Specialized Recruiting Solutions Designed to Access Deep Talent Pools
Call Us: 415-510-2973

Archive for the News Category

WannaCry and NotPetya Had Little Impact on Security Spend

WannaCry and NotPetya Had Little Impact on Security Spend

Despite the huge impact WannaCry and NotPetya had on organizations, the two ransomware campaigns earlier this year did little to affect budgets or boardroom interest in security, according to a new study.

AlienVault polled over 230 information security professionals around the world to see if anything had changed following the two major attack campaigns of May and June.

The bad news is that only 14% have had their cybersecurity budgets increased. This comes at a time when UK business spending in this area has been cut by as much as a third on last year — down from £6.2m to £3.9m, according to PwC.

“Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, points towards a panicked reaction from management tiers,” argued security advocate Javvad Malik.

“Given the unpredictable nature of today’s security environment, organizations should focus their efforts on detection and response.”

However, overall spending on security is set to rise 8% from this year to top $96bn in 2018 as firms rush to invest in new technologies to prevent breaches and meet regulatory compliance requirements, according to new Gartner figures.

The analyst claimed that firms were indeed investing more in detection and response, especially at the endpoint, as well as automation and outsourcing.

There was more bad news from AlienVault: only 16% of IT security professionals polled said they thought their bosses have started taking a greater interest in their roles because of WannaCry and NotPetya.

What’s more, just a fifth of respondents claimed they had been able to implement changes or projects that were previously put on hold.

On the plus side, over a quarter (28%) said they think that most people in the organization listen to their IT advice more than they did before the incidents.

Source: Information Security Magazine

Microsoft Patches Two Critical Defender Bugs

Microsoft Patches Two Critical Defender Bugs

Microsoft has released fixes for two critical flaws in its Windows Defender product which could allow attackers to completely take control of a targeted system.

CVE-2017-11937 and CVE-2017-11940 are remote code execution (RCE) vulnerabilities that exist when the Microsoft Malware Protection Engine (MMPE) doesn’t properly scan a specially crafted file, leading to memory corruption.

A remote attacker could therefore use a specially crafted file to execute arbitrary code, leading to a full system compromise. The file could be emailed, IM’d or delivered via a compromised website, the alert noted.

As the engine automatically scans files in real-time, the bugs could be easily exploited.

The updates fix the vulnerabilities by correcting the way in which the Microsoft Malware Protection Engine scans specially crafted files.

The software flaws affect Windows Defender on all supported Windows PC and server platforms, as well as Microsoft Endpoint Protection, Windows Intune Endpoint Protection, Security Essentials, Forefront Endpoint Protection and Exchange Server 2013 and 2016.

Fortunately, the vulnerabilities are not thought to have been publicly disclosed or exploited in the wild.

Most enterprise admins will not need to take any further action as the updates will be automatically deployed.

Interestingly the bugs were reported by the National Cyber Security Centre (NCSC), part of UK spy agency GCHQ.

It’s a nice bit of PR for NCSC given its role is to educate the populace and protect UK consumers and businesses from critical cyber-threats to essential services.

The organization has been an increasingly vocal presence in the news of late, warning government agencies earlier this month to effectively ban Russian AV for any networks processing information classified “secret” or above.

Several other critical MMPE bugs have already been discovered this year allowing remote code execution by hackers.

Source: Information Security Magazine

FSB: Lack of Cyber-Skills Holding Back Small Business

FSB: Lack of Cyber-Skills Holding Back Small Business

Over a fifth of UK small business owners believe a lack of cybersecurity skills is preventing them from becoming more digitally oriented, according to a new study from a leading UK business group.

The Federation of Small Businesses (FSB) posed questions on skills and training to over 1000 small businesses earlier this year to compile its latest report, Learning the Ropes.

The biggest barrier to digital growth is a basic lack of IT skills, cited by 22%, but this was followed shortly behind by a dearth of in-house security skills (21%).

Half (50%) of small businesses claimed that technical skills are the most important for driving future business growth.

Business owners are right to be concerned: the FSB estimates that smaller companies in the UK suffer as many as seven million cyber-crimes every year, at a cost of £5.26bn annually.

The report continued:

“This is a substantial on-going additional cost of doing business, reducing the competitiveness of smaller firms and creating a ‘chilling effect’ on the dynamism of the small business community, not least due to the higher costs of adopting new digital networked technologies as a result of such risks. Smaller firms are the least best placed to deal with cyber-threats most effectively, because of the significant constraints under which they operate. Such constraints make smaller businesses highly vulnerable to cyber threats.”

The FSB recommended several steps the government and other stakeholders could take to improve digital skills in small businesses, including tax breaks for training courses, more effective use of the new National Careers Service website and audits of training provision by Local Enterprise Partnerships (LEPs).

“The twin pressures of rapid technological change and Brexit make upskilling the current workforce more important than ever,” argued FSB national chairman, Mike Cherry.

“Small firms clearly recognize the value of providing training for themselves and their staff, but it can be a struggle to find the time and money, and in some cases even to find the right training locally. All Local Enterprise Partnerships (LEPs) should ensure that there is relevant, accessible training available to meet the needs of small businesses and the self-employed.”

Skills gaps aren’t just a problem among small businesses. More generally the information security sector is heading for a skills “cliff edge”, according to the most recent Global Information Security Workforce Study (GISWS).

Source: Information Security Magazine

Today's Guest Editor: Jenny Radcliffe

Today's Guest Editor: Jenny Radcliffe

This Christmas Infosecurity has invited five top industry names to each fill the role of guest editor for a day, and on the first day of this week we are delighted to introduce Jenny Radcliffe!

Jenny Radcliffe, aka “The People Hacker”, is an expert in Social Engineering, negotiation, persuasion and influence, non-verbal communication and deception, and has been an active lifelong social engineer since breaking into a local zoo at the age of seven.  
 
A recognized expert on psychological security she has been performing penetration tests and related assignments for clients of all sizes and types on an international basis for decades and is renowned throughout the entire security sector working with companies from many different areas of the industry. She is entirely non-technical in her methods and attacks, using psychology and a unique perspective to continually excel at breaching security systems and protecting her clients.
 
Using a blend of anecdotes, science and humor, Jenny is an exceptional and highly impactful professional speaker.  A regular keynote at major security events and a multiple TEDx contributor, Jenny has been a guest expert on security, scams and social engineering for various television and radio shows as well as multiple online media.
 
Jenny is the host of the internationally successful podcast “The Human Factor” which interviews people from all walks of life about social engineering, security, business and life.

Jenny will be sharing her thoughts on the industry throughout the day so look out for her introductory video, opinion article, a Q&A with the real editor Eleanor Dallaway and a Twitter takeover!

Source: Information Security Magazine

Cybercrime Now Driven by Four Distinct Groups

Cybercrime Now Driven by Four Distinct Groups

The new generation of cyber-criminals resemble traditional Mafia organizations, not just in their professional coordination, but also in their willingness to intimidate and paralyze victims.

A new report from Malwarebytes The New Mafia: Gangs and Vigilantes determines that there are four distinct groups of cyber-criminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. The report said that the entrance of new participants has transformed cybercrime from isolated and individualized acts into pervasive, savage practices run by distinct groups of individuals.

“Similar to the criminal gangs that dominated major cities like New York in the 1930s, these new participants have largely been attracted by the potential for riches and power. Likewise, these newer perpetrators of cybercrime have increasingly resorted to fear, intimidation and a feeling of helplessness to achieve their aims. Similar to the mobsters who would muscle their way into a business and make demands, cyber-criminals are taking command of computers and sensitive personal information to threaten victims.” 

Research from Malwarebytes determined that the number of attacks recorded in the first 10 months of 2017 surpassed the total for all of 2016.

“The average number of monthly attacks has also increased by 23% in 2017,” the report said. “2016 itself saw a spectacular rise in business-targeted cybercrime, with a 96% increase in attacks compared to the previous year.”

The report calls for businesses and consumers to fight back by acting as ‘vigilantes’ through greater collective awareness, knowledge sharing and proactive defenses. This includes a shift from shaming businesses who have been hacked and instead engaging with them – working together to fix the problem.

Speaking to Infosecurity, Marcin Kleczynski, CEO of Malwarebytes said that old gang-style organized crime has evolved into cybercrime, in a style of “old versus new mafia through technology advances.” 

He added: “The game has shifted to corporate espionage, and it is undetectable at this point as you don’t need to manipulate the blueprints, you’re just copying them without leaving a trace behind. The idea that Boeing puts together a plan for a new plane and you can skip that stage and go straight to manufacturing.” 

Kleczynski said that the most damaging cyber-attacks to businesses are the ones that go undetected for long stretches of time. “In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill. CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration.”

Source: Information Security Magazine

Enterprise Security Spending to Top $96bn in 2018

Enterprise Security Spending to Top $96bn in 2018

Enterprise cybersecurity spending will hit a high of $96.3 billion in 2018, as organizations rush to protect themselves from damaging data breaches and meet regulatory compliance requirements, according to Gartner.

The analyst firm said the figure represents an 8% increase on 2017 spending. It added that of the 53% of organizations citing security risks as the number one driver for spending, breaches were the top risk they identified.

Those stats come from a security spending study that Gartner conducted with global clients last year.

Security testing, IT outsourcing and security information and event management (SIEM) will be among the fastest-growing sub-segments next year, boosting growth in Gartner’s infrastructure protection and security services segments.

In fact, security services revenue will hit $57.7bn in first place, followed by infrastructure protection ($17.5bn) and network security equipment ($11.7bn).

The smaller segments of consumer security software ($4.7bn) and identity and access management ($4.7bn) will bring up the rear next year.

“Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," said Ruggero Contu, research director at Gartner. "Cyber-attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."

Regulations including the EU GDPR, HIPAA and NIST in the US, the Overseas Citizenship of India, and China’s Cybersecurity Law, are also driving spending increases in security, the analyst claimed.

Other trends include a shift towards detection and response, especially at the endpoint, and automation and outsourcing.

The latter are in part a response to chronic industry skills shortages — in fact, spending on security outsourcing will reach $18.5 billion in 2018, an 11% increase from 2017, making it the second-largest segment after consulting.

Tim Woods, vice president, technology alliances at FireMon, argued that buying in new technologies can add complexity.

“We’re reaching a breaking point in that regard,” he added. “Automation can ease some of the management burden, at least making processes more efficient. But what it really comes down to is setting and enforcing a strong policy that creates a desirable ‘end-state’ for security.”

Tripwire senior director of security research, Lamar Bailey, argued that firms should focus on the security basics.

“A solid security program focusing on foundational security will thwart around 90% of the active threats,” he claimed.

Source: Information Security Magazine

Uber Hacker was 20-Year-Old Florida Man: Report

Uber Hacker was 20-Year-Old Florida Man: Report

A 20-year-old Florida man who lives with his mother was responsible for a breach of 57 million Uber users’ details last year, according to a new report.

Three people familiar with the incident told Reuters that the controversial ride hailing service made the $100,000 payment to hush up the breach through its bug bounty program, run by HackerOne.

However, that sum is at least 10-times greater than the usual payments that would be made through the program.

Uber is said to have made the payment in order to confirm the identity of the hacker — which is still unknown — and remarkably have him sign a non-disclosure agreement (NDA) to prevent future raids.

The hacker’s PC was apparently also analyzed by Uber to confirm all the data had been deleted. However, there will still be question marks over the validity of an NDA struck with a cyber-criminal, and whether or not the individual still holds the data on another device.

It’s claimed the Florida man, described by one source as “living with his mom in a small home trying to help pay the bills”, paid a second person to access the Uber GitHub account in which were stored the firm’s Amazon Web Services credentials.

CEO Dana Khosrowshahi shocked the world when he revealed last month that the firm had failed to notify the authorities of a major breach last year.

The affected parties include 600,000 US drivers and 2.7 million UK riders and drivers, although these are only estimates.

The incident could harm Uber’s chances of overturning a decision by Transport for London (TfL) in September to revoke its private operator license for the capital after claiming it was “not fit and proper” to hold one.

An estimated 3.5 million Londoners and 40,000 drivers use the app.

Source: Information Security Magazine

Ransomware Takes Out North Carolina County

Ransomware Takes Out North Carolina County

Ransomware has severely disrupted an entire North Carolina county, forcing a return to pen and paper for tax payments, jail services, child support and more.

In a sign of the continued threat to operations that ransomware poses, news emerged this week that 48 out of Mecklenburg County’s 500 servers were infected and forced into quarantine.

Reassuringly, county manager Dena Diorio said at a press conference that the local authority wouldn’t be paying the $23,000 ransom, but instead would begin the long and arduous process of restoring from back-ups.

“It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves,” she said. “And there was no guarantee that paying the criminals was a sure fix.”

However, over one million residents that live in the region could be affected by the outage, with many key services now offline.

These include social services — causing problems for those in need of medical transportation — electronic tax payments, community support services and even jail services.

“Please note that we anticipate a spike in the jail numbers due to the release process being slowed,” claimed a status update.

Residents in the state’s most populous metropolitan area are being urged to stay patient while digital services are restored. Health and Human Services, the court system and Land Use and Environmental Services are being prioritized, the local authority said.

The news comes as security experts warned that the increasing popularity of cyber-insurance could actually encourage more ransomware attacks.

“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data,” said Corey Nachreiner, CTO at WatchGuard Technologies.

“While we understand the business decision, insurers currently have no long-term actuarial data for cyber-incidents and ransomware. It is possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”

He argued that savvy cyber-criminals could even hack insurers to identify which organizations have taken out extortion insurance and then attack them directly.

Source: Information Security Magazine

Iranian State-Sponsored APT 34 Launches Spy Campaign with Just-Patched Microsoft Vulns

Iranian State-Sponsored APT 34 Launches Spy Campaign with Just-Patched Microsoft Vulns

An espionage campaign being carried out in the Middle East uses a vulnerability that was patched less than a week ago.

FireEye observed the attackers targeting a government organization in the Middle East, discovering that the activity was carried out by a suspected Iranian cyber-espionage threat group, APT34. It is using a custom backdoor to achieve its objectives.

“We believe APT34 is involved in a long-term cyber-espionage operation largely focused on reconnaissance efforts to benefit Iranian nation-state interests, and has been operational since at least 2014,” FireEye said in an analysis. “This threat group has conducted broad targeting across a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. We assess that APT34 works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.”

APT34 uses a mix of public and non-public tools, often conducting spear phishing operations using compromised accounts, sometimes coupled with social engineering tactics.

“In May 2016, we published a blog detailing a spear phishing campaign targeting banks in the Middle East region that used macro-enabled attachments to distribute POWBAT malware. We now attribute that campaign to APT34. In July 2017, we observed APT34 targeting a Middle East organization using a PowerShell-based backdoor that we call POWRUNER and a downloader with domain generation algorithm functionality that we call BONDUPDATER, based on strings within the malware.”

In this latest campaign, APT34 leveraged the recent Microsoft Office vulnerability CVE-2017-11882, which affects several versions of Microsoft Office and, when exploited, allows a remote user to run arbitrary code in the context of the current user as a result of improperly handling objects in memory. It was patched by Microsoft on Nov. 14.

“The vulnerability exists in the old Equation Editor (EQNEDT32.EXE), a component of Microsoft Office that is used to insert and evaluate mathematical formulas,” FireEye explained. “The Equation Editor is embedded in Office documents using object linking and embedding (OLE) technology. It is created as a separate process instead of child process of Office applications. If a crafted formula is passed to the Equation Editor, it does not check the data length properly while copying the data, which results in stack memory corruption. As the EQNEDT32.exe is compiled using an older compiler and does not support address space layout randomization (ASLR), a technique that guards against the exploitation of memory corruption vulnerabilities, the attacker can easily alter the flow of program execution.”

Source: Information Security Magazine

$64m in Bitcoin Stolen from NiceHash Mining Platform

$64m in Bitcoin Stolen from NiceHash Mining Platform

The cryptocurrency mining company NiceHash has suspended its operations for the time being, because of a payment system compromise that translates to $64 million in losses.

Hackers made off with contents of the company’s bitcoin account, according to Andrej Škraba, the Slovenian marketplace's head of marketing. He told Reuters that the compromise was highly professional and involved “sophisticated social engineering”—and led to the loss of 4,700 bitcoins. The digital currency's value continues to skyrocket, reaching a 1 BTC to $16,000 exchange rate this week.

NiceHash matches people looking to sell processing time on their computers with those looking to mine cryptocurrency, which is a compute-intensive activity involving complex algorithms.

It’s not clear whether NiceHash users' accounts were compromised as well, though a sentence in its announcement of the breach seemed to indicate the possibility: “While the full scope of what happened is not yet known, we recommend, as a precaution, that you change your online passwords.”

For US users, their investments are not protected as traditional bank funds would be under the FDIC, which was put in place after the 1929 stock market crash to provide insurance for money kept in bank vaults and to prevent bank runs. Between this and the fact that it is by design an untraceable currency, a bitcoin wallet theft is a total loss 99.9% of the time.

How the compromise played out is likewise unknown.

"There are certainly a number potential security issues to discuss, from API vulnerabilities to web application and database protection, however, without more details from NiceHash, we can only speculate by which method of attack their website was compromised,” said Rusty Carter, vice president of product management for mobile app security company Arxan Technologies, via email. “Given the large number of bitcoin lost, it's reasonable to suspect that insufficient database security and/or a compromised web application was the likely entry point.”

Most of the focus for cryptocurrencies has been put into the security of the currency itself, while securing the storage and trading of the digital assets has not reached the same level, he added.

“If we contrast with traditional financial institutions like banks and investment firms, we see that the overall reputation of the company, established through corporate stability and security of customer assets, are fundamental priorities to building and maintaining a long-lived business,” said Carter. “With the steady growth of online and mobile banking, there has been an exponential expansion of these institutions adopting a security-by-design philosophy. This security adoption includes end-to-end application security which has become a key area of focus in order to protect the bank's reputation, and customer's assets. With this, mobile apps and API security have become critical, along with securing data in transit, at rest, and in process.”

Reuters number-crunching revealed that nearly a million (980,000) bitcoins have been stolen from exchanges since 2011, which would be worth more than $15 billion at current exchange rates. One of the largest heists resulted in the collapse of the Mt. Gox bitcoin market in 2014.

Source: Information Security Magazine

Page 1 of 25012345...102030...Last »