also abuse functionality in the protocols to achieve persistent access to a target and move laterally across a network.

One flaw detailed in the report, CVE-2018-17614, was described as an out-of-bounds write that could allow an attacker to execute arbitrary code on vulnerable devices that implement an MQTT client.

Telemetry data passing over these protocols could also be “poisoned” to sabotage operations, the report warned.

There are also implications for consumers, given that MQTT is used by Facebook Messenger.

Another messaging service, Bizbox Alpha mobile, leaked 55,475 messages in four months, 18,000 of which were email messages.

Greg Young, vice-president of cybersecurity for Trend Micro, said the report should be cause for organizations to improve the security of their OT environments.

“These protocols weren’t designed with security in mind, but are found in an increasingly wide range of mission critical environments and use cases,” he added. “This represents a major cybersecurity risk. Hackers with even modest resources could exploit these design flaws and vulnerabilities to conduct reconnaissance, lateral movement, covert data theft and denial-of-service attacks.”

The report also warned that as MQTT and CoAP become more popular, hackers are likely to use it not only for DoS but as a channel for C&C and exfiltration.

Trend Micro urged security teams to remove unnecessary M2M services, check their data is not leaking through public IoT services, improve vulnerability management workflows and stay up-to-date with evolving industry standards.

Categories: Cyber Risk News

#NICEK12: Digital Detox for Cyber Awareness

Tue, 12/04/2018 - 15:36
#NICEK12: Digital Detox for Cyber Awareness

In addition to sessions on cryptography and teaching kids how to code, the 2018 NICE K12 Cybersecurity Education Conference also focused on teaching young people how to protect their identities and develop good cyber-hygiene habits to help them stay safe online. 

To that end, former private detective Melissa J. Straub, now founder and director of educational services at High Impact Youth Training Solutions Inc., said that teaching young people about cybersecurity is critical. "It only takes one picture, one video or one comment to take down a child’s reputation."

“Kids are on technology, kids are using technology and they have become so reliant on technology. That’s not to say technology is bad. It can help kids change, grow and innovate, but it can also hurt kids,” Straub said.

That’s why students of all ages need to have educators and parents engaging them in conversations about the consequences of their online behavior. An effective way to do that is to encourage students to go through a digital detox. 

“When we are learning how to drive a car, we take a test, we practice, then we earn a license. Yet we are handing kids the keys to the Wild West without any training on how to secure their information,” Straub said. 

According to Straub, more than half (54% ) of teens say life would be better without social media. Despite being touted as social networking, many social media sites have resulted in kids feeling more social isolation. As with most things in life, using technology should happen in moderation for young people. “There should be a balance of how much time kids are spending behind a screen, and if their behavior starts to change or their grades are changing, those are indicators of a problem,” Straub said. 

The most significant impacts technology is having on children is that they are engaging in or victims of cyber-bullying. Add to that the fact that they are only one click away from violence or sexual content, and it’s easy to see why kids need to learn good cyber-hygiene. 

Of equal concern to Straub is the threat of online predators. “It used to be you met someone in person, then found out the kind of person they are on social media. Now it is the other why around.”

When she talks with kids, though, they admit that they have computers in their rooms and their parents rarely – if ever – monitor what they are doing. Parents don’t know the apps kids are using, nor do they know the people their children are friends with online. 

In addition to teaching children that they don’t own their information and they do not control who sees it once it is online, Straub also warned, “Predators talk to kids in a gaming system and then pull them out into a private exchange,” which is why it’s important to engage kids in conversations about cybersecurity early and often and for parents to know what security and parental controls they should put in place. 

Categories: Cyber Risk News

Russian Ransomware Brokers Scam Victims

Tue, 12/04/2018 - 14:03
Russian Ransomware Brokers Scam Victims

Security researchers have discovered cybersecurity scammers in Russia are generating hundreds of thousands of dollars in profits by falsely claiming to be able to unlock encrypted files.

Check Point explained that one ‘IT consultancy’ named Dr Shifro is promising customers it can help them recover from ransomware like Dharma/Crisis, for which there is no known decryption key.

In reality, the firm pays the ransomware author a fee and then passes the cost on to the customer at a 75%+ margin, acting more as a broker than an IT consultancy.

Dr Shifro has been around for over two-and-a-half years and has managed 300 ransomware ‘decryptions’ for its clients.

Typically it adds an extra $1000 fee on top of whatever the cyber-criminal is charging for a decryption key, meaning the firm has been able to drive profits of at least $300,000 over the past couple of years.

Researchers believe that, from the correspondence between Dr Shifro and the ransomware creators that they were able to obtain, the former also tries to negotiate a discount from the ransomware author to further increase its margins, a spokesperson told Infosecurity.

“The first point with services like Dr. Shifro’s is ‘if it sounds too good to be true, it probably is.’ While there are legitimate IT consultancies that can help recover systems and files from a ransomware attack, they will usually not make promises they cannot keep,” the security vendor warned.

“In fact, they will usually only offer to help where decryption keys are already publicly available online, and perform decryption services for those who may be unable to do so themselves. Anyone claiming otherwise should be approached with caution.”

Check Point warned that similar scams could emerge over the coming year as a new way of making money off the back of attacks.

Although there have been reports that cryptomining malware is growing in popularity at the expense of ransomware, a recent Europol report warned that the latter was still the top malware threats facing organizations, and would remain a major risk for years to come.

More targeted variants have started to emerge of late, which are harder for firms to defend against. Two Iranians were recently indicted by the US for masterminding the SamSam attacks over the past three years, causing losses estimated at $30m in North America and the UK.

Categories: Cyber Risk News

New Head of Security Business Announced at BT

Tue, 12/04/2018 - 12:23
New Head of Security Business Announced at BT

Today, global telecommunications giant BT announced the appointment of Kevin Brown as managing director of BT Security.

Brown will succeed Mark Hughes, who is leaving BT at the end of the year. Brown will oversee the company’s physical and cybersecurity activity around the world.

Brown first joined BT in 2012, following a 20-year career in law enforcement. He has specialized in security throughout his time at BT, and in previous roles has led its global investigation and intelligence teams and driven the modernization of BT’s protection systems. In his previous role, Kevin led BT Security’s engagement with international governments, and managed its relationships with international law

BT has 3000 cybersecurity experts around the world protecting its operations across 180 countries as well as its customers’ networks. According to the firm, its global network of security operations centers protects BT against 125,000 cyber-attacks every month and provides cybersecurity solutions and services to consumers, governments and businesses.

“I’m thrilled to be leading BT’s security operations at a time when the need to protect households, business, governments and entire nation states from damaging cyber-attacks has never been greater,” Brown said.

“Our global network gives us a ringside view of the latest threats so we can anticipate and mitigate emerging attacks before they impact our business or our customers. Our expertise in securing BT’s global network is why organizations around the world trust us to protect their most critical assets. I’m really looking forward to continuing the rapid growth that BT Security has seen in recent years.”

BT also said that it plans to increase its cybersecurity headcount by 25% over the next five years “in order to develop the next generation of cybersecurity professionals and meets its growth ambition.”

Categories: Cyber Risk News

Researchers Find First Major Kubernetes Flaw

Tue, 12/04/2018 - 10:22
Researchers Find First Major Kubernetes Flaw

Security researchers have patched a critical security flaw in popular container orchestration tool Kubernetes which could allow third parties to remotely control targeted systems.

Organizations running previous versions were urgently requested to upgrade to Kubernetes v1.10.11v1.11.5, and v1.12.3. The issue will also be addressed in the upcoming v1.13.0 release, according to Google staff software engineer, Jordan Liggitt.

“This vulnerability allows specially crafted requests to establish a connection through the Kubernetes API server to backend servers (such as aggregated API servers and kubelets), then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection,” he explained.

CVE-2018-1002105 is a privilege escalation flaw allowing an attacker to gain full admin privileges on any computer node run in a Kubernetes cluster. As such, it’s been give a CVSS score of 9.8.

“This is a big deal,” warned Red Hat cloud platforms lead, Ashesh Badani. “Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

All the firm’s Kubernetes-based products are affected: Red Hat OpenShift Container Platform, Red Hat OpenShift Online and Red Hat OpenShift Dedicated.

However, Badani used the opportunity to promote enterprise-grade open source products, which he claimed offer greater contextualized support for organizations in these situations.

This is the first major bug discovered in the popular container orchestration platform, and is likely to be exploited in the wild given the growing popularity of microservices among DevOps teams.

According to one firm, 44% of companies plan to replace some of their virtual machines (VMs) with containers, while the vast majority (71%) said they’ve already deployed containers on a VM.

Categories: Cyber Risk News

Quora Breach Hits 100 Million Users

Tue, 12/04/2018 - 09:40
Quora Breach Hits 100 Million Users

Quora has become the latest big-name tech firm to suffer a major data breach, after revealing that personal information on 100 million users may have been compromised.

The question-and-answer website said it discovered unauthorized access by a malicious third party on Friday, and is currently investigating the exact cause of the incident in concert with a digital forensics firm and law enforcement.

The potentially compromised information includes account info such as names, email addresses and encrypted passwords, as well as data imported by users from linked networks.

Other data that may have been breached includes public content and actions — like questions, answers, comments and upvotes — and non-public content like answer requests, downvotes and direct messages.

“Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content,” the firm clarified.

“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.”

All affected users have been logged out, with a forced password reset for those who chose this as their authentication method.

SecureAuth chief security architect, Stephen Cox, suggested that stolen credentials may have been behind the breach.

“More focus needs to be put on advanced authentication techniques to improve organizations’ security posture in this threat landscape,” he added. “Far too many organizations are relying on approaches that have simply been proven ineffective against modern attackers, and they must be careful to not develop a false sense of security even when they’ve adopted basic techniques such as two-factor authentication.”

Although the personal data compromised in this incident appears to be fairly limited, and Quora had at least hashed passwords with a salt that varies for each user, the incident could still lead to a deluge of phishing attempts on users.

Categories: Cyber Risk News

#NICEK12: Hands-On Resources from the Field

Tue, 12/04/2018 - 03:09
#NICEK12: Hands-On Resources from the Field

In addition to the five conference tracks at the 2018 NICE K12 Cybersecurity Education Conference going on in San Antonio, Texas, attendees were also able to engage in hands-on learning at drop-in sessions during which exhibitors were able to share resources they have used with some success to help advance cybersecurity in the K-12 sector. 

In one session, two teachers from North Carolina showcased the progress they have made in educating kids about cybersecurity.

In their presentation, “Bytes for Breakfast - A Small Rural High School’s Answer to Getting Students Excited About Coding and Cybersecurity,” teachers Renee Himmelspach and Amanda Campbell from South Stokes High School in North Carolina said that the name of their club came from the fact that the group meets before school.

The Bytes for Breakfast club, which is in its first year, meets twice a month before the school day begins for students to explore coding using the two Raspberry Pi’s and iPad Pros that were donated to the group. The group also meets once a month after school for an extended period of time.

Credit: South Stokes High School

With as much enthusiasm as Himmelspach and Campbell displayed, Robert Black, CEO and founder of Start Engineering, showcased the Cybersecurity Career Guide, a book designed for classrooms, camps and other outreach programs to introduce students to the myriad career paths available in the field of cybersecurity. 

Credit: Start Engineering

In partnering with Palo Alto Networks, Start Engineering was able to produce the 52-page, magazine-style book that includes a description of different job types, as well as the required education and the likely salary candidates would earn for each position.

Designed for middle and high school students, the publication was released in April and will be updated every two years as job descriptions and technology evolves.

Categories: Cyber Risk News

#NICEK12: Creating a Paradigm Shift in Cyber

Tue, 12/04/2018 - 02:44
#NICEK12: Creating a Paradigm Shift in Cyber

At the 2018 NICE K12 Cybersecurity Education Conference in San Antonio, Texas, industry leaders spoke about promoting cyber awareness by educating kids so that they can in turn educate their parents and move the needle on protecting privacy in our interconnected world. 

In his presentation, “The Thief Is One Hundred Years Ahead of the Locksmith,” Ronald Malden, chief learning officer, Regal Business Opportunities Inc., offered a strategic plan for the national initiative of accelerating cybersecurity learning and skills development in a diverse user community.

Because criminals are able to remain one step ahead of whatever lock defenders invent, education is far more useful than inventing new defenses. 

“In this day and age, we have to educate the children if we are ever to achieve cyber awareness across a diverse workforce environment. In today’s current cyber environment, when I focus on general education, I’m actually focused on what we need to accomplish in K-12 in order to educate the entire society,” Malden said.  

So how do we become more cyber aware? According to Malden, approaching cyber in general education from a K-12 perspective includes both technical and nontechnical content because computing communication is occurring when you wake up and does not stop when you sleep. “We need to educate cyber knowledge across the life spectrum as well as teach it in small doses in diverse general education, which includes teaching cyber in physics, law and philosophy.”

To be successful in that endeavor, it’s important to target the audience messenger, or the trusted person, providing educators with an approach that tells them how to educate the population in general.

“Students should be graduating cyber certified so that they understand penetration detection, intrusion detection and what it means to be cyber aware so they are not the victim,” Malden said. “A cyber-hacker is looking for money. If you are no longer the low-hanging fruit, then you have less of a loss.”

The industry needs to develop a paradigm shift that delivers us from defensive to offensive education. To achieve that, Malden said we must address the education of all individuals and increase involvement in cyber education by integrating cyber domain concepts as organization ethos or curriculum in K-12 education.

Categories: Cyber Risk News

#NICEK12: Increasing Cyber Career Awareness

Mon, 12/03/2018 - 16:13
#NICEK12: Increasing Cyber Career Awareness

With a packed schedule of over 100 sessions across five tracks, the 2018 NICE K12 Cybersecurity Education Conference endeavored to deliver a wide array of strategies and tactics to enable educators and public schools to enhance their understanding of how to engage students in cybersecurity. 

The five tracks included increasing cybersecurity career awareness, infusing cybersecurity across the educational portfolio, integrating innovative cybersecurity educational approaches, designing cybersecurity academic and career pathways and promoting cyber awareness. 

In talking about innovative ways to introduce students to career paths they may not even know exist, Benjamin Galynker, director of content, Hats & Ladders, spoke about how to go “From Overwhelmed or Slacking to Ethical Hacking.” 

It’s no mystery why the skills gap continues to grow despite industry demand. “The problem we face is understanding how to raise young people’s awareness of career options that their parents might not know about,” Galynker said. 

When it comes to cybersecurity, most people think it’s not for them or more likely that it couldn’t be for them, which is why awareness matters. Society works best when young people pursue careers that they are confident will allow them to succeed in their futures, Galynker said.

There are some missing links, though, between awareness and "what should I do next," which is where educators and schools play a key role. Hats & Ladders is one way to make educators aware of the industry’s efforts to create platforms that will help engage students. 

The organization is intended to connect educators and mentors, industry partners, colleges and community programs to help students begin to understand the career opportunities available to them through online learning, as well as helping educators incorporate into their curriculum more hands-on DIY activities, field trips and observations, internships, apprenticeships and scholarships.

Part of the effort is to help educators understand the root sources. To that end, Hats & Ladders developed a free platform to fill in those missing links, taking students from curiosity to interest, engagement and motivation. 

Often, youth will rely on their own knowledge without realizing what they don’t know. They think they know what they want to do, but they don’t have a second or third choice, nor do they understand the career assets they might have and how they can use those assets to pivot into potential cybersecurity careers. 

“Youth don’t have a lot of career development counseling,” Galynker. “[For] every 437 high school students, there is only one high school counselor, making parents the single largest influence on young people’s careers.”

Categories: Cyber Risk News

#NICEK12: Young Women Are Making Cyber Waves

Mon, 12/03/2018 - 15:19
#NICEK12: Young Women Are Making Cyber Waves

In a pre-conference workshop, 2018 NICE K12 Cybersecuirty Education Conference sponsor IBM offered #CyberDay4Girls, in which girls in 6th–9th grade met at Sam Houston High School to learn about protecting their online identity and the internet of things and to meet female role models studying and working in cybersecurity. 

Part of the goal is shifting the perspective and teaching girls to be brave, not perfect, said Kyla Guru, a high school junior from Illinois and founder of Bits N’ Bytes Cybesecurity Education (BNBCE) in her keynote address.

Guru first thanked the audience for involving her in the dialogue about what she called our "state of cyber-insecurity." “What is the current state?” Guru asked. “An expected 1.8 million cybersecurity jobs that will be unfilled by 2022. In 2017, the education sector alone accounted for 13% of breaches, which amounts to the compromise of around 32 million records. In addition, we are expected to lose $8 million by 2022.”

Her goal is to make sure that we all understand the monetary loss that will happen because of cyber-attacks so that rather than lose that money, we can try to save that money for future generations to invest in saving the future.

“We are making waves,” Guru said, “and that calls for some sort of applause. We need some recognition for the progress we have made so that we can get excited about the work that still needs to be done.”

In explaining her vision, Guru explained why she came to create BNBCE. The idea came to her when thinking about the requirement that she and her fellow students had to sign the student science lab safety contract every year. After seven years, she had the contract memorized.  

“I know that after you get chemicals in your eyes, you have to wash your eyes out for 20 minutes at the wash station. Those have been made second nature because of the emphasis that teachers have put on it. So I started to think, ‘What if we could make something like this for cybersecurity?’ because that is the power of education.”

Recognizing that the digital internet is the new playground for young people, Guru said she realized that her peers didn’t have security as a second nature to them. “I set out to create a five-minute animated video for my former elementary school, but after I made the video, I realized that the problem couldn’t be solved by one video sent to one school down the street from my house. This mission was so much bigger than this one school.”

From there, Guru created the national nonprofit that started with youth. Why? “It is incredible impressive and slightly concerning how much we use technology. Also, young people are going to build technology. Shouldn’t they know how to deal with and manage the situations that will come along with that technology?” she said.

In the past 24 months, the nonprofit has grown to include 26 partners. BNBCE has written 40 articles on its blog and hosted more than 35 workshops, amounting to an outreach that has connected with 15,722 students.

Categories: Cyber Risk News

#NICEK12: San Antonio Aims to Become Cyber City, USA

Mon, 12/03/2018 - 14:45
#NICEK12: San Antonio Aims to Become Cyber City, USA

The 2018 NICE K12 Cybersecurity Education Conference kicked off this morning in San Antonio, Texas, with opening remarks from Ron Niremberg, mayor of San Antonio. 

The National Initiative for Cybersecurity Education (NICE) is part of the National Institute of Standards and Technology (NIST) and aims to deliver quality professional development focused on strategies that will inspire awareness about cybersecurity preparedness for young people while also inspiring them to explore the myriad careers within the industry. 

“I can’t think of a more important educational initiative,” said Niremberg. “The city’s cyber roots go almost as far back as our military history. Today San Antonio is second only to Washington, D.C., in terms of cybersecurity assets.”

Over the past few years, the US Cyber Command has brought more than 1,000 new jobs to San Antonio, resulting in hundreds of millions of dollars of economic impact. In addition to the robust cybersecurity industry, the city boasts over a dozen colleges and universities with cybersecurity programs.

Advancements continue to be made. According to the mayor, in the last two months, San Antonio has had two very exciting announcements related to work in cyber. First, the University of Texas–San Antonio (UTSA) announced a significant investment in its AI and data science national security collaboration center. With a $33 million investment, UTSA will be expanding its downtown campus by developing a National Security Collaboration Center (NSCC) and a School of Data Science.

Second, Texas A&M was invited to join Facebook’s cybersecurity university program. Together, Facebook and Texas A&M–San Antonio have opened a $63 million science and technology building. 

The collective investments are an indication that “San Antonio leadership gets it. Cybersecurity is an extraordinary priority for us,” Niremberg said. 

“We know our community needs to continue to fund innovation and continue to invest in our future workforce, as we continue to build what we call Cyber City, USA. The work you are doing is critical for all.” 

Categories: Cyber Risk News

Reported Cybercrime Jumps 14% in England

Mon, 12/03/2018 - 11:10
Reported Cybercrime Jumps 14% in England

There has been an increase in the volume of cybercrime incidents reported to English police of 14% over the past two financial years, according to a new report.

Think tank Parliament Street filed Freedom of Information (FOI) requests with the country’s police forces, asking for a breakdown of Computer Misuse Act crimes which involve hacking, smart devices and/or connected devices.

Although it received back a full set of answers from just 14 out of a possible 39 forces, the findings could be viewed as illustrative of broader trends.

The total number of cybercrimes over the two-year period was 2547, rising from 1193 in 2016/17 to 1354 in 2017/18.

Of those appraised, Cleveland Police reported the most cases in 2017/18 with 356, followed by West Midlands (329) and Nottinghamshire Police (246).

The latter two also reported the biggest increases from the previous year, of 19% and 21% respectively.

However, interestingly, London’s Metropolitan Police reported a drop in cybercrime cases, from just 77 in 2016/17 to 49 in 2017/18.

Anecdotally, unauthorized access of email and social media accounts to obtain and distribute personal photos figured strongly in cases. On the corporate side, the report also highlights ransomware as a common factor in cases.

“It’s clear that the tidal wave of cybercrime is draining the resources of police forces as well as businesses. Tackling this problem requires a concerted effort to recruit staff equipped with the latest cyber skills as well as extending education and training opportunities to existing employees,” argued Sheila Flavell, chair of the Institute of Coding.

“As part of this effort, it’s vital that industry works more closely with academic institutions, to develop specialist flexible courses, so that skills within workforces increase dramatically.”  

The report itself calls for mandatory cyber training for all new police recruits in line with nationally recognized standards; more help from tech and social media companies to train officers; and an increase in STEM-qualified officers.

“As well as working closely with universities and training colleges, industry organizations should also offer placement years and consultancy to ensure that police forces are fully equipped to deal with this threat,” it advised.

The tech sector is stepping up to a certain extent: last week Cisco announced it would be providing free access to its Cisco Networking Academy to help train 120,000 officers.

Categories: Cyber Risk News

Kaspersky Lab's US Ban Appeal Thrown Out

Mon, 12/03/2018 - 10:22
Kaspersky Lab's US Ban Appeal Thrown Out

Eugene Kaspersky has vowed that his firm will continue its mission to protect global organizations after a US court threw out its appeal to have a ban on federal use of its products overturned.

On Friday, a US Court of Appeals for the District of Colombia Circuit upheld a district court ruling that the September 2017 Binding Operative Directive (BOD 17-01) and the Congressional National Defense Authorization Act (NDAA) do not violate the constitution.

Kaspersky Lab had argued in court that they violate the Fifth Amendment by interfering with due process.

Russian intelligence is said to have used Kaspersky Lab products to spy on top secret US government programs, but the firm has always denied any collusion.

Kaspersky himself was sanguine about the outcome.

“The DC Circuit Court’s decision is disappointing, but the events of the past year that culminated in this decision were almost expected, and not just by our company, but by the cybersecurity industry in general,” he wrote in a blog post.

“We’re sure that the issues involved in our litigation go far beyond technical aspects of US constitutional law; they include real-world problems concerning everyone: a progression of protectionism and balkanization in a world of understated cyber-rivalry and highly sophisticated international cyber threats.”

The Moscow-headquartered firm had launched a Global Transparency Initiative in an attempt to restore trust with customers. This includes three new Transparency Centers in the US, APAC and Europe, where trusted partners can access reviews of the company’s code, software updates, threat detection rules and more.

The first such center was recently opened in Switzerland.

“We’re addressing customers’ concerns by ensuring that our own operations are transparent and trustworthy with a respected firm auditing our engineering practices and secure development processes,” explained Kaspersky.

“We constantly aim to be a part of the solution as the cyber threat landscape evolves. Regardless of whether we decide to pursue further legal action in response to today’s decision from the DC Circuit Court, we’ll remain committed to providing the best cybersecurity solutions for our customers globally and saving the world from cyber threats.”

Categories: Cyber Risk News

Southeby’s Site Infected with Magecart for Over a Year

Mon, 12/03/2018 - 09:40
Southeby’s Site Infected with Magecart for Over a Year

Sotheby’s has become the latest big-name brand to have its website infected with digital skimming code.

The venerable British auction house revealed on Friday that its New York-based e-commerce marketplace Sotheby’s Home, known formerly as Viyet, was affected.

According to the statement, the firm discovered and “promptly removed” on October 10 malicious code inserted onto the site by a malicious third party. However, it had been there since “at least” March 2017, meaning countless customers could have been affected over the 19 month-period.

In fact, it could be even longer. Sotheby’s admitted: “we cannot be certain as to when the website was first victimized by this attack.”

“The code was designed to target the data you entered into the payment information form on the Sotheby’s Home website,” it added. “This information would include your name, address, email address and payment card number, expiration date, and CVV code.”

The incident would seem to indicate that the group behind this scheme infected the site directly, in a similar way to skimming attacks on British Airways and Newegg sites, rather than via a third-party supplier, as happened to Ticketmaster.

Given that it has taken nearly two months for the auctioneer to come clean about the incident, it could be in trouble with European GDPR regulators if any EU citizens’ data has been swiped — although that’s unlikely given the site is designed for only US customers.

However, it could be too late for many of those affected. RiskIQ claimed recently that British Airways and Newegg customers’ credit card details went up for sale on the dark web little more than a week after they were skimmed from the respective sites.

Several groups are thought to be actively using the code around the world, with recent revelations that one is even attempting to sabotage the activities of another in order to maximize its profits.

Categories: Cyber Risk News