Info Security

Subscribe to Info Security  feed
Updated: 49 min 46 sec ago

#Infosec18 Cybersecurity can Enable Businesses to be more Agile

Tue, 06/05/2018 - 12:40
#Infosec18 Cybersecurity can Enable Businesses to be more Agile

Cybersecurity can be an enabler of digital transformation, if an agile environment works for you.

Speaking in the keynote session “Security at the Speed of Business: Supporting Digital Transformation with Cybersecurity” at Infosecurity Europe 2018, a panel of experts considered the impact of digital transformation and how to enable secure agility into your organization.

Moderator Maxine Holt, research director at Ovum, asked the panel how delivery at pace can be supported. Lee Barney, head of information security at M&S, said that his company had adopted an agile methodology, and this was appropriate for a company who were going through a change in customer demographic and in-store experiences.

“Where cybersecurity comes in is not on top or an addition, and those who succeed will be those who bake in cybersecurity,” he said.

John Meakin, CISO at GSK, said that the lesson for the security team is to “be confident and work out how the cycle works for you,” and determine what the risk is for you and be confident in doing that. He said that there is no point in trying to work security into agility “if you have got to think about it for a week or an hour, you have got to be there and be confident” in the decisions you make.

Asked by Holt how to encourage employees and partners to change their security behavior so it is at the front of their mind, Graeme Hackland, CIO of Williams Grand Prix Engineering, said that the best way for his company was to “put people at the heart of your security” as they are protecting your reputation and it is your work to protect them.

Looking at how to implement an agile and DevOps environment, Hackland acknowledged that some developers see “adding security by design as slowing down,” while Barney said that agile and DevOps were “one and the same thing, and it is not an ‘or’ but an ‘and’.”

Barney said: “When you understand agility, you understand what to do with it.”

In an audience poll of 150 people, 59% said that cybersecurity was an enabler and a hindrance of digital transformation projects, while 31% said it was an enabler and seven percent said it was a hindrance.

Meakin said that good agile and DevOps is about enabling developers, and trusting them “as they will deliver security.”

“You cannot do digital transformation without security, it is a critical part of it,” Meakin said.

Categories: Cyber Risk News

#Infosec18: Infosec Pros Must “Get Their Hands Dirty” with Quantum Computing

Tue, 06/05/2018 - 12:13
#Infosec18: Infosec Pros Must “Get Their Hands Dirty” with Quantum Computing

Quantum computing could unlock innovation and advance the human race in virtually all industries, but the information security community must act now to ensure it doesn’t expose them to greater risk, a leading CISO has argued.

Jaya Baloo, CISO at Dutch telecoms firm KPN, told attendees at Infosecurity Europe 2018 that quantum computing offers organizations a potentially exponential scalability when it comes to speed and computing power.

However, this “quantum speed-up” poses serious risks to traditional cryptography, in that a current problem that would take “the lifetime of the universe” to solve could end up taking just a few seconds.

With quantum computers potentially emerging in the next 10-20 years, information security professionals must act now, Baloo argued.

“You need to ask yourself which threat model do you have and how long do you have to keep it safe?” she added. “I need us all as an information security community to get our hands dirty now.”

Those organizations that need to secure data over an entire customers lifetime could have a problem if they don’t prepare for the possibility that the crypto they use to secure it now may be effectively obsolete in a couple of decades, Baloo claimed.

What’s more, governments around the world including the US National Security Agency (NSA) are hoovering up encrypted communications with a “capture now, decrypt later” strategy which could see old state and trade secrets fall into the wrong hands in time.

As it currently stands, security pros could extend the lifetime of AES-256 encryption through the quantum computing era by increasing the key size, while SHA-256 and SHA-3 could still work securely with a larger output, claimed Baloo.

However, RSA, DSA, ECDSA and ECDH standards would no longer be effective, she warned.

Quantum computing could offer advances in everything from earlier detection of cancer to MRI scanning and even metrology.

Categories: Cyber Risk News

#Infosec18: Security Pros Must “Speak Truth to Power”

Tue, 06/05/2018 - 11:25
#Infosec18: Security Pros Must “Speak Truth to Power”

Security leaders must “speak truth to power” more often to succeed in the boardroom, although the board needs to listen better and ask more questions related to risk, according to baroness Harding.

The former TalkTalk CEO spoke to attendees at the opening keynote of Infosecurity Europe 2018 in London this morning about her experiences in charge during the infamous breach at the UK telco.

She urged introverted security professionals to be “brave and honest” rather than “hide and be heroic” in their dealings with the board – on everything from skills shortages to incident response.

She also had strong words for board leaders everywhere, claiming “no one is asking the right questions” when faced with their organizations’ security experts.

“The vast majority of boards want to abdicate responsibility by asking their security professionals ‘are we ok?’,” she argued.

CISOs should resist such questions, or steer them towards discussions around risk, Harding urged.

For those organizations in which security and business leaders both make an effort to “lean in” to better understand each other, there are potentially great rewards.

“That’s when you do brilliant product development,” argued Harding. “The danger with cybersecurity is that it becomes taboo. I’m willing to talk about [what happened] because if we make it a taboo the bad guys have won.”

Among the most crucial areas for security leaders to focus on is advising board members on the importance of decommissioning old pieces of the IT infrastructure that could be increasing their cyber-risk, she said.

It was a legacy website which ended up costing TalkTalk dear as it suffered an SQL injection attack which resulted in a breach affecting over 100,000 customers.

Despite conducting thorough pen testing the firm’s security team did not find the vulnerability “although we should have done,” said Harding.

She also expressed regret at not having disclosed the incident to customers sooner, despite commentators at the time arguing that the firm’s confusing media statements ended up doing more harm than good.

The Met Police wanted the firm to delay its announcement to see if they could get their hands on the suspects, she said.

Categories: Cyber Risk News

#Infosec18: Stealthier Attacks are Blurring the Lines Between Cybercrime & Statecraft

Tue, 06/05/2018 - 10:19
#Infosec18: Stealthier Attacks are Blurring the Lines Between Cybercrime & Statecraft

Speaking at Infosecurity Europe 2018 in London George Kurtz, CEO and co-founder of CrowdStrike, reflected on the current global threat landscape and latest cyber-trends.

Kurtz explained that some of the most advanced tactics, techniques and procedures commonly used by nation state actors are finding their way into mainstream online criminality, enhancing the challenges companies are facing to keep their data secure.

“Today’s threat landscape looks blurry,” he said, with significant changes in adversary types, attack methods and geography all playing a part. “Launching cyber-attacks has never been easier” for adversaries who are adopting and commoditizing more and more sophisticated techniques traditionally used by governments and the military, he added.

The speed of attacks is also a factor having a big impact, with Kurtz stating that the average time for an intruder to begin moving laterally to other systems on a network is now just one hour and 58 minutes, so “speed is everything.”

With regards to the best practice strategies organizations should implement to defend against increasingly sophisticated attacks, Kurtz pointed out that traditional security is based on a castle-like “defense in depth” approach which is, in today’s landscape, indefensible, as eventually the castle will be overrun.

Instead, he advocated a new approach of “defense in breadth”, using breadth of platform and breadth of protection.

Breadth of platform must “provide all of the elements of an advanced, adaptive and truly integrated security architecture,” whilst breadth of protection must “give all organizations access to equal protection against all threats from the most common to the most advanced, 24 hours a day, 365 days a year.”

Categories: Cyber Risk News

#Infosec18: Regulation is Top Driver of Cybersecurity, Now & in the Future

Tue, 06/05/2018 - 08:05
#Infosec18: Regulation is Top Driver of Cybersecurity, Now & in the Future

Infosecurity has released the findings of a recent survey of senior industry professionals to determine the key trends that are currently driving cybersecurity spending and behaviors, and what factors will drive it in the next five years.

Launched today at Infosecurity Europe 2018, the State of Cybersecurity Report written by Infosecurity contributing editor Dan Raywood, revealed 46% of the 32 CISO and analyst respondents polled considered GDPR and regulations to be the main driving force behind cybersecurity at the moment. In second place was the expanding threat landscape and evolving attacks (34%) and in third was greater board level recognition of cybersecurity as a business risk (21%). Use of the cloud (21%) and selling via FUD/panic (18%) completed the top five.

“The GDPR is putting mitigation technologies such as encryption, tokenization and anything under the banner of anonymization/pseudonymization very firmly into public consciousness,” and will drive innovations in the tech and governance spaces, said consultant Neira Jones.

For Raef Meeuwisse, author of Cybersecurity for Beginners, the rapid evolution of the cyber-threat landscape was “without doubt the main driver for change” in the information security sector, with Scott Crawford, research director of the information security practice at 451 Research, adding that defenders are forced to make the best of limited resources to secure the entire attacks surface. “How they make those decisions has been a key driver in everything from risk management to the embrace of modern analytics to better recognize and respond to threats,” he explained.

With regards to greater awareness of cybersecurity as a business risk, Dr Jessica Barker, co-founder of Redacted Firm, said the issue is increasingly in front of boards “who want the [security] team to tell them what they are doing,” so that management are aware of how the business is affected. However, Andy Samsonoff, CEO of invinsec, warned that “IT security is still seen as a niche or largely technical activity,” arguing that businesses that take this approach put themselves at greater risk of security and data breaches.

Looking to future and the factors that will drive cybersecurity over the next five years, GDPR and regulations still came out on top (34% of respondents), with greater use of cloud platforms (34%), adoption of AI and automation technologies (28%) and increased creativity of attacks (28%) also proving popular.

To conclude, respondents were asked if they thought the cybersecurity industry was in a good place. Of the pros surveyed, 27 answered with 20 undecided on a ‘yes and no’ viewpoint, four answered positively and three said it was not in a good place.

Dan Raywood, contributing editor, Infosecurity, will be presenting an overview of the research findings on Thursday June 7 at 12.45 pm in the Talking Tactics theatre at Infosecurity Europe.

You can download and read the report in full here

Categories: Cyber Risk News

Qualys Expand Military Presence with Acquisition

Mon, 06/04/2018 - 15:07
Qualys Expand Military Presence with Acquisition

Qualys has announced its intent to acquire Second Front Systems, expanding its market presence in building and delivering cybersecurity solutions for the US federal government.

“This acquisition would enable us to strengthen our federal division and expand the reach of the Qualys Gov Platform to various government sectors including military and defense,” said Philippe Courtot, chairman and CEO, Qualys.

Second Front Systems sources cutting-edge solutions in cybersecurity and advanced intelligence analytics, and delivers these solutions by working to engage the appropriate government stakeholders and modifying technology platforms to address mission requirements. 

Courtot said: “The Second Front team has significant expertise helping federal agencies build state-of the-art cybersecurity solutions as they embark on their digitization efforts. We hope to welcome the entire team to our federal division.”

The transaction is expected to close in either in Q3 or Q4 of this year.

The announcement came on the same day as Microsoft announced that it had reached an agreement to acquire software development platform GitHub for $7.5bn.

Together, the two companies will empower developers to achieve more at every stage of the development lifecycle, accelerate enterprise use of GitHub and bring Microsoft’s developer tools and services to new audiences.

“Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation,” said Satya Nadella, CEO, Microsoft. “We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world’s most pressing challenges.”

Microsoft corporate vice-president Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub’s current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to executive vice-president Scott Guthrie, to work on strategic software initiatives.

“I’m extremely proud of what GitHub and our community have accomplished over the past decade, and I can’t wait to see what lies ahead. The future of software development is bright, and I’m thrilled to be joining forces with Microsoft to help make it a reality,” Wanstrath said.

“Their focus on developers lines up perfectly with our own, and their scale, tools and global cloud will play a huge role in making GitHub even more valuable for developers everywhere."

Categories: Cyber Risk News

FIFA Host Cities Tackle Wi-Fi Problems

Mon, 06/04/2018 - 14:51
FIFA Host Cities Tackle Wi-Fi Problems

As football fans gear up for the 2018 FIFA World Cup, which is being held in Russia, fraudsters are trying to score on scams while host cities are struggling to secure reliable Wi-Fi access points. According to Kaspersky Lab, more than 20%of Wi-Fi hotspots in FIFA World Cup host cities have cybersecurity issues, which could result in a winning goal for cybercriminals.

Out of the approximately 32,000 public Wi-Fi networks in these host cities, 7,176 do not use traffic encryption. According to the research, Saransk, ranked the safest city in terms of its public Wi-Fi, reportedly has 72% of all access points secured with WPA/WPA2 protocol encryption. "The top-three cities with the highest proportion of unsecured connections are Saint Petersburg (48% of Wi-Fi access points are unsecured), Kaliningrad (47%) and Rostov (44%)."

Still, networks secured with WPA2 are not impenetrable, particularly when it comes to brute-force attacks. Attackers can also attempt to intercept traffic from WPA Wi-Fi in public access points at the beginning of the session by penetrating the gap between the device and the access point.

Kaspersky Lab recommended that users avoid becoming a cybercriminal target by enabling the “Always use a secure connection” (HTTPS) option in their device settings. "Enabling this option is recommended when visiting any websites you think may lack the necessary protection."

Additionally, on 28 May Kaspersky Lab identified phishing emails offering users the chance to purchase "guest" tickets to the FIFA World Cup – but at 10 times more than the original price. While the tickets are unusable, fraudsters are taking the money and collecting users’ private data, including payment information, to steal more funds in a twofold monetization scam.

Criminals leverage these much-anticipated global events, making it a challenge for consumers and security defenders to keep pace with attackers. Events like the World Cup present incredible opportunities for cybercriminals to secure financial rewards. "Email infection, fake betting websites and traditional phishing attacks are all expected to have their day in the sun this summer," said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber and information security and risk management.

While there may be legitimate reasons a person might send an unsolicited email, Ajay Menendez, executive director, HUNT analyst program at SecureSet, said, "Malicious actors try to get in contact with you, to infect and compromise your computer for criminal profit. In this age of 'fake news' and cybercrime, it is important for individuals to be cautious, not only for yourselves personally but the organizations we work for and are associated with."

Categories: Cyber Risk News

Members of CEO Fraud Ring Arrested

Mon, 06/04/2018 - 14:03
Members of CEO Fraud Ring Arrested

An investigation that has been under way for two years has culminated in the arrest of the masterminds behind a ring of criminals who have been impersonating CEOs for financial gain. Working collaboratively, authorities in France, Belgium, Romania, and Israel have successfully taken down an organized crime group.

Europol announced today that "on 28 May the French National Gendarmerie - Section de Recherches of Bordeaux, supported by the Israeli authorities and Europol, arrested the main suspects of an organised crime group behind a total of 24 cases if CEO fraud across Europe to the detriment of Belgian and French-based commercial companies, causing more than EUR 18 million worth of damage."

The latest arrests are part of what has been an ongoing investigation that was initiated in 2016 when two French companies reported that they had been victims of CEO fraud that resulted in a €1.2 million loss. Throughout previous stages of the ongoing actions, Belgian and French law enforcement had arrested seven individuals that were a part of the large-scale CEO fraud operation.

"The continued investigative efforts made by the French investigators, along with the substantial information exchange and analysis, allowed them to identify and locate four individuals operating from Israel considered to be the masterminds of the busted criminal ring," Europol wrote.

"The French National Gendarmerie, with support from the Israeli Lahav 433 Unit, participated in four house searches and arrests in different locations in Israel." At that time, authorities also seized computers, phones and financial information from the criminals.

The group has had success in stealing the identities of CEOs largely through business email compromise, a highly sophisticated social engineering tactic attackers used to impersonate executives.

Europol deputy executive director of operations, Wil Gemert said, "Incidents of CEO fraud (where the impersonation of CEOs is a key part of the modus operandi) have increased significantly in recent years and we are now at a point where EU-based companies are being swindled out of hundreds of million euros every year. Since the fraudsters often operate from outside the EU, it is only with internationally coordinated operations and a strong focus on asset recovery that we can achieve meaningful successes in the fight against this crime."

Categories: Cyber Risk News

Technology Makes Employees Happier

Mon, 06/04/2018 - 13:30
Technology Makes Employees Happier

An additional benefit of automation in today's digital enterprise is that employees are reportedly happier in their work. According to a report released today by HPE Aruba, employees around the world feel more positive about their futures if they are working in a digital environment.

The study, The Right Technologies Unlock the Potential of the Digital Workplace, which collected feedback from 7,000 global employees, found that technology at work makes people more productive and more positive. The study distinguishes two groups: The "digital revolutionaries" are those who work in fully enabled digital workplaces where new technologies are in widespread use. The "digital laggards" are employees whose workplaces afford them less access to technology.

Of the digital revolutionaries, 51% of respondents were more likely to report high job satisfaction, with an additional 72% of employees reporting an elevated ability to adopt new work-related skills. 

Digital technology has sparked professional growth for 65% of revolutionary respondents, which is double the amount of professional development reported of non-technology users. Only 31% of the laggards said that technology supports their professional development. A large majority (69%) of UK employees would like to see fully automated equipment brought into the workplace. Nearly all UK employees (92%) said that the workplace would be improved through greater use of technology.

“No matter the industry, we’re seeing a move toward human-centric places as enterprises strive to meet rapidly changing expectations of how people want to work,” said Joseph White, director of workplace strategy, design and management, Herman Miller, in a press release. “This depends upon combining advances in technology – which includes furnishings – with the cognitive sciences to help people engage with work in new ways. This will not only mean singular, premium experiences for individuals, but also the opportunity for organizations to attract and retain the best talent.”

However, the study also revealed that cybersecurity is a challenge for UK employers when looking to implement a digital workplace. UK employees reported lower-than-average levels of cybersecurity awareness, which could lead to greater security risks if workplaces became more digitally focused.

While 52% of employees reported that they think about cybersecurity often or daily, in the past year, 25% of employees have connected to potentially unsafe open Wi-Fi and 20% said they use the same password across multiple applications and accounts.

Categories: Cyber Risk News

Success of Mirai Variants Highlights Security Dangers

Mon, 06/04/2018 - 11:02
Success of Mirai Variants Highlights Security Dangers

Cyber-criminals have used Mirai as a framework on which to build improved IoT malware with new capabilities in the years since it broke, according to a new report from Netscout Arbor.

The DDoS mitigation expert claimed that Mirai was nothing short of revolutionary when it first appeared in 2016, helping to launch some of the biggest attacks ever recorded.

These include one against DNS provider Dyn which took some of the biggest names on the internet offline by harnessing the power of botnets of compromised consumer-grade IoT devices like DVRs and CCTV cameras.

Realizing the Mirai authors were onto a good thing, others have followed, with the emergence of several new variants including Satori, JenX, OMG and Wicked.

While Mirai originally worked by scanning for devices secured only by factory default log-ins, Satori makes the code even more effective by adding remote-code injection exploits.

JenX removed various features from the Mirai code and instead relies on external tools for scanning and exploitation.

OMG goes further still by adding HTTP and SOCKS proxy capabilities.

“With these two features, the bot author can proxy any traffic of its choosing through the infected IoT device,” said Netscout. “Including additional scans for new vulnerabilities, launching additional attacks, or pivot from the infected IoT device to other networks which are connected to the device.”

Finally, the most recent discovery, dubbed Wicked, replaces the credential scanning of Mirai with RCE vulnerability scanning, specifically in Netgear routers and CCTV-DVR devices.

“Within the RCE exploit, Wicked would include instructions to download and execute a copy of the Owari bot,” the security firm continued. “Often, the scanning and exploitation of devices can be automated, resulting in any susceptible devices becoming part of the botnet.”

The continued popularity of Mira-like malware makes prompt patching from users/IT admins and DDoS mitigation strategies essential, said Netscout.

Categories: Cyber Risk News

DHS Reveals Use of Stingrays Near White House

Mon, 06/04/2018 - 09:42
DHS Reveals Use of Stingrays Near White House

A senator has claimed to have made public new evidence that shows foreign hackers and spies are targeting US citizens via their mobile devices.

Ron Wyden demanded action from the FCC and phone companies after a letter sent to him from the Department of Homeland Security (DHS) revealed the use of controversial 'stingray' technology near the White House, and attempts to exploit SS7 vulnerabilities.

Also known as IMSI-catchers, stingray tech typically mimics mobile phone base towers, allowing individuals to locate specific devices and intercept communications from them.

It’s a controversial surveillance tool which police and FBI agents have run into trouble using in the past, because it cannot be targeted enough to focus on specific devices and ends up catching data on innocent users.

Yet now the DHS has revealed that “anomalous activity” like that of an IMSI catcher was observed within the National Capitol Region (NCR), including in locations near sensitive facilities like the White House.

“The news of a possible foreign stingray near the White House is of particular concern giving reports that the President isn’t even using a secure phone to protect his calls,” said Wyden in a statement. “The cavalier attitude toward our national security appears to be coming from the top down. It is high time for the FCC and this administration to act immediately to protect American national security.”

According to the DHS, law enforcement and counter-intelligence operatives investigated this activity and determined that “some signals” emanated from real cell towers, but that doesn’t explain all activity.

The DHS also claimed to have received reports from third-parties of unauthorized use of IMSI-catcher tech, as well as exploitation of SS7 vulnerabilities to “target the communications of American citizens.”

The 40-year-old network signalling protocol has been known to contain serious vulnerabilities for years.

“I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed,” said Wyden. “This letter is yet more evidence that these threats are absolutely real and they are already attacking Americans.”

Categories: Cyber Risk News

TSB Privacy Snafu as Letters Sent to Wrong Customers

Mon, 06/04/2018 - 09:02
TSB Privacy Snafu as Letters Sent to Wrong Customers

UK bank TSB’s problems just got even worse after it emerged that letters sent to some customers following a major IT incident contained sensitive information on other users.

The high street lender has apologized for the privacy leak, which could fall foul of the GDPR.

Some letters sent out to explain the recent IT snafu reportedly contained a second page with a reference number, name and address of a different customer.

“If I was in any way shady, I could contact them and say that I was from TSB and perhaps trick them into discussing things,” one TSB customer told the BBC. “I have no confidence in TSB at all of controlling their usage of my data and keeping it safe and secure."

In fact, there has been a huge rise in phishing attempts targeting customers of the lender over recent weeks, as fraudsters look to trick users into clicking on links in texts and emails

A TSB spokesperson acknowledged the privacy error.

“We are working with our third-party supplier to understand the root cause of the error and we'd like to apologize to anyone that may be impacted,” they added.

The original IT problems affected millions of customers, with some reporting that they were able to access the bank accounts of other online users.

It was originally intended that the bank would transfer its underlying IT systems from an old Lloyds Bank platform to a new state-of-the-art in-house IT set-up.

TSB isn’t the only financial institution to have suffered a major IT incident recently. Over the weekend, Visa customers across Europe were hit by a “hardware failure” at the card giant which led to widespread problems using cards.

Around five hours after the initial reports the firm said systems were almost back to normal.

Categories: Cyber Risk News

Problems Loom for Buyers Following Healthcare M&A

Fri, 06/01/2018 - 15:46
Problems Loom for Buyers Following Healthcare M&A

For buyers that have acquired a healthcare company, cybersecurity issues are not coming to light until after the deal is done, according to a new report, Reshaping Healthcare M&A: How Competition and Technology Are Changing the Game, published by West Monroe Partners.

The report noted there were 579 deals for US healthcare targets in 2017. "Both up and down market, a common theme in healthcare M&A has emerged: Buyers are looking for acquisitions that can evolve and respond to the rapidly changing landscape." The greatest challenge for acquirers, though, is the rapid rate of change in technology. 

Of the 100 market practitioners surveyed, 49% were unhappy with the compliance and cybersecurity in their healthcare deals, which highlights the challenges technology presents for the industry. More than half (58%) of buyers learned of these issues after the deal was completed. 

One reason those issues aren't discovered prior to closing the deal is that most targets don’t allow sufficient access to discover cyber issues, said Brad Haller, director in West Monroe Partners’ mergers-and-acquisitions practice.

Buyers are not granted access to networks to perform scans. "Couple that with the incredibly tight turnaround requests for diligence – which is a result of the market conditions – and acquirers are basically unable to perform the right level of rigor to the diligence process. Attackers are also getting more sophisticated and evolving quicker than ever, so the tools used in yesterday’s diligence process might not work for the diligence today," Haller said.

As a result, many acquirers are dissatisfied with their cyber-diligence, but there are additional causes of dissatisfaction. Haller said, "Diligence partners can sometimes disappoint by not providing creative enough solutions to the cyber problems discovered. That is, a buyer always wants to know how a cyber problem can be addressed without throwing a ton of money at it but that’s often the advice they get."

In addition, Haller reported that they see a lot of acquirers choosing the wrong partner for cybersecurity diligence, "for example, lawyers looking at historical breaches and past responses instead of technologists looking at how well-suited the infrastructure and tools are for the future." 

Categories: Cyber Risk News

All Women on Deck at RESET Cyber Conference

Fri, 06/01/2018 - 15:05
All Women on Deck at RESET Cyber Conference

With more than 15 female experts in cybersecurity scheduled to speak on the evolving cyber threat landscape, RESET, hosted by BAE Systems, claims to be challenging the status quo with its all-female speaker lineup.

Scheduled for 14 June at the Kennedy Lecture Theatre, University College London (UCL), the conference is open to all security professionals and will "provide in-depth knowledge of destructive cyber-attacks and criminal operations, threat hunting and strategy, and human centric security. In panel discussions, we consider public and private roles in defending cyber space and the risks of securing the un-securable as new technologies emerge."

What is unique about this event is the speaker lineup. BAE Systems threat intelligence analysts Kirsten Ward and Saher Naumaan have launched the event not only to bring professionals together to engage in a discussion about the evolving threat landscape, but also in part to showcase the impressive women who are often not invited to speak at industry conferences. 

“There are plenty of exceptional women qualified to speak at such conferences. But because they are not promoted or given as much exposure as men, their participation is disproportionately skewed. We’re correcting this existing imbalance: all any conference organisers have to do is what we did – put in a little effort,” Naumaan said in an interview with Forbes Magazine.

After feeling unwelcomed at many cybersecurity conferences because of the striking lack of diversity, Ward and Naumaan decided it was time to "RESET" the balance. They proposed their idea for a conference with a list of exclusively female speakers, and it took them little time to come up with a list of women suited for the task. In only a few hours, they had mounted more than 100 names.

It's well known that women represent only 11% of the cybersecurity industry. That number hasn't changed for a few years. While many conferences do have sessions on their agenda that are exclusively for women, most often those are about issues in the workplace. Ward and Naumaan said that's helpful but doesn't go far enough to address the issues of gender inequality in the industry. 

Ward said, "We want people to see them first and foremost as experts in cyber security. We’re putting these brilliant women on the podium to share their expertise and stories and to unpack some of the biggest questions facing us in cyber security today.”

Naumaan also hopes the conference will lead to fewer people asking individual women what it’s like to be a female in STEM. "We want to give these women the opportunity to talk about their research and what they are knowledgeable about. We’re making it about their work, not about their gender,” Naumaan said.

Categories: Cyber Risk News

Customer Data Flies Away with Ticketfly Hacker

Fri, 06/01/2018 - 14:35
Customer Data Flies Away with Ticketfly Hacker

Ticket distribution service Ticketfly was hacked by a culprit who took responsibility for defacing the company's homepage with a message citing poor security as the reason for not apologizing. 

The hacker, reported to be IsHaKdZ, aka ThE HaCkEr, originally hacked the website and flagged their success with the image of the V for Vendetta protagonist. That image has since been removed, but the attack remains an issue for Ticketfly, whose website is still down.

The current landing page states, "Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later."

Claiming to have exploited a vulnerability that allowed them to take control of "all database" for Ticketfly and its website, the hacker reportedly asked for 1 bitcoin in exchange for the details, according to MotherboardInfosecurity Magazine has reached out to Ticketfly, but it has not responded. It appears the company is sharing very little information at this point. 

"A Ticketfly spokesperson declined to respond when asked whether the hacker had gotten in touch with the company," Motherboard wrote. 

According to The Verge, "A spokesperson for the company reiterated it was the target of a cyber incident, but was unable to comment on whether anyone’s personal information was breached, saying, 'The security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.'”

A global company, Ticketfly is one of the first victims of a major security incidents post-GDPR. "While the company hasn’t confirmed a breach of customer data has occurred, at face value the hacker’s claim – that he/she managed to access their database via an unpatched vulnerability or misconfiguration – is well within the realm of possibility," said Sanjay Beri, CEO, Netskope

"We’ve seen this time and time again with organizations failing to properly secure their data, resulting in the exposure of massive datasets on the web. Now the real question is, if a breach did occur, did the database include any PII belonging to EU citizens? If the answer is yes, this situation could escalate quickly.”

Categories: Cyber Risk News

Queen’s University Belfast Launches Cyber-Testing Labs

Fri, 06/01/2018 - 10:30
Queen’s University Belfast Launches Cyber-Testing Labs

Queen’s University Belfast is hailing a new £500,000 facility which will help academics and industry partners carry out testing and advanced research.

The state-of-the-art cybersecurity research lab is housed in the university’s Centre for Secure Information Technologies (CSIT) and features a multi-gigabit optical fiber network.

The high-speed network will provide new capabilities to carry out application and appliance pen testing, reverse engineering and advanced malware monitoring, according to the university.

Attack replay and monitoring functionality will also support research into DDoS attacks, it added.

“The CSIT Test Lab is one of the first UK-wide research infrastructures providing an experimental playground for both academia and industry to collaborate, innovate and share equipment, tools, experiments and data-sets,” claimed professor Sakir Sezer, head of connected systems security at CSIT.

“By combining all the new capabilities, the lab facilitates a highly configurable platform for many widespread communication technologies, enabling state-of-the-art ‘capture the flag’ and other red/blue tea’ cybersecurity challenge games and specialized cybersecurity staff training.”

A custom-built Cyber Range will enable researchers to connect remotely and share the facilities ad hoc with partners in other parts of the world, he continued.

The test network has been built using the latest equipment on the market, including Software Defined Networking (SDN) and Network Function Virtualisation NFV appliances, and support for industrial control systems (ICS) for smart grid and manufacturing.

ICS threats in particular are on the rise: with up to 30% of installations facing attack in the second half of 2017, according to Kaspersky Lab

State-backed Russian hackers in particular have been ramping up attacks against this kind of critical infrastructure, with the NCSC and US authorities releasing a joint technical alert to this effect in April.

The new research lab at Queen’s will also include a focus on more consumer-based IoT devices, including home IP Security cameras, health monitors, smart watches, home automation, logistic devices, PCs, phones and tablets.

Categories: Cyber Risk News

Face, Iris and Pulse Biometrics Close in on Fingerprint Tech

Fri, 06/01/2018 - 09:31
Face, Iris and Pulse Biometrics Close in on Fingerprint Tech

Face, iris and pulse-based biometric authentication systems will increasingly eat away at the market share of fingerprint technologies, according to a new report from ABI Research.

The analyst claimed in its Biometric Technologies and Applications report that the falling cost of iris recognition will spur uptake, while facial recognition continues to improve in accuracy thanks to advanced machine learning algorithms.

The latter has already seen significant increase in penetration thanks to Apple’s decision to incorporate it into the iPhone X, while Samsung offers iris recognition in the Galaxy S8 and S9, the analyst continued.

The Internet of Things is also driving an uptake in newer biometric systems: with card-free ATMs being developed by Samsung and Diebold Nixdorf, OEMs in the automotive sector including GM, Nissan and Volvo investing heavily and new government rules in APAC set to mandate biometrics in a range of sectors including banking and telecoms, ABI Research claimed.

However, this is far from the end for fingerprints, according to industry analyst Dimitrios Pavlakis.

“Even though fingerprint sensor ASPs have taken a significant hit over the last couple of years, total fingerprint sensor shipments for the entire consumer market is still estimated to reach 1.2 billion worldwide for 2018, thus ensuring its market dominance,” he claimed.

“However, from established markets such as banking and payments to emerging ones like automotive and future-looking ones including robotics, we expect to see an increase in multi-modal applications and a scenario where biometrics is a critical component of a user’s digital ID in the emerging IoT ecosystem.” 

Ryan Wilk, vice-president at NuData Security, said convenience, context and security are key to the biometric authentication market.

“One thing that does not change is human behavior; an identifier that cyber-criminals cannot mimic. By better understanding and contextualizing human behavior — not just their physical characteristics — companies can have a better understanding of who the human behind the device really is,” he added.

Categories: Cyber Risk News

Honda and UMG Hit by Privacy Leaks

Fri, 06/01/2018 - 08:51
Honda and UMG Hit by Privacy Leaks

Honda and Universal Music Group (UMG) have both been left red-faced this week after researchers revealed sensitive log-in details and customer data were exposed to the public internet via poor configuration of IT infrastructure.

The carmaker’s Indian business left two Amazon AWS S3 Buckets containing personal information on 50,000 Honda Connect App users publicly exposed, according to Kromtech.

They were left exposed despite the firm having been notified about the error by another security researcher back in February.

The leaked info apparently included names, phone numbers for users and their trusted contacts, passwords, gender, email addresses for users and trusted contacts, and information about their cars including VIN, Connect IDs, and more.

“In this particular case, the information leaked could potentially give an attacker access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone's car is currently located, where they went, where they typically drive, how they drive, and where they start and stop,” Kromtech explained.

“Considering how we use our cars, this could give that attacker knowledge of the user's daily activities, including where they live, work, shop, and play, making it very easy to stalk someone.”

Music giant UMG was also exposed this week after ‘expert’ AWS contractor Agilisium left two instances of Apache Airflow server completely unprotected.

The workflow orchestration tool is open by default and active steps need to be taken to secure related servers, according to Kromtech.

The privacy snafu exposed “UMG’s internal FTP credentials, AWS configuration details (secret access key and password), along with internal source code details (SQL passwords),” potentially giving anyone who discovered them full access to its AWS account and key databases.

Both Honda and UMG are said to have acted quickly to resolve the issues when contacted by the security vendor.

Categories: Cyber Risk News

Open Redis Servers Infected with Malware

Thu, 05/31/2018 - 17:12
Open Redis Servers Infected with Malware

After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot. 

Three-quarters of the servers contained malicious values, which Imperva said is an indication of infection, and more than two-thirds of the open Redis servers contained malicious keys. The honeypot data also revealed that those infected servers with "backup" keys were attacked from a medium-sized botnet (610 IPs) with 86% of the IPs located in China.

Security research team leader at Imperva, Nadav Avital wrote in a blog post today that the high percentage of infections was most likely because they are being directly exposed to the internet. "However, this is highly unrecommended and creates huge security risks." 

Earlier this year, Imperva reported on the RedisWannaMine attack, which propagates through open Redi and Windows servers. Since then, the researchers have learned of additional attacks. 

A tool with many attributes, Redis can be used as an in-memory distributed database, cache or message broker. Because it is designed to be accessed by trusted clients inside trusted environments, Redis should not be publicly exposed.

"To help protect Redis servers from falling victim to these infections, they should never be connected to the internet and, because Redis does not use encryption and stores data in plain text, no sensitive data should ever be stored on the servers," Avital wrote. 

"Security issues commonly arise when people don’t read the documentation and migrate services to the cloud, without being aware of the consequences or the adequate measures that are needed to do so," he continued. 

The research revealed the magnitude of the problem within 24 hours of being made public. Once publicly available, the servers of Imperva customers were targeted by vulnerability scanners and crypto-mining infections and attacked more than 70,000 times by 295 IPs.

"The attacks included SQL injection, cross-site scripting, malicious file uploads, remote code executions etc. These numbers suggest that attackers are harnessing vulnerable Redis servers to mount further attacks on the attacker’s behalf," Avital said. 

"As a side note, going through the huge amount of publicly available data, we found private SSH keys that can be used to access servers, certificates that can be used to decrypt network traffic, PII, and more sensitive data," he said.

Categories: Cyber Risk News

Stress Relief App Turns Stressful for Facebook

Thu, 05/31/2018 - 14:36
Stress Relief App Turns Stressful for Facebook

Despite having downloaded an application intended to help them relax through painting, unsuspecting Facebook users have been exploited by a malicious application that instead collects sensitive information. 

According to a 30 May post on Cylance's Threat Vector written by Kim Crawley, "‘Relieve Stress Paint’ isn’t an app that’s embedded in Facebook though. Rather, cyberattack targets received links to download the malicious application through Facebook messages or email. The cyber attackers exploited the perceived legitimacy and integrity of Facebook and AOL’s brands to transmit their Trojan."

While the targeted victims do indeed receive an application that can be used for painting, lurking in the background is a malicious payload that is grabbing sensitive Facebook session cookies, login credentials and similar data. 

Cylance found that the attackers' preferred targets are Facebook users who have their own Pages with lots of followers and payment data that is linked to their accounts. 

"While ‘Relieve Stress Paint’ is installed on a Windows machine, ‘DX.exe’ remains persistent on the system, and ‘uplink.dll’ is likely the malicious dynamic link library which grabs the target’s sensitive Facebook data," Crawley wrote. 

Researchers have found that at least 35,000 users around the globe – including Vietnam, Russia, Pakistan, Indonesia, Ukraine, Italy, Romania, Kazakhstan, Egypt, Estonia and France – have been affected. Almost 3,000 victims in Vietnam alone have fallen victim to this targeted campaign dubbed the Relieve Stress Paint Trojan. 

Facebook users are cautioned to beware of applications that come through unsolicited messages on Facebook. "Even developers of legitimate commercial software who are in the business of making money won’t send people unsolicited Facebook messages in order to market their product," Crawley wrote. 

Categories: Cyber Risk News

Pages