Intelligent Connections. Powerful Impact.
Call Us: 415-510-2973

Archive for the News Category

Third of Global Organizations Lack Confidence in Ability to Detect Sophisticated Cyber Attacks

Third of Global Organizations Lack Confidence in Ability to Detect Sophisticated Cyber Attacks

The 2015 edition of EY’s annual Global Information Security Survey, Creating trust in the digital world, has revealed a corporate world still worried about the latest generation of cyber-attacks.

The survey of 1,755 organizations from 67 countries found that 88% do not believe their information security structure fully meets their organization’s needs and that when it comes to IT security budgets, just over two-thirds want their budgets to be increased by up to 50% to align their organization’s need for protection with its management's tolerance for risk.

There were a variety of sources of concern for respondents. The most likely sources of cyber-attacks cited were criminal syndicates (59%), hacktivists (54%), and state-sponsored groups (35%) retained their top rankings. However, compared with last year’s survey, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.

Encouragingly, the survey also found that companies currently feel less vulnerable to attacks arising from unaware employees (44%) and outdated systems (34%); down from 57% and 52%, respectively, than they did a year earlier. However, they feel more threatened today by phishing and malware. Almost half (44%) of respondents ranked phishing as their top threat—up from 39% in 2014—while 43% consider malware as their biggest threat. The latter figure was 34% in 2014.

“Organizations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats,” commented EY Global Cybersecurity Leader Ken Allan. “Businesses should not overlook or underestimate the potential risks of cyber breaches. Instead, they should develop a laser-like focus on cybersecurity and make the required investments. The only way to make the digital world fully operational and sustainable is to enable organizations to protect themselves and their clients and to create trust in their brand.”

But such protection was not being felt in general by respondents who felt that organizations were falling short in thwarting a cyber-attack. Just over half (54%) indicated that their firm lacked a dedicated function that focuses on emerging technology and its impact while 47% did not have a security operations center.

Slightly more than a third (36%) did not have a threat intelligence program, while 18% did not have an identity and access management program. More than half (57%) said that the contribution and value that the information security function provides to their organization is compromised by the lack of skilled talent available, compared with 53% of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.

Offering advice on how firms needed to react, EY global risk leader Paul van Kessel said: “Cybersecurity is inherently a defensive capability, but organizations should not wait to become victims. Instead, they should take an ‘active defense’ stance, with advanced security operations centers that identify potential attackers and analyze, assess and neutralize threats before damage can occur. It is imperative that organizations consider cybersecurity as an enabler to build and keep customers’ trust.”

Source: Information Security Magazine

Intel: Wearables, Cars and Stolen-Data Warehousing Will Mark 2016

Intel: Wearables, Cars and Stolen-Data Warehousing Will Mark 2016

2016 will see a gamut of cybersecurity trends, including likely threats around ransomware, attacks on automobile systems, infrastructure attacks, and the warehousing and sale of stolen data.

Intel Security’s McAfee Labs Threats Predictions Report predicts attacks on all types of hardware and firmware, while the market for tools that make them possible will expand and grow. Virtual machines could be targeted with system firmware rootkits.

On the ransomware, anonymizing networks and payment methods could continue to fuel the major and rapidly growing threat. Intel believes that in 2016, greater numbers of inexperienced cyber-criminals will leverage ransomware-as-a-service offerings which could further accelerate the growth of ransomware.

When it comes to the Internet of Things (IoT), although most wearable devices store a relatively small amount of personal information, wearable platforms could be targeted by cyber-criminals working to compromise the smartphones used to manage them. The industry will work to protect potential attack surfaces such as operating system kernels, networking and Wi-Fi software, user interfaces, memory, local files and storage systems, virtual machines, web apps, and access control and security software.

Also on the IoT front, researchers will continue to focus on potential exploit scenarios for connected automobile systems lacking foundational security capabilities or failing to meet best-practice security policies. IT security vendors and automakers will proactively work together to develop guidance, standards and technical solutions to protect attack surfaces such as vehicle access system engine control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps and smartphone access.

Intel also thinks that organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies and remain vigilant. Thus, attackers are likely to shift their focus and increasingly attack enterprises through their employees, by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.

Cyber-criminals could also seek to exploit weak or ignored corporate security policies established to protect cloud services. Home to an increasing amount of business confidential information, such services, if exploited, could compromise organizational business strategy, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data and other data.

And what happens to all of that stolen data? Stolen personally identifiable information sets are being linked together in big data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen personally identifiable information and usernames and passwords.

Intel also expects a rise in integrity attacks. One of the most significant new attack vectors will be stealthy, selective compromises to the integrity of systems and data. These attacks involve seizing and modifying transactions or data in favor of the perpetrators, such as a malicious party changing the direct deposit settings for a victim’s paychecks and having money deposited into a different account. In 2016, McAfee Labs predicts that we could witness an integrity attack in the financial sector in which millions of dollars could be stolen by cyber-thieves.

And finally, in the plus column, threat intelligence-sharing among enterprises and security vendors will grow rapidly and mature. Legislative steps may will be taken making it possible for companies and governments to share threat intelligence with government. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat intelligence cooperatives between industry vendors will expand, Intel noted.

Source: Information Security Magazine

JPMorgan Indictments Show 83Mn Affected in Enormous Breach

JPMorgan Indictments Show 83Mn Affected in Enormous Breach

Federal prosecutors have unsealed documents relating to the breach at JPMorgan Chase, revealing that cyber-criminals stole information from more than 83 million customers (as well as data from other companies, like Scottrade and E*Trade), and used that information to carry out a stock-manipulation scheme, credit-card fraud and illegal online casinos.

US prosecutors have unsealed two indictments, in which they described a vast, multi-year criminal enterprise that spanned more than a dozen countries, and targeted at least nine big financial and publishing firms, including JPMorgan Chase, E*Trade, Fidelity Investments, Scottrade Financial and Dow Jones & Co. The indictments revealed that the perpetrators stole some 10 million email addresses from customers of Dow Jones, far bigger of a breach than the 3,500 customers the company said in October could have been compromised.

“From 2012 to mid-2015, the suspects and their co-conspirators successfully manipulated dozens of publicly traded stocks, sent misleading pitches to clients of banks and brokerages whose email addresses they’d stolen, and profited by using trading accounts set up under fake names,” reported Bloomberg.

The ring also “tried to extract nonpublic information from financial corporations, processed payment information for fake pharmaceuticals and fake antivirus software, falsified passports and took control of a New Jersey credit union,” said prosecutors.

About 75 companies and bank and brokerage accounts around the world were allegedly used to launder money, prosecutors wrote, and the ring’s operations network stretched from Israel to the US, including stops in Cyprus, Azerbaijan and Switzerland.

Gery Shalon, Joshua Aaron and Ziv Orenstein were named in the indictment, for a range of offenses that include hacking, securities fraud, wire fraud and identity theft. Shalon and Orenstein were arrested in Israel in July. Aaron remains at large.

“They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” according to the indictment.

“The shocking size and reach of this cyber breach underscores the sophistication of today’s cyber-criminal enterprises and shows what security teams across all industries are up against,” said Fortscale CEO Idan Tendler, in an email. “Today’s hackers aren’t necessarily looking for a quick payday. Once the initial data theft is completed, there are countless opportunities for cyber-criminals to conduct targeted campaigns. The key for organizations is to prevent the initial breaches from occurring in the first place. These types of attacks can be prevented, but only through aggressive monitoring of internal networks with a key emphasis on user behavior.”

Source: Information Security Magazine

Amazon Shipping Android Tablets with Pre-installed Trojan

Amazon Shipping Android Tablets with Pre-installed Trojan

A dangerous new Trojan, dubbed Cloudsota, has been found to be pre-installed on certain Android tablets being sold through Amazon and other major marketplaces.

According to researchers from the Cheetah Mobile Security Lab, the Cloudsota Trojan can install adware or malware on the devices and uninstall anti-virus applications silently. With root permission, it is also able to automatically open all installed applications. Furthermore, the Trojan can replace boot animation and wallpapers with ads, change the browser’s homepage and redirect searches to strange ad pages.

Over 30 tablet brands have been pre-loaded with the Trojan, among which the most severely affected are the no-brand tablets with Allwinner chips.

Cheetah Mobile said in an analysis that at least 17,233 infected tablets have been delivered to customers’ hands, in more than 153 affected countries, with Mexico, US and Turkey suffering the most. But this estimation is based on anonymous data collected by the company from its antivirus application; since many tablets are not protected by antivirus, the number may actually be significantly greater.

And worse, these tablets are still available on many online stores, including Amazon.

“A large number of customers have left comments on grumbling about the advertisements and popups,” Cheeta Mobile said. These tablets share some similarities that all of them are low-priced and manufactured by nameless small-scale workshops.”

Upon discovery, Cheetah Mobile reached out to Amazon to report users selling these infected tablets. It also notified companies involved whose products are found with pre-installed Trojans. “We advised those manufacturers to investigate their system firmware carefully, but unfortunately none have responded yet,” the firm said.

Consumers should beware no-name, cheap tablets for now. “This Trojan has existed for quite some time and victims have been consistently asking for help at Android forums like XDA, TechKnow and others,” researchers said. “While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property.”

Source: Information Security Magazine

Hardware Encryption Market Expected to Reach $296.4bn by 2020

Hardware Encryption Market Expected to Reach $296.4bn by 2020

A new report by Allied Market Research forecasts that the world hardware encryption market is to show a CAGR of 54.6% from 2010- 2020 and be worth just over $296 billion.

The World Hardware Encryption—Market Opportunities and Forecasts, 2014–2020 report proposes that hardware encryption is considered as the most effective form of data protection against unauthorized access, aligning with the actions of various governments across the globe who are coming out with stringent regulations pertaining to data protection. This is seen as a key development that further supplements the demand of hardware encryption as a key data security technology.

The hard disk drives (HDD) segment was found to be the highest revenue generating segment, constituting 57% of the total market revenue in 2014 and is expected to maintain its dominance throughout the analysis period. The segment of encrypted USB flash drives is forecast to grow significantly and register highest CAGR of 58.8% during the forecast period. The increasing demands of robust memory storage devices that are highly compact, offer maximum storage and render better security of data are key factors, which would drive the growth of this segment.

Looking at regions and vertical industries, Asia-Pacific was revealed to be the largest revenue generating region for hardware encryption, followed by North America and Europe, as is set to be the highest revenue generating region, constituting nearly 33.5% of the total market revenue. The region is also likely to registering a CAGR of 56.9% during the forecast period, supplemented by factors such as strong economic growth, development in enterprise IT infrastructure and the large scale outsourcing of BPO operations to China, India and Malaysia.

Among the various verticals, healthcare was the largest contributor, accounting for around 23.8% of the total market revenue in 2014. The sector is projected to continue to be the highest revenue generator throughout the analysis period. Stringent government regulations, and security standards along with the increasing use of BYOD devices, will be key factors supplementing the adoption of hardware encryption in the healthcare sector.

Source: Information Security Magazine

Nuclear EK Infects Major Nonprofit with Kelihos

Nuclear EK Infects Major Nonprofit with Kelihos

A bot in the website of the International Council of Women (ICW) has been compromised by attackers using the Nuclear Exploit Kit—infecting users with the Kelihos bot.

According to Zscaler, the EK was heavily obfuscated to evade security software detections.

Researchers found that the malware was communicating with remote servers to exchange information used to execute various tasks—including sending spam email, capturing sensitive information or downloading and executing malicious files. Kelihos was also trying to steal login credentials and digital currency—including Bitcoin—by monitoring network traffic of the victim's machine. And, it was trying to gather stored information such as usernames, passwords and host names from various Internet browsers—including Google Chrome and ChromePlus.

“Nuclear EK remains a worthy rival to Angler EK, with widespread campaigns, regular exploit payload updates, new obfuscation techniques and new malware payloads,” Zscaler researchers noted in an analysis. “The end malware payload we saw in this campaign was the information stealing Kelihos bot which has extremely low AV detection.”

Things have been busy on the EK front of late. Earlier in the week Zscaler found that despite the recent attempt to take down the Angler Exploit Kit, a Chinese government website recently was compromised, exploiting Flash and directing users to the CryptoWall 3.0 payload.

The firm uncovered that it’s back to business as usual for kit operators. The compromised Chinese government website was the "Chuxiong Archives,” compromised with injected code. The site has a similar look and feel to both the Chuxiong Yi Prefecture and Chuxiong City websites and appears somewhat inactive. The compromised site was cleaned up within 24 hours, but the situation alerted Zscaler to recent changes to Angler, as well as the inclusion of newer Flash exploits.

Source: Information Security Magazine

Ovum: Data Breaches Offer a Good Case for Cloud Security

Ovum: Data Breaches Offer a Good Case for Cloud Security

Despite cloud security fears, the ongoing epidemic of data breaches is likely to simply push more enterprises towards the cloud.

That’s the assessment of Tim Jennings, Ovum analyst, who says that the trend is an indicator of the increasing maturity of the cloud environment.

“Given that data security and privacy concerns have been an inhibitor during the early stages of cloud adoption, it is somewhat ironic that the continued spate of high-profile customer data breaches is likely to push more enterprises toward cloud services,” he said, in a blog. “One can envisage, therefore, pointed conversations within boardrooms as CIOs and chief security officers are questioned about the likelihood of their organizations being the next to suffer reputational damage through the exposure of customer data. Many organizations will conclude that using the expertise of a third party is a more reliable approach than depending on in-house resources.”

He added that the main issue is not necessarily the fact that the breach has occurred, because some degree of vulnerability will always exist, but organizational response is varied—and in many cases wholly inappropriate because of a lack of security expertise.

“Many have been like rabbits caught in the headlights, seemingly having little insight into the root cause of the failure, the extent of the consequences, or the actions required for remediation,” Jennings noted.

In many ways, outsourcing to someone with better answers should seem obvious. Modern cloud providers have invested large sums of money into end-to-end security, covering the physical security of the data center and encryption of customer data through to highly automated patching and sophisticated security intelligence.

“It is unrealistic to expect even very large enterprises to replicate this environment,” Jennings said.

He cautioned however that this does not necessarily mean that adopting a public cloud environment is safer.

“It may be that enterprises prefer to use either an on-premise or virtual private cloud, while still taking advantage of a specialist provider’s management and security capabilities. Nor does it mean that the responsibility for security and customer data passes away from the enterprise—even though the delivery of these capabilities is in the hands of the third party, governance and control must be retained in-house.”

Source: Information Security Magazine

Pentagon to Develop Lethal Cyber-Weapons—Report

Pentagon to Develop Lethal Cyber-Weapons—Report

According to government contractors and former Pentagon officials, computer code and cyber-weapons capable of killing adversaries will be developed under a new half-billion-dollar military contract.

These cyber weapons will allow US troops to launch “logic bombs,” instead of traditional explosives, which essentially would force an enemy’s critical infrastructure to self-destruct—likely with the loss of human life.

Sources told Nextgov that the contract is the main part of an upcoming $460 million U.S. Cyber Command project, which will outsource “cyber fires" planning, as well as "cyberspace joint munitions" assessments to contractors. Raytheon, Northrop Grumman and Lockheed Martin are among the major defense firms expected to compete.

The Department of Defense Law of War Manual, first published in June, notes some of the acceptable uses for cyber-weapons, such as: "trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes."

The Pentagon’s stated cyber-mission is to block foreign hackers targeting domestic systems, assist US combat troops overseas and defend military networks. The tools and capabilities necessary to carry these out will be consistent with US and international law, Pentagon spokeswoman Laura Rojas told Nextgov.

That means that, just as with traditional bombs and weaponry, cyber-strikes will be allowed if “it is certain that civilians would be killed or injured—so long as the reasonably anticipated collateral damage isn’t excessive in relation to what you expect to gain militarily," said retired Maj. Gen. Charles J. Dunlap, executive director of Duke University's Center on Law, Ethics and National Security. "These are essentially the same rules as for attacks employing traditional bombs or bullets.”

Most missions will likely be enabling attacks for more traditional approaches, some say.

"Combatant commanders choose weapons that they know will further their course of action," said Bill Leigher, a recently retired Navy admiral who runs Raytheon's government cyber-solutions division. He said that applications for the new capabilities would include things like launching a cyberattack to shut down the power grid of an air maintenance facility.

"You've degraded the enemy's ability to repair aircraft," Leigher said. "I trust [that cyberweapon]. I know how it's going to be used, and I believe that it is the best option to execute and it doesn't create more risk for the 27-year-old Air Force pilot who is flying over a defended target.”

Source: Information Security Magazine

Lack of Employee Security Training Plagues US Businesses

Lack of Employee Security Training Plagues US Businesses

Employee security awareness continues to be the subject of a dramatic disconnect: Research reveals that 73% of US employees believe their company provides sufficient training on how to protect sensitive information, while a similar percentage of IT personnel (72%) say that employers are not doing enough to educate employees.

The research, from Clearswift, underscores the need for more collaboration between the executive team, IT, HR and other employees within an organization to ensure the safety of sensitive information and intellectual property (IP), given that improperly trained staff are at risk of clicking on phishing links that invite attackers in, or inadvertently sending out information hidden within documents and metadata.

That’s especially critical considering that 10% of employees have lost a device containing sensitive business information, 12% have used shadow IT without authorization, and 37% of respondents say they have access to information that is above their position in the company. The risk is exacerbated by an uptick in the use of cloud applications like DropBox, Google Drive or Box, in addition to the proliferation of new communications tools in the form of social media and personal devices being used for work.

Further, a full 56% of employees in the US have access to intellectual property at work—but less than half (45%) recognize that intellectual property could damage their company if leaked. This can include new code for software products, trade secrets, designs or strategic plans, and can be very costly to lose if it is not yet protected by patents.

“The value of a company’s IP is frequently misunderstood. First off, IP comes in many guises and it’s essential for organizations to recognize ‘what’ their IP is; where it exists and who has access to it,” said Heath Davies, CEO at Clearswift. “IP is often a company’s most prized possession, if it were to fall into a competitor’s hands, or even unauthorized hands, it could cause immense financial damage to a company, or as in the case of the recent attempted US naval espionage charge, potentially result in dire effects. It is incredible that so many survey respondents say they have access to such information, yet so few seem to realize its value.”

The study also found that 62% of businesses worldwide think their employees don’t care enough about the implications of a security breach to change their behavior, and 57% admit that they need to make employees care more about the ramifications of a breach, explain the risks and talk about cases in the media.

"Most employees are not acting maliciously, but their carelessness can be just as damaging,” said Davies. “Companies need to wake up to the fact that employees have the potential to cause the company huge damage through their actions, and ensure that training, policies and technology are in place to minimize that risk. Those sitting on the board need to sit up and pay attention; critical information needs to be governed at the highest levels or it could jeopardize the future of a company."

Source: Information Security Magazine

Teenage 'Cracka' Hackers Hit FBI Deputy Director

Teenage 'Cracka' Hackers Hit FBI Deputy Director

A group of teenage hackers have broken into the AOL email accounts of the FBI Deputy Director Mark Giuliano and his wife.

The hacktivist group, known as “Crackas With Attitude” (CWA), is making AOL a bit of a specialty; two weeks ago it also hacked the AOL email account of the CIA director John Brennan.

The ringleader, who fittingly goes by the name Cracka, has posted online a veritable treasure trove of information belonging to thousands of government employees, including more than 3,500 names, email addresses and contact numbers of law enforcement and military personnel, including intelligence analysts. The group has warned that this is just a taste of the full amount of information that CWA has in its possession.

CWA said that it is acting in support of the Palestinian cause; and that the Giuliano attack is payback for the director’s comments that he made after the Brennnan hack about making an example out of CWA.

If CWA was able to access all of that information via personal AOL accounts, this has the makings of a Hilary Clinton-level email security scandal. So far however, the FBI has declined to comment on whether the hack is legitimate.

Cracka told Millennial news outlet Vice that he called the deputy director's phone number:  "I called it and asked for Mark, and he is like 'I don't know you, but you better watch your back', and then he hung up, and I kept calling and he was getting mad, then he didn't pick up.”

Source: Information Security Magazine