Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

UK Councils Targeted in Ransomware Scare

UK Councils Targeted in Ransomware Scare

At least 30% of UK councils fell victim to ransomware attacks during 2015, a Freedom of Information (FoI) request has revealed.

The FoI request came from endpoint security company Avecto. It approached 46 UK councils about their experiences with ransomware. Nearly one-third (30%) said they had been a victim of ransomware in 2015. One council admitted to 13 different ransomware attacks.

Of those councils that were ransomware victims, 65% said they refused to pay a ransom, while the remaining 35% refused to reveal whether they had paid up or not. Avecto says this indicates that those councils had suffered some kind of data loss as a result of the attack,

While that figure of 30% may seem high, that actual number could be far higher. Of the 46 councils Avecto approached, nine withheld information and a further 14 failed to respond at all, making a true figure difficult to arrive at.

Paul Kenyon, co-founder and co-CEO at Avecto described the statistics as “sobering.”

“Ransomware attacks are particularly attractive to cyber-criminals because they can be relatively cheap and easy to deploy, and even if a minority of targets pay up then the attack overall can be profitable. It’s estimated that 9515 users in the US alone are paying ransoms every month,” he added.

Ransomware is a growing threat to businesses across the globe. It accounted for 42% of all security incidents in 2015, and struck a wide variety of industries, from hospitals to big businesses to local councils.

In fact, Lincolnshire Council was hit with a ransomware attack in January this year that rendered its IT systems useless for several days, with staff forced to do their work with old fashioned pen and paper. The ransom demanded was thought to be around $500 in Bitcoin, but the council refused to pay.

Some victims do however pay up; The Hollywood Presbyterian Medical Center paid $17,000 after ransomware locked down its IT system and forced it to cancel patient operations. That case prompted US and Canadian authorities to issue official warnings about ransomware. This came just after the FBI issued a warning to companies to not pay any demands from ransomware.

Source: Information Security Magazine

Hackers Grab Details of 45 Million VerticalScope Forum Users

Hackers Grab Details of 45 Million VerticalScope Forum Users

Another day, another report of millions of user credentials leaked online.

This time it seems the victim is a company called VerticalScope, a Canadian media company that runs a large number of websites and forums, including those on tech and sports such as Motorcycle.com, autoguide.com and techsupportforum.com.

According to LeakedSource, VerticalScope’s database was hacked in February this year, exposing the details of 45 million users across 1100 sites.

Details leaked include email addresses, usernames, IP addresses and passwords. According to LeakedSource, many of the passwords were salted and hashed with the MD5 algorithm, which is now widely regarded as insufficient. Just a handful used encryption that can be considered difficult to crack.

“Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” LeakedSource added.

Many of the affected websites were running vBulletin forum software that dated back to 2007 and contained known vulnerabilities that were easy to exploit, ZDNet reported.

In an email sent to ZDNet, VerticalScope said it was investigating the reports, without directly confirming that a breach had taken place. “We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies,” said Jerry Orban, vice-president of corporate development.

He added that the company is reviewing its security policies.

Farshad Ghazi, global product manager at HPE Security – Data Security, suggested that basic security measures would help companies keep their customer data secure.

“End-to-end encryption, a key data-centric security technology, protects data at rest, in use and in motion – thereby minimizing any clear data exposure and ensuring attackers get nothing of value when they do penetrate systems,” he said. “The ability to render data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure,” he added.

“As this attack points out, there is a clear need to protect personal information like name, full address, phone number and email address so that criminals can’t use the information to open bogus accounts, sell it for use in more targeted larger-scale spear-phishing, or even to steal identities,” Ghazi added.

Source: Information Security Magazine

Google Ups Android Bug Bounty Rewards

Google Ups Android Bug Bounty Rewards

To mark the first anniversary of Google’s Android Security Rewards program the company has announced an increase in how much it will pay for vulnerability reports.

For what Google calls a “high-quality vulnerability report with proof of concept,” security researchers will see payments increase 33% from $3000 (£2100, €2700) to $4000 (£2800, €3500). A high-quality vulnerability report with a proof of concept, a CTS Test, or a patch will get 50% more, Google says.

The more complex the vulnerability, the higher the rewards. A remote or proximal kernel exploit will now net $30,000 (£21,000, €26,700) instead of $20,000, and the reward for discovering a remote exploit chain or exploits leading to TrustZone or Verified Boot compromise has risen from $30,000 to $50,000 (£35,000, €44,400).

Android Security Rewards was added to Google’s Vulnerability Rewards Program to focus specifically on exploits and vulnerabilities within Google’s mobile operating system. It was launched to help secure Google’s range of Nexus devices, such as smartphones and tablets.

Since its introduction a year ago, Google says the program has received over 250 qualifying vulnerability reports, with a total of $550,000 (£384,500, €489,000) being paid out to 82 different researchers. The top researcher received $75,750 (£53,000, €67,300).

Most of the reports concerned vulnerabilities within the Android Media Server; Google says it has used these reports to improve security for the upcoming Android N release. Google also points out that many of the bugs were found in code that isn’t unique to Android.

The Android mobile operating system has been repeatedly criticized for its lax security. While Google has recently taken steps to improve security by offering monthly updates, millions of users across the world remain at risk by using out of date versions of Android. A report this year put the figure at 90% of all Android users.

So while Google can find and fix vulnerabilities and push out patches to those users running the latest version on a Nexus device, many other users have to wait for their network provider and device manufacturer to push out the updates.

Source: Information Security Magazine

Anonymous Hacks ISIS Accounts to Post Gay Porn, Pro-LGBT Tweets

Anonymous Hacks ISIS Accounts to Post Gay Porn, Pro-LGBT Tweets

In the wake of the tragedy in Orlando, dozens of Twitter accounts created by Islamic State supporters have been hacked to display gay pride flags, supportive LGBT-friendly messages and even gay porn.

Replacing the violence and hate are messages like, “I’m gay and I’m proud,” which graces one pro-ISIS account.

“I did it for the lives lost in Orlando,” said one of the hackers responsible, with the handle WauchulaGhost. Affiliated with the hacktivist collective Anonymous, he or she told Newsweek: “Daesh [ISIS] have been spreading and praising the attack, so I thought I would defend those that were lost. The taking of innocent lives will not be tolerated.”

WauchulaGhost has been devoted to disrupting the hackers for months, hijacking 258 accounts and sending messages meant to confuse and worry them.

“I have actually used some of the jacked accounts to create confusion,” WauchulaGhost told The Huffington Post. “I will DM other followers and hold a conversation, then inform them I am not who they thought I was. … So now, they aren’t sure who is friend or foe.”

There are at least five other hackers focused on defacing the accounts, according to WauchulaGhost.

“Most have only done a few. I decided to take it on and hit it hard. Right now there is a friend that goes by @Yetti_001 who is taking some too,” the hacker said.

The attack in Orlando was the worst mass shooting in US history, with 49 innocent people killed and 53 wounded in a hate-fueled attack on a gay nightclub.

“If anyone is making a list of #Daesh accs that are tweeting the Orlando attack please send to me. I’m going after those accounts. ??,” WauchulaGhost tweeted.

Photo © Tinxi/Shutterstock.com

Source: Information Security Magazine

Companies Have Tweaked Security, Big IT Challenges Remain

Companies Have Tweaked Security, Big IT Challenges Remain

More and more companies have altered their security approaches based on changes in IT operations: Such as relying on more cloud-based solutions or making wider use of mobile devices and apps.

According to a survey from CompTIA, the nonprofit association for the technology industry, nine in 10 IT professionals say security is of greater importance today to their companies than it was two years ago.

“Far more than half of all companies have adopted cloud computing and mobile devices,” noted Seth Robinson, senior director, technology analysis, CompTIA. “This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities.”

While some improvements in security have been noted, there remains a wide swath of companies that could improve their standing, along with those that may be over-estimating their readiness.

“Simply placing a higher priority on security may not lead to improved measures,” Robinson said. “Companies may not fully understand the nature of modern threats. It’s incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken.”

IT professionals tasked with keeping digital assets safe face a multitude of challenges. Just under half (47%) say there’s a belief within their company that existing security is “good enough.” For 43%, other technology needs take a higher priority than security. Four in 10 cite a lack of security metrics, while a slightly smaller percentage (37%) point to a lack of budget dedicated to security.

Challenges extend to finding qualified security workers at a time when the demand for security skills is increasing. For example, job postings in the category “Information Security Analysts” rose 175% between Q1 2012 and Q1 2015, according to the Bureau of Labor Statistics.

Within the cybersecurity workforce there are skills gaps to close, too. Among companies with skills gaps, 53% want to be more informed about current threats.  About 40% feel that they need to improve their awareness of the regulatory environment.

“The use of technology has outpaced cybersecurity literacy, so there’s also a growing need for the overall workforce to improve their knowledge and awareness of security issues,” Robinson added.

Two-thirds of companies are engaged in security training for employees, making it the most popular option for building the right security skills within an organization. The study also found that 56% of firms will seek out IT security certifications for their technology staff.

Photo © arka38

Source: Information Security Magazine

Data Breach Costs Soaring

Data Breach Costs Soaring

New research from IBM and the Ponemon Institute has revealed that data breaches now cost an average of $4 million, up a startling 29% since 2013.

Part of that rise is the frequency and sophistication of the threats organizations are facing; IBM recorded 64% more attacks in 2015 compared to the previous year. Much of the $4 million (£2.8 million, €3.6 million) cost, 59% in fact, represents costs associated with cleaning up the incident, such as incident forensics, communications, legal expenditures and regulatory mandates.

Businesses now lose on average $158 (£112, €141) for every record that is compromised. That figure depends on the industry. Healthcare for example is more costly, up to $355 (£251, €318) per record. Interestingly, companies in the public sector had the lowest cost per breach at just $80 (£56, €71).

Breaking costs down into certain countries, the report suggests data breaches are most costly in America, where the average is now $7.01 million, followed by Germany at $5.01 million (£3.55 million, €4.48 million) and Canada at $4.98 million (£3.53 million, €4.46 million).

The UK sits fifth on the list, with breaches costing an average of $3.95 million (£2.8 million, €3.54 million). India sits at the bottom of the list of countries analyzed for this report; breaches there cost $1.6 million (£1.13 million, €1.43 million).

According to the report, what is really driving up the cost of breaches is the amount of time it takes organizations to react; the slower the reaction, the higher the cost, IBM says. Breaches identified within 100 days cost an average of $3.23 million (£2.29 million, €2.89 million), while after that 100 day mark the cost goes up by over $100 million on average.

IBM said the average amount of time taken to identify a breach was 201 days, and it took on average 70 days to contain a breach.

The report also found that using an incident response team drastically reduced the cost of a data breach. An average of $400,000 or $16 per record was saved by using an incident response team. The problem is that not many businesses have one in place, which is one reason for the rising breach costs, IBM said.

“The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don’t have a plan in place to deal with this process efficiently,” said Ted Julian, vice-president, Resilient an IBM Company. “While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event.”

“Over the many years studying the data breach experience of more than 2000 organizations in every industry, we see that data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” said Dr. Larry Ponemon. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

Source: Information Security Magazine

New Zero-Day Exploit Targets Adobe Flash Player

New Zero-Day Exploit Targets Adobe Flash Player

A new zero-day vulnerability in Adobe Flash Player being exploited in limited, targeted attacks has been spotted, according to a blog post by Symantec.

The critical vulnerability affects Adobe Flash Player 21.0.0.242 and earlier versions for the following operation systems:

Windows
Mac OS X
Linux
Chrome OS

The zero-day (CVE-2016-4171) is due to be patched today (16 June) as part of Adobe’s monthly security update.

Flash Player users are advised to immediately update to the latest version once it is available. Since this vulnerability is already being exploited in the wild, users should make updating this software a priority.

With the number zero-day exploits being discovered continuing to rise the efforts of hackers trying to profit from these types of attacks show no signs of letting up anytime soon.

According to findings in Symantec’s 2016 Internet Security Threat Report zero-days rose by a staggering 125% last year, meaning a new vulnerability was discovered every week (on average). This just goes to highlight that zero-day attacks are now of the most common go to techniques that cyber-criminals are using in their malicious activities.

“Zero-day exploits are VERY profitable,” Luis Corrons, PandaLabs Technical Director at Panda Security, told Infosecurity. “This is because during the window of time in which the vulnerability is being exploited and a patch is released, and then applied, anyone exposed to it will be compromised.”

However, there are a number of security measures that can be taken to reduce the risk of being hit by zero-days such as never installing unnecessary software and making sure any software you do have is fully updated, Corrons said.

“The best approach is to use security services that include anti-exploit technologies and that monitor all processes running in the computers, so as long as a trustable process starts behaving strangely, it can be noticed and blocked in time,” he added.

Source: Information Security Magazine

Cyberspace is New Domain for War: NATO

Cyberspace is New Domain for War: NATO

The North Atlantic Trade Organization (NATO) has officially declared that cyberspace is a domain for war, placing it alongside the traditional battlegrounds of land, sea and air.

The move is a reflection of changing warfare tactics, where cyber-attacks are just as crucial and effective as more traditional methods.

Speaking at the meeting where the declaration was made, NATO secretary general Jens Stoltenberg said: “[This] means that we will coordinate and organize our efforts to protect against cyber-attacks in a better and more efficient way. This is about developing our capabilities and ability to partly protect NATO cyber networks but also to help and assist nations in defending their cyber networks.”

“Since it’s very hard to imagine a military conflict today without a cyber dimension, this is important, related to almost all possible conflicts we can foresee in the future,” he added.

It means NATO members can work together and support each other on cyber defenses. “This is about a better framework to manage resources, skills and capabilities, and better coordination of our decisions,” Stoltenberg said.

NATO added that under its new directives, a cyber-attack on a NATO ally can trigger Article 5 – this is when an attack on one is considered an attack on all, and can result in a collective response.

However it’s not just in Article 5 situations where NATO’s declaration could have an impact. NATO’s work in Afghanistan, for example, could benefit from a collective defense of its network to ensure it is safe from hackers or other malicious activity that could reduce its effectiveness, Stoltenberg said.

Despite this, the declaration has drawn criticism from some security experts. Simon Crosby, CTO and co-founder of Bromium, believes NATO lacks the resources to defend its members from cyber-attacks as a collective.

“The idea of NATO is a collective capability for defense, which when any one member is attacked can trigger the appropriate defensive military action. In cyber, NATO has none. Instead, individual member countries, to varying degrees cooperative or suspicious, more or less collaborates to share information on threats,” he said.

“The organization was founded to protect the members by, in extremes, deploying conventional non-cyber assets to effectively combat a threat on any member of the coalition. But NATO has no assets to deploy in the cyber domain. Each member has carefully managed its own cyber-attack techniques, tools and strategies. They each know the vulnerabilities and weak spots of their foes, and all of their peers in NATO. NATO cannot deploy assets to mitigate a cyber-attack,” Crosby added.

Source: Information Security Magazine

Malicious Activity on Four in Five Networks

Malicious Activity on Four in Five Networks

Four out of every five enterprise networks show signs of malicious DNS activity, potentially putting valuable data at risk, according to a new study by Infoblox.

The Infoblox Security Assessment Report for the first quarter of 2016 studied companies from a wide range of industries and geographies. According to Infoblox, 83% of the networks it examined had evidence of malicious DNS activity.

In total Infoblox studied 519 files that had captured DNS traffic and found that 429 showed signs of suspicious activity. The most common threats by far were botnets and protocol anomalies (both 54%). A protocol anomaly is a malformed DNS packet that can force a server to stop responding by going into an infinite loop or by crashing it.

Next on the list was DNS tunneling (18%). Some DNS tunneling is legitimate, but Infoblox said it has seen a lot of malicious uses of it recently. This is when attackers insert malware into the DNS which can then be used to send information, bypassing the firewall entirely.

The Zeus malware (17%), DDoS traffic (15%) and the CryptoLocker ransomware (13%) were also discovered on various systems. Amplification and reflection (12%) was also a common discovery. These are used to propagate a DDoS attack on the victim’s servers, potentially bringing the server down completely.

The final malicious activity Infoblox detected was the infamous Heartbleed (11%). Despite being discovered in April 2014 and the huge campaign of awareness around Heartbleed, it is still alarming that 11% of the networks Infoblox examined contained evidence of the vulnerability.

Craig Sanderson, senior director of security products at Infoblox, said the results show that a new approach to security is needed; defending at the perimeter is no longer sufficient due to the number of endpoints that need protecting and the number and sophistication of attacks targeting enterprises of all sizes.

“The prevalence of these attacks shows the value of DNS in finding threats aimed at disrupting organizations and stealing valuable data, as well as the extent to which organizational infrastructure can be hijacked to mount attacks on third parties,” he said.

“The good news is that DNS is also a powerful enforcement point within the network. When suspicious DNS activity is detected, network administrators and security teams can use this information to quickly identify and remediate infected devices—and can use DNS firewalling as well to prevent malware inside the network from communicating with command-and-control servers,” Sanderson added.

Source: Information Security Magazine

Industrial Control System Attacks Hit an All-Time High

Industrial Control System Attacks Hit an All-Time High

Threats to industrial control systems are on the rise: More incidents involving ICS operators—organizations that use and maintain ICS as part of their operations—occurred in 2015 than any year prior.

And no wonder: ICS represents an increasingly diverse and extensively connected set of technologies. It controls and automates significant portions of our connected society, including power moving through the electrical grid, oil flowing through pipelines, travelers commuting on rail systems, and systems controlling pharmaceutical and food manufacturing.

According to Booz Allen, the number of incidents reported to US authorities rose by 17% in FY 2015. With 295 reported incidents, 2015 had the most reported incidents to date. And for the first time since ICS-CERT began tracking reported incidents in 2009, critical manufacturing experienced more incidents than the energy sector.

Spearphishing is the primary method of attack, with the number of attacks increasing by 160%—from 42 to 109—from FY 2014 to FY 2015.

Based on Booz’s analysis, new targets, including light rail operators, and new tactics, such as SCADA-access-as-a-Service (SAaaS) and ransomware against ICS, are likely to emerge or expand. For instance, in December 2015 alone, hackers used SCADA access to cause a blackout in Ukraine that affected 225,000 citizens, while that same month, US investigators revealed that an Iranian hacker had previously gained access to the Bowman Dam in New York through a SCADA system.

The report also uncovered that nation-state-backed groups are conducting sophisticated and widespread campaigns to steal operational data and establish footholds in ICS environments. Evidence of this is North Korea’s reconnaissance of light-rail operators in potential preparation for an ICS attack. Within the past eight months, North Korea has been tied to three separate reconnaissance attacks on South Korea’s light-rail operators. In each scenario, North Korea stole information pertaining to critical systems, such as speed and safety controls, traffic flow monitors and other central operating systems.

Safety, availability, protection of the environment, and process uptime are the primary drivers of ICS cybersecurity investments. Unfortunately, bad actors recognize the operational, economic and safety impacts attacks on ICS infrastructure can cause.

“Awareness of the risks associated with these systems is important, not just for the operational technology cybersecurity professionals responsible for securing these networks and devices but also for information technology professionals, organizational leaders, and regular employees,” Booz Allen noted in a threat briefing. “The impacts of attacks on ICS can be devastating. Attacks can cause extended operational halts to production and physical damage, and even jeopardize the safety of employees and customers. The attack surface for ICS is larger than just the ICS devices, equipment, and networks: It extends to all parts of an organization, including the extended supply chain.”

Source: Information Security Magazine