Wednesday, December 30, 2015

User Behavior Based Biometrics: The New Frontier

Gone are the days when online security could be trusted to a simple username and password combination or simple identity checks. As fraudsters got better at bending and breaking the system, e-commerce and digital banking initiatives had to keep pace, creating tough rule-based systems to check for fraud and adding new technology like IP detection and Device ID. But even these measures are no longer enough. As this article explains, the next great leap in digital security isn't based on a device or a password, but on the user themselves--User Behavior Based Biometrics.

Wednesday, December 23, 2015

A Look Back at SCADA Security in 2015

A Look Back at SCADA Security in 2015

It should come as no surprise that SCADA systems and ICS that control key functions in critical infrastructure are especially at risk of cyber attack. This article reviews the current state of SCADA security; present a 2015 timeline that that highlights the growing risk of SCADA attacks; and discusses technologies you can use to bolster the security in SCADA and ICS systems.

Thursday, December 17, 2015

Cybersecurity Predictions 2016: Luck or Leadership?

Cybersecurity Predictions 2016: Luck or Leadership?

By Simon Crosby, Co-founder & CTO, Bromium

In the blink of an eye, 2015 is almost over. When looking back at it and what it meant for the cybersecurity industry, this year has been predictably busy. We saw large acquisitions, including those of EMC by Dell and Websense by Raytheon, while companies such as Rapid7 and Sophos went public. Large funding rounds were a near weekly occurrence, and as a result the sector raised more than $2.3 billion within the first nine months.

Cybersecurity spending increased sharply and by the end of the year should finish at around US$80 billion, according to Gartner’s estimates. While the U.S. House and Senate continued to debate cybersecurity legislation, US government agencies amassed a whopping security budget of $12.5 billion, collectively.

There were unforgettable breaches -- like TalkTalk, Hilton, and Carphone Warehouse, although the sexiest headlines went to the Ashley Madison breach. There also were countless daily reports of breaches due to “sophisticated attacks” and resulting losses from companies whose infrastructure -- despite all the spending -- remained woefully vulnerable. Even United States President Barack Obama stepped into the fray, cementing an agreement with China in the hope of limiting the scope of nation-state hacking. Good luck with that!

Looking back, it’s painfully clear that while we may not have known then the names and faces of the victims, or the numbers behind the M&A, funding, budget and breach news, most of this was predictable in 2014. So will next year be any different, or are we doomed to repeat the past, yet again?   

Unfortunately in most respects, 2016 won’t change much: users will still unknowingly click on malicious links; IT departments will still be bad at staying up to date with patching; the bad guys will continue to attack; and the tide of misery from breaches will persist. What matters most is whether your organization will be a victim or not. Of course you could do nothing, and be lucky. But the only way to control your fate is to lead your organization to the high ground based on a well-considered, security-first strategy.
It is important to remember that, despite their claims, most security vendors cannot help you. Within the market we see too many “me too” vendors, who’s main focus in on the staple of detection. Within the endpoint security sector alone, over 40 vendors are bringing to market a feature set that Gartner terms “EDR,” or endpoint detection and response. The sole goal of this is to help find a breach in progress -- provided you know what to look for in the first place. Despite vendor claims, detection can’t protect you, and it isn’t advancing much, even when disguised as artificial intelligence (AI). In a world of adaptive, intelligent attackers, even the best AI technologies have a tendency to make masses of mistakes. In fact, Ponemon estimates that a typical large enterprise spends up to 395 hours per week processing false alerts -- approximately $1.27 million per year.

Of course, security (still) won’t be solved inside the Beltway. Year after year, public sector companies hang their hats on the hope that cybersecurity legislation will somehow do the trick. This year was no different. You may recall recall that CISA and the Wassenaar Agreement both sparked industry-wide debates around data security, civil liberties, privacy and exploit controls. There is no doubt that security is a serious issue and a hard problem to solve, but it’s one that is not going to be solved by governments. . Much like healthcare, security is a systematic problem that requires more than a band-aid or firewall to fix. Security legislation will require government collaboration that it is simply unrealistic to expect at this current time. 
It is also important to remember that the same vendors that promise to secure you still won’t be held accountable for breaches. PwC predicts that the cyber insurance market will triple in the next five years. While insurance will do little for the peace of mind or job stability for CISOs whose companies experience a breach, it will hopefully force organizations to take a long, hard look at the cost of their continued insecurity. It’s time for you to force your vendors to be accountable instead. If a vendor claims to secure your network, force them to accept liability if your organization is breached. Pay your endpoint security vendors based on the value they deliver.  Free is a good option when regulations demand the functionality, but the vendors fail to protect you. Force your vendors to put their money behind their marketing messages. Greater accountability means greater drive for cybersecurity technologies that do what they claim to do and actually help to mitigate threats.

My Recommendation: Instead of relying on post-hoc analysis in the hope of spotting a breach, your focus in 2016 should be on adopting solutions that make your infrastructure more secure by design, to prevent a breach before it starts. Move to the cloud. Adopt micro-segmentation and micro-virtualization. And upgrade to the latest operating systems.

I don’t think we’ll see an end to data breaches in the near future, but if organizations stop relying on faith in marketing claims and government and being complacent and start questioning the status quo and demanding answers and accountability from vendors, we’ll be able to see many of the breach news headlines disappear.  


Wednesday, December 16, 2015

Predicting the Cyber Security Future in 2016

Predicting the future is a fun year-end activity.

This article by Lancope CTO TK Keanini provides a brief retrospective on 2015, including the biggest patterns seen from within the cyber security industry; highlights the biggest trends to expect in 2016; from cracking as a service to DNA breaches; and discusses how these trends will impact businesses and individuals alike and have long reaching implications.

Tuesday, December 15, 2015

Protecting the Oil and Gas Industry from Email Threats

According to a recent report from the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the energy sector is facing a significant rise in cyber attacks. The high volume of business communications conducted via email within this industry give hackers quite the window of opportunity to intercept sensitive information through the use of spear phishing. This article by OPSWAT's Doug Rangi describes spear phishing attacks that have occurred in various sectors of oil and gas, along with recommendations on how the industry can boost their cyber security and specifically adopt new preventative measures to protect against these and other email-borne threats.

Friday, December 11, 2015

7 Largest Data Breaches of 2015

10Fold Reveals Seven Largest Data Breaches of 2015
Close to 200 Million Personal Records Breached Around the World

SAN FRANCISCO, CALIF. (Dec. 11, 2015) —10Fold, a full-service B2B technology public relations agency, today announced that more than 193.4 million personal records are vulnerable to identity theft and fraud attributed to the top data breaches of 2015. In its year-in-review, 10Fold analyzed 720 data breaches that occurred throughout the year and highlighted seven of the largest.

"As the research 10Fold has conducted clearly shows, security never sleeps. Each of the top seven data breaches compromised more than 5 million records, indicating that attackers are becoming stealthier, are employing more sophisticated techniques and are going after bigger and more lucrative targets," said Angela Griffo, vice president of the security practice  at 10Fold. "What's more, our research indicates that cyber criminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can't be reissued like a credit card. Looking at the top breaches at year's end allows us to detect patterns while also giving us a glimpse of what we can expect to see in the future."

News reports about the seven largest data breaches, which are listed below, indicated that each of the attacks affected more than five million users. 10Fold selected these data breaches based on independent research and review of third-party resources such as ID Theft Resource Center and Information Is Beautiful.

Largest Insider Breaches of 2015

1. Excellus BlueCross BlueShield: Excellus BlueCross BlueShield announced that it was the victim of a sophisticated attack after hackers gained access to its information technology systems dating as far back as December 2013. This attack followed a series of healthcare hacks that had started at the beginning of the year. The Excellus hack in particular compromised the personal identifiable information of more than 10 million members, making this the third-largest healthcare breach in 2015. The exposed information, which includes names, birth dates, Social Security numbers, member identification numbers, financial account information and claims information, leaves members vulnerable to fraud and identity theft.

2. Premera Blue Cross: One month after the breach at Anthem Blue Cross, Premera Blue Cross released a statement saying it had experienced a cyber attack affecting up to 11 million members. The hack was discovered by the organization on January 29 of this year, although the initial attack dates back to May 2014. Premera's investigation team determined that attackers infiltrated the organization's information technology system, which allowed them to access applicants' and members' personal information, such as names, birth dates, Social Security numbers, member identification numbers and bank account information. Affected customers included employees of Microsoft, Starbucks and Amazon.

3. VTech: VTech was hit by the first data breach to ever directly target children; an unauthorized party accessed customer data through the Learning Lodge app store customer database and Kid Connect servers on November 14. According to the company, the attack affected 6.4 million children and 4.9 million customer (parent) accounts worldwide, exposing personally identifying information such as names, passwords, IP addresses, download history, and children's gender and birth dates.

4. Experian/T-Mobile: Experian North America stated that attackers breached a server in one of its business units that contained personally identifiable information for approximately 15 million T-Mobile customers. The data included names, birth dates, addresses and Social Security numbers or an alternative form of ID, such as drivers' license numbers. The breach occurred, in part, because T-Mobile shared customer information with Experian to process required credit checks for service or device financing. Breaches such as these underscore that when customers share their information with a business, their personal data isn’t always kept private.

5. OPM: The Federal Office of Personnel Management announced that a cyber attack compromised the records of more than 21.5 million citizens, enabling attackers to gain access to highly personal information contained on background investigation applications. Altogether, the attack affected 19.7 million individuals who applied for security clearances, 1.8 million relatives and other government personnel associates, and 3.6 million current and former government employees. What's more, the stolen data also included 5.6 million fingerprint records belonging to the background-check applicants. According to news reports, the breach caused U.S. intelligence and law enforcement officials to be concerned about the theft of data on government forms submitted for security clearances. And with good reason — these applicants share detailed information about themselves, including mental-health history and previous relationships. Hackers that gain access to the identity and fingerprints of employees with existing security clearances can cause serious, and irreparable damage to users' privacy.

6. Ashley Madison: The hacker group identified as The Impact Team claimed to have accessed Ashley Madison’s user database, financial records and other proprietary information, including the personal data of 37 million users. A manifesto written by The Impact Team disclosed that the "full delete" feature on Ashley Madison was a lie — that the company did not scrub the personally identifiable information of customers who opted to have their profile and history deleted, but instead kept their payment information and purchase details, which hold identifiable information. The manifesto also instructed Avid Life Media (ALM), the parent company of Ashley Madison, to permanently delete the forums of Ashley Madison or they would release all customer information. ALM opted to keep the site running and consequently, The Impact Team released the customer records two months later.

7. Anthem: The largest healthcare data breach in history occurred at the beginning of 2015. Anthem announced in February that it was the victim of a data breach that resulted in the theft of approximately 78.8 million highly sensitive patient records. By the end of the month, Anthem disclosed that the breach likely impacted an additional 8.8 to 18.8 million non-patient records that included names, birth dates, Social Security numbers, addresses and employment data. The attack on Anthem was the beginning of a series of healthcare hacks this year, including assaults on Premera Blue Cross, CareFirst BlueCross BlueShield, UCLA Health Systems and Excellus BlueCross BlueShield.

Wednesday, December 9, 2015

Changing Human Behavior Is the Key to Thwarting Cyber Threats in 2016

London (UK) - 08 December 2016 - PhishMe today offered three predictions for the threats it believes UK organizations will battle in 2016:

1. Phishers Will Continue to Divide and Conquer

Phishing has been the number one attack vector for over five years and 2016 will be no different.

Rohyt Belani, CEO of PhishMe explains his thinking, "We, as an industry, have lagged in engaging employees to be a part of the organization’s security posture. For decades, enterprises have focused on traditional security awareness techniques like computer-based training (CBT) that simply don't work; they have no sustained impact on behavioral change. At PhishMe, we have succeeded in helping our customers engage their employee base by turning them into informants of suspicious emails, providing such employees with the necessary tools to report the same in a frictionless manner, and then most importantly in providing the incident response teams at these organizations a solution to rapidly triage these reports and operationalize the attack intelligence obtained. The human is no longer the weakest link for our customers; they are the strongest asset."

2. Focus Will Move Back to Prevention of Breaches, Rather than Detection after the Fact

While prevention of individual infections is almost impossible, preventing the breach of confidential and proprietary data as a result is paramount.

"The industry gave up. They surrendered and turned to post-breach detection and mitigation because the hackers were winning," explains Scott Greaux, VP Product Management at PhishMe, "With average time to detection still over 200 days this approach hasn't worked either and I think in 2016 we will see the focus shift again. System infections will occur, and at the moment there's no silver bullet to change this, but we need to prevent these infections from translating to large data breaches. That means conditioned email users will play a key role, providing the timely and actionable threat intelligence thus minimizing attacker dwell times, that will help prevent breaches in 2016."

3. All Forms of Trust Will be Abused

It seems that criminals listen to the advice given to people about cybercrime and turn it around in a bid to thwart defenses. The traditional wisdom was 'don't click links or open attachments from un-trusted sources.' In 2015, the increase in attacks targeting email is primarily about abusing those trust relationships. In 2016, other forms of trust are going to be under attack. Passwords stored in browsers, especially on mobile devices and 'Bring Your Own Device' phones and tablets will be a big target. 

The advice from Gary Warner, Chief Threat Scientist at PhishMe is that, "This year we need to be encouraging the adoption of two factor authentication and 'unknown device' alerting as never before – including on internal systems.  In another area of trust, a malware compromised workstation logs in to the corporate systems with the same power as an authorized user. Big data breaches are largely enabled by the concept that certain users should be allowed to 'See Everything' and this must be reeled back to 'see only some things' or 'see anything,' but only at reasonable volumes."

With increased reporting of suspicious activity, advances in threat analysis to enable better campaign identification, and raising the shield by challenging all of the 'trust' assumptions made, organizations can make 2016 a safer year.

Monday, December 7, 2015

Top 5 Predictions for Online Fraud in 2016

As 2015 comes to a close, all of us fighting fraud may start preparing for the upcoming fraud battle in 2016. As mobile apps and web services continue to increase in number and functionality, they remain an attractive target for fraudsters. Meanwhile, cyber attackers have continued to adapt to evade traditional security defenses using the latest mobile hacker tools and cloud technology to impersonate legitimate users. If you are a consumer-facing web or mobile app, you are up against a much more numerous and advanced adversary than ever before. Here are some online threat trends you're likely to encounter in 2016.

Thursday, December 3, 2015

U.S. Presidential Campaign Will be Affected by a Cyber Attack, and Other 2016 Predictions

It's the of the year for predictions of how bad the security environment will be for the coming year.  Here are predictions from David Gibson, VP of strategy and market development at Varonis. By the way, focusing on end-user education and monitoring is long overdue. I don't think it's hyperbole to say, "Insiders are the new malware."

1. The U.S. Presidential campaign will be affected by a cyber attack.  
Hillary Clinton's private email server has already brought cybersecurity into the U.S. Presidential race. In 2016, a cyberattack will strike the campaign, causing a major data breach that will expose donors' personal identities, credit card numbers, and previously private political preferences. Imagine being a donor with an assumption of anonymity. Or a candidate whose “ground game” depends on big data analytics about voter demographics and factors affecting turnout – data that turns from an asset to a liability if it isn't protected. The breach will affect the campaign not only as a setback for the unfortunate candidate or party affected, but by bringing the issue of cybersecurity prominently into the campaign as a major issue that is closely related to geopolitical threats such as the spread of terrorism. Campaign data is a gold mine for hackers (donor lists, strategies, demographics, sentiment, opposition research), and an event like this will serve as another wake-up call to the U.S. government that cybersecurity needs to be a continual, central focus and investment at the highest levels. The candidate who demonstrates knowledge and command of cybersecurity threats and government readiness will win the election.
2. The frequency of public data breaches will increase substantially.
The Identity Theft Resource Center (ITRC) reports a total of 641 data breaches recorded publicly in 2015 through November 3. Most organizations know this number represents the tip of the iceberg. The frequency of known data breaches will increase in 2016, due not only to increasing privacy and breach disclosure laws but also the increasing failure of traditional perimeter-focused security investments to protect valuable data. Employees' use of mobile devices and companies' migration of IT workloads to the cloud will also contribute to a sharp rise in breaches. Over time, this should help to shift priorities toward investing in more proactive data-centric protection, but it's likely things will become worse before they get better.

3. End-user education and monitoring will become the focal point of data security efforts.
Insiders are the new malware. Executives and IT professionals are becoming as afraid of their own employees – as innocent vessels for outside attackers with dangerous levels of access to sensitive data – as they are of outside attackers. Companies will turn to the importance of end-user education in 2016 as they realize that, no matter how intensely they invest in security, they hit a dead end if their users don’t drive by the rules of the road. They need to be involved in the security processes, observe classification and disposition policies (that need to be defined) and know to stop clicking on phishing emails. Employees are crucial to the security process, and have more power in controlling it than they realize. You can't patch users but you can educate them. You can also monitor and analyze how they use data to spot unwanted attacks.

4. At least five more C-level executives will be fired because of a data breach.
In recent years we have seen the careers of several top executives suffer in the wake of cyber attacks. Target CEO Gregg Steinhafel and CIO Beth Jacob, U.S. Office of Personnel Management Director Katherine Archuleta, Sony Pictures' Amy Pascal and others were either fired or forced to resign after massive data leaks cost their organizations money, customers and credibility. This will accelerate in 2016.  Blame for data breaches is shifting from IT to the C-suite. Data impacts every facet of an organization. If management is not investing in and focusing heavily on securing data and its use, it is now understood that they are putting the entire company and its stakeholders at risk.

5. Increasing false positives in data security bring to light the need for limited, accurate information.
Organizations will get much more serious about how much data they collect and their deletion efforts. When Target suffered its massive breach during the 2013 holiday season, the alerting capabilities of its IT team had generated months of warnings.  Still, no one caught it. This remains a common problem today. Why? The plethora of security tools installed in most companies overwhelms IT security. Their teams are strapped and the amount of false positives generated by exponentially growing volumes of information cause these teams to miss crucial vulnerabilities. In 2016, smart IT teams will focus on signal-to-noise ratio improvements in the analysis and alerting solutions they deploy.

Monday, November 30, 2015

Chimera Changes the Ransomware Game

Chimera Changes the Ransomware Game

Ransomware is an ever growing issue within the cyber security industry. With the announcement of the new Chimera variant, what was already a large nuisance has been turned into a real threat to organizations and individuals alike. This article highlights what ransomware is and the staggering damages it can cause financially; how the new Chimera variant has changed the ransomware game from a nuisance to a real threat; the damaging effect this strain of ransomware could have, looking at high-profile breaches from the past year; and why an inside out security approach is the best way to fight these types of threats.

Tuesday, November 17, 2015

The Threat Within: 3 Out of 4 Companies Affected by Internal Information Security Incidents

Costly cyberattacks are now almost routine for businesses, but while many organizations are focusing on external attackers, it's important to also look at threats from within. According to the IT Security Risks Survey conducted by Kaspersky Lab and B2B International, 73% of companies have been affected by internal information security incidents. The survey also found that the largest single cause of confidential data losses is by employees (42%). Read more here.

Introduction to Dependable Embedded Software

"Embedded Software Development for Safety-Critical Systems" discusses the development of safety-critical systems under the following standards: IEC 61508; ISO 26262; EN 50128; and IEC 62304. It details the advantages and disadvantages of many architectural and design practices recommended in the standards, ranging from replication and diversification, through anomaly detection to the so-called "safety bag" systems. Reviewing the use of open-source components in safety-critical systems, the book has evolved from a course text used as a training module on building embedded software for safety-critical devices. This excerpt introduces the concepts of dependable embedded software and the safety culture.

Monday, November 16, 2015

6 CyberHacks That Will Affect Your Life in 2016

6 CyberHacks That Will Affect Your Life in 2016
As we are quickly marching toward the end of another year, Stephen Newman, CTO of Damballa, discusses the new types of cyber attacks that will likely see in 2016. He points out that these new types of attacks will draw everyone's attention to the lack of privacy and security in our interconnected world.

Monday, November 9, 2015

Anyone Hit by the Power Worm Will Lose the Data Forever

Today's news reports that a new kind of ransomware, called Power Worm, contains coding mistakes that means anyone hit by it will be unable to recover their files, even if they pay the ransom. The coding errors mean that the worm destroys the keys that could help recover any data that the worm did scramble.

Fred Touchette, Manager of Security Research at AppRiver has shared the following insights:

Q. Power Worm - could it be deliberate instead of a mistake?
"It’s unlikely that this was a deliberate mistake. Creating malware that simply destroys files would be much easier than adding that sort of "functionality" into an already complex ransomware variant."

Q. Linux.encoder - what makes this one different to all the others?
"One of the main differences is that it attacks websites. Until now the biggest target group was the home and business end user. It makes sense that this type of malware, including their potential targets, would continue to evolve."

Q. It feels as if there's been a spike in ransomware - would you agree? Any stats that substantiate this?
"There has been an obvious spike, but I don't have metrics specific to this type of attack."

Q. Why is ransomware increasing?
"Ransomware is increasing because it is working. Victims continue to pay these cyber criminals and in turn, the bad guys keep doing what's working so well for them."

Q. Should organizations ever pay a ransom? Assuming not, what should they do instead?
"No. Organizations should backup their files."

Q. What else can be done to rid yourself of ransomware? Is there anything?
"Yes, #1 back up your files. #2 Stop paying criminals. Avoiding 100% of the damage caused by ransomware is quite simple, by having a backup of one’s data, all that needs to be done in case of a ransomware infection is to restore said backups. Also, aside from ransomware attacks, there are a million other reasons that people should backup their systems, it’s kind of amazing that these attacks are working so well."

Russia's Undeclared Cyber Wars

Post-Soviet Russia continues to exercise a get-tough attitude toward its former possessions. With each successful foray, its treatment toward the newly independent states that were once part of the Russian Empire becomes more and more assertive if not more aggressive. This excerpt from Vladimir Putin and Russia's Imperial Revival discusses Russia's cyberwar tactics and analyzes its 2007 Cyber War with Estonia.

Tuesday, October 27, 2015

Leading the Internal Audit Function

In this book, Lynn Fountain presents lessons learned from her extensive experience as a CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. Lynn explains how to clarify management expectations for the internal audit and balance those expectations with the IIA Standards. She examines the concept of risk-based auditing and explains how to determine whether management and the internal audit team have the same objectives. She also looks at the internal auditor's role in corporate governance and fraud processes.

Monday, October 26, 2015

10 Facts You Need to Know About Data Breaches

2014 was dubbed as "the year of the data breach." With many new data breaches dominating the headlines in 2015, including Anthem, the White House, banking attacks, and the latest employee data theft at the US federal government, one can only imagine what the name for 2015 will be: the year of even more data breaches? According to the Ponemon Institute, 43% of companies experienced a data breach in 2014. Not only is the number of data breaches rising, the number of records stolen per breach is increasing as well as the cost per stolen record. It is apparent that current security measures are not sufficient to protect organizations from data breaches. This article highlights the top 10 most interesting, remarkable and troubling facts about data breaches.

Tuesday, October 20, 2015

Combating Account Takeover

Account takeovers are quickly becoming the new favorite fraud tactic for hackers. With personal data all at the top of the thieves' hit list, a small data breach can quickly expand into a wave of personal information that could cause problems for the fraud victim years down the track. This article discusses how small data breaches can mean big returns for criminals and hackers; why login details are key to fraudsters stealing your personal data; and how technology such as behavioral analytics can stop fraudsters before they acquire your details.

Monday, October 19, 2015

Three Questions about Online Security

When you give your personal information to a financial institution, government, or insurance company, you have a certain level of trust that they will do everything in their power to keep it safe. It's easy to forget that at the same time you're filling out paperwork online, in the dark world of cybercrime, hackers are doing everything in their power to get your information. This article explains why hackers want this information, what they do with it, and how you can safeguard yourself.

Monday, October 12, 2015

5 Things You Need to Know About the Proposed EU General Data Protection Regulation

5 Things You Need to Know About the Proposed EU General Data Protection Regulation

European regulators are inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road for data protection and privacy spelled out in their legacy Data Protection Directive (DPD). The GDPR will likely be approved by the end of 2015 (or early 2016) and go into effect in 2017. Even before the recent European Justice Commission ruling against Facebook, organizations, including U.S. multinationals that handle EU personal information, will soon be required to comply with tougher rules to prove they're actively protect personal data. Based on the latest proposal from the EU Council, this article from Varonis outlines the five key things you need to know about the proposed GDPR.

Tuesday, October 6, 2015

3 Reasons Why the Nuclear Industry Is a Good Cyber-Security Example

3 Reasons Why the Nuclear Industry Is a Good Cyber-Security Example

With the security of government facilities being of upmost importance in today's cyber-society, it is a positive sign to see industries such as the nuclear industry excelling in how they handle the implementation of security systems that can protect them against threats. This article discusses why the nuclear industry is a prime example of good cyber-security practices; the top three examples of how the nuclear industry is leading the way in cyber-security; and how other industries can follow in the nuclear industry's footsteps.

Monday, October 5, 2015

The Difference between Security Identity Event Management (SIEM) and User Behavior Analytics (UBA)

The Difference between SIEM and UBA

Insider threats continue to be a top security concern and, as employees go rogue, User Behavior Analytics (UBA) is proving to be an effective insider threat prevention technology that is instrumental for IT security. For those companies who already use a Security Identity Event Management (SIEM) tool to monitor use for threat management, the question may be "Do we need UBA?" Although at first glance they may appear to be very similar, they in fact do different things and, in some use cases, it may be better to have both rather than one or the other. This article provides an overview of both SIEM and UBA, how they work and their pros and cons; a comparison of the two tools, and how they differ; and recommendations to help you decide which one is best for your organization.

Top 3 Trends in Today's Threat Landscape

Top 3 Trends in Today's Threat Landscape
Benny Czarny, Founder and CEO of OPSWAT

Every day there seems to be a new malware threat that we hear about, from remotely controlling cars and medical equipment, to attacks on well-known security vendors such as Kaspersky Lab and Bitdefender. Each threat seems to be bigger and more dangerous than the last. Among this never ending stream of publicized cyber threats and attacks, here are three trends to keep an eye on:

Trend 1. Cyber Security Companies Are Targets
Recently we have seen a number of sophisticated attacks specifically directed towards cyber security companies and their products. Kaspersky’s network was recently hacked and valuable R&D data was accessed, including source code and intellectual property. The attack was apparently very sophisticated and it is thought that millions of dollars went into its development. The data breach at Bitdefender and subsequent ransom demand is another example of a cyber security company being targeted by hackers. In addition, we are seeing a rise in malware that is capable of evading cyber security products. For instance, the Duke malware family includes anti-AV detection capabilities and searches for several security products to evade, including Kaspersky Lab, Sophos, DrWeb, Avira, Crystal, Comodo Dragon, AVG and K7.

Trend 2. Internet of Things Is Under Attack
The vulnerability of the Internet of Things (IoT) is currently a hot topic that receives a lot of attention in the press. Devices are increasingly being connected to the Internet such as cars, medical equipment, thermostats, and watches, to name but a few. Our society is becoming more and more connected, with endless possibilities. In the future, we will be able to switch on our oven remotely, start the vacuum cleaner and feed the cat. All these possibilities appeal to our imagination and need for convenience, but also reminds us of big brother and how, if these devices were hacked, attackers would have access to our private lives. Since each device that is connected to the Internet can theoretically be hacked, the ubiquity of these devices inherently means that we are exposing ourselves to more threats.

Trend 3. Increasing Firmware Hacks
Another trend that we are seeing is firmware hacking: the process of installing rogue firmware on embedded devices. Cisco recently warned customers that hackers are replacing the boot firmware on devices running Cisco’s IOS operating system with a malicious version. The attackers install the malicious version to prevent reboots from wiping IOS infections. Now that Point of Sale systems (POS) have gone mobile, these too have become a target for hackers. Although the possibility of firmware hacking has been known for some time, actual real-world attacks have been rare until now.

So what can you do to protect yourself against these threats? Unfortunately the effectiveness of using a single anti-virus engine is decreasing. With over 450,000 new threats emerging daily, it is impossible for any single engine to provide guaranteed protection 100% of the time. The solution is to use multiple anti-malware engines. By combining multiple anti-malware engines, you can leverage the power of the different detection algorithms and heuristics of each engine and detect significantly more threats. Other technologies such as data sanitization and file type verification can provide additional protection against threats that are missed by anti-virus engines. Finally, we will be seeing a lot of IoT security improvements as vendors address vulnerabilities using techniques such as white listing connections, and performing packet inspections and anti-malware scanning in the cloud.

Benny Czarny is the Founder and Chief Executive Officer at OPSWAT. Benny has over 20 years of experience in the Computer and Network Security field. From the early days of computer viruses he was interested and involved in the fields of encryption, network operations, security vulnerabilities detection, and research.

Monday, September 28, 2015

Understanding Espionage Tradecraft

Only by understanding the threats and the basics of the tradecraft utilized to facilitate industrial espionage can an organization develop an effective counterespionage program. This chapter from Industrial Espionage: Developing a Counterespionage Program by Daniel J . Benny reviews espionage tradecraft including the intelligence cycle, the categories of intelligence collection, and the methods of collection.

Wednesday, September 23, 2015

Travel Security: What to Know Before You Head to High-Risk Locales

Here's an interesting, timely, and short piece from IBM on travel safety.

I don't know if you've ever read Stratfor's guidance on personal security, such as "Taming Chaos with a Personal Plan," but this new book, Personal Security: A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, "Before You Go," maps out expert advice and lessons from real life cases to give you insights into basic planning questions.

So, if you company doesn't have a Travel Security Team, or even if it does, get an little extra insurance with your personal copy of Personal Security: A Guide for International Travelers.

Monday, September 21, 2015

The 7 Deadly Sins of Incident Response

The 7 Deadly Sins of Incident Response

In today's cyber-society, where we are witnessing an endless barrage of attacks on government and enterprise networks, it is clear that organizations need to be more proactive when it comes to security and protecting themselves. Despite this, more companies are still committing the "7 deadly sins" when it comes to incident response. Taking this into consideration, this article highlights why it is important for companies to have a built in incident response function; lists the top 7 mistakes companies are making when attempting to build an incident response function; and provides tips for how to deploy an effective incident response function and keep your organization safe from attackers.

Thursday, September 10, 2015

Top 3 Factors Driving the Rise in Data Breaches

It comes as no surprise that the number of companies falling victim to data breaches is on the rise. These stories are making headlines, and making CEOs and employees alike nervous that they will be the next victim. As computers are getting faster, so are hacking attempts. Hackers are now more capable than ever to implement their plans. This article outlines the top three factors that are contributing to the rise of data breaches.

Thursday, September 3, 2015

McAfee Labs Threats Report: August 2015

In this report, a dozen thought leaders from Intel Security share their views on the changes they have witnessed in the cyberthreat landscape and the evolution of security technology over the past five years. The report also compares what really happened to what we thought would happen over the past five years—from new approaches to cyberattacks to the economics of cybercrime; details techniques cyberthieves use to exfiltrate valuable data, moving it from your network to theirs; and separates fact from fiction about potential malware attacks on graphics processing units (GPUs).

Monday, August 31, 2015

How to Solve the Five Biggest Email Security Problems

How to Solve the Five Biggest Email Security Problems

By now we all know that if email is not properly managed, it can cause major security headaches, including infected machines, system downtime and embarrassing data breaches. With nuisances such as spam being mostly blocked by anti-spam products, organizations need to focus their attention on other major security issues that are being less successfully defended against. But what are the biggest email security problems that companies face today and how can they be solved? This article discusses how to solve the five biggest email security problems, including the five biggest email security problems that are facing companies today. It also provides tips and advice on software that can help you better protect your company against email threats.

Monday, August 17, 2015

Protect Your Data: Top Ten “Need to Know” Tips

Protect Your Data: Top Ten “Need to Know” Tips

By Dietrich Benjes, VP UK, Ireland and Middle East, Varonis Systems, Inc.

With breaches happening on an almost daily basis, it's critical to establish rules and processes to keep your data safe and secure.  The following tips, designed to help you build a sustainable path towards data security, were inspired by the FTC.

Don’t Make Security an Afterthought

Think before you collect.  Is it necessary and does it add value to capture personal, sensitive information from your customers and prospects?  Or does it just open up additional risk?  If you absolutely need to collect sensitive information, don’t hold on to it longer than necessary.  Set an “end date” and follow through with securely destroying the info.  Security shouldn’t be reactive but proactive.

Stay in Control

If you need to hold on to sensitive data (it’s a business must), then how do you keep it safe from prying eyes – both inside and outside your organization?  Answer: limit access.  Does your summer intern need wide-open access to corporate IP to do her job?  Probably not. Implement a system for periodically reviewing entitlements to ensure people only have access to the information they need. Your auditors will thank you.

Passwords and Authentication, Please

You’ve got sensitive data and want to keep it safe. Requiring complex passwords (by the way, “password” is NOT complex) that include multiple elements (caps, numbers, minimum characters) and changing them on a quarterly basis makes it hard for hackers.   Even better: require two-factor authentication, disable access after a specific number of failed login attempts, and protect against authentication bypass to really “up” the proverbial ante.

Share It Securely

Sure, your internal network is secure. But what if you need to share your data outside the firewall? One way to do this securely is with a data file sync and share solution that works with your existing permissions and authentication infrastructure.

Who’s Knocking on Your Door?

Do you know who is accessing what computer at all times?  Probably not. So protect yourself – and your sensitive data – in a separate, secure place on your network.  Limit access. Even better, continuously monitor your file access activity with a solution that makes it easy to see and address suspicious, unusual behavior before it’s too late.

Remote Control

Isn’t telecommuting great? It allows employee freedom and increased productivity. But it can be a security nightmare. The key idea is to allow remote connections, but restrict the ability to re-login to other desktop and servers. We really want to make it difficult for hackers to leapfrog around your network. This can be accomplished by enhancing security of the Remote Desktop feature in Windows. You can read more about how to do it here. 

Keep It Under Wraps

Is your organization developing a hot new product or solution? Have you thought about how your customers will use it and whether it needs to be secure? Make sure your developers are up to scratch with Privacy by Design principles, and the latest best practices in safe coding. In addition, know thy platform security guidelines – no need to recreate the wheel. Finally, testing is key!  While not every threat can be anticipated, testing for common vulnerabilities ensure security at the gate.

Who’s Got Your Back?

You probably work with service providers and other contractors. But do they share your passion for security? Make sure your standards are being met by including your security requirements (for example, encryption, two-factor authentication, data retention limits) in contracts and service-level agreements. Remember to stay active and always monitor your controls to ensure that your security expectations are followed and your users aren’t inadvertently exploited.

Make a Plan, Stan

You’re secure – for now.  Unfortunately, security isn’t static and so to remain compliant you’ll need to stay on top of your systems and technology.  This means making a plan that includes monitoring third party software, performing updates, and faithfully implementing patches.  In addition, pay heed to security warnings and notifications!  Develop an action plan! If a vulnerability has been exposed, be proactive and take the steps necessary to protect your data!

Physical Security

Network security is critical. But what about computer hardware, as well as paper files and all the miscellaneous stuff that makes up a typical office environment? Does your company have a security policy for the non-virtual world? Rule #1: keep important papers and other physical IP in a secure place (locked file cabinets, secured server rooms, etc.).  Laptops should have secure-login and hardware-level password protection set. What about old computers, servers, tapes, and disk drives?  What may appear as trash to you could be a gold mine to hackers.  

Monday, June 29, 2015

How Can Hospitals Protect Their Medical Equipment from Malware?

The challenges in protecting hospitals from cyber attacks are very similar to those faced in ICS and SCADA environments; the equipment used in hospitals is not user-serviceable and therefore often running out-of-date software or firmware. This creates a dangerous situation. The medical industry isn't alone in fighting this threat. As this article explains, they don't have to invent new techniques for preventing infection, they simply need to adapt the proven strategies employed by other industries.

Thursday, June 25, 2015

GAO: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies

Seems obvious, doesn't it? The GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity. In an effort to bolster cybersecurity across the federal government, several government-wide initiatives, spearheaded by the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), are under way. While these initiatives are intended to improve security, no single technology or tool is sufficient to protect against all cyber threats. Rather, agencies need to employ a multi-layered, "defense-in-depth" approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies.

Wednesday, June 24, 2015

86 Percent of Energy Security Professionals Believe They Can Detect a Breach on Critical Systems in Less Than One Week

Tripwire survey compares cybersecurity views of 400 energy executives and IT professionals

PORTLAND, Ore. – June 25, 2015 – Tripwire today announced the results of a survey conducted by Dimensional Research. The survey examined the views of over 400 energy executives and IT professionals in the energy, oil, gas and utility industries on cybersecurity and compliance initiatives. Overall, energy security professionals were extremely confident in their ability to detect a cyberattack on critical systems, with 86 percent stating they could detect a breach in less than one week.

The Tripwire survey found that 49 percent of all respondents believe their organization could detect a cyberattack on a critical system within 24 hours. Energy executives were found to have the highest levels of confidence, with 61 percent claiming their organization could detect a critical system breach in less than 24 hours. However, according to Mandiant's M-Trends 2015 report, the average time required to detect an advanced persistent threat on a corporate network is 205 days, and in the 2015 Data Breach Investigations Report, Verizon reported that 66 percent of cyberattacks took months to detect.

"Cybersecurity within energy companies is stronger than it has ever been, yet growing bodies of evidence indicate that it's still far too easy to compromise the energy infrastructure," said Mark Weatherford, principal at The Chertoff Group. "Confidence at the executive level is certainly critical and necessary for success, but over-confidence can lead to a potentially dangerous false sense of security. Interestingly, a survey conducted last year by the Ponemon Institute found that 31 percent of 160,000-plus IT security professionals in 15 countries never speak with senior company executives, which might explain why Tripwire's survey found that energy executives have such a high level of confidence in their organization's ability to detect a critical systems breach. Therefore, it's a legitimate question to ask if executive confidence is misplaced."

Additional findings from the Tripwire survey include:
• 94 percent of executives agree that their organization is a target for cyber criminals.
• 83 percent of respondents believe a cyberattack could do serious physical damage to their infrastructure.
• Only 3 percent of respondents believe it would take more than one month to detect a cyberattack on a critical system.

"Cybersecurity in the energy industry is focused on protecting the availability and reliability of the critical infrastructure on which our nation relies," said Rekha Shenoy, vice president of business and corporate development for Tripwire. "The good news is that energy organizations are increasingly aware of cybersecurity risks and are investing more resources into reducing these risks. The bad news is that many of these organizations are still underestimating the sophistication, persistence and evasive technology of the attackers who are targeting them. The reality is that most organizations need a continuous view of their entire attack surface in order to detect a breach quickly and respond before damage is done."

Friday, June 12, 2015

Amazon Themed Malware Targets Crypto Currency

AppRiver issued a warning about a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations but that actually injects malware, identified as the Fareit malware family. Once unleashed, it begins pilfering the target machine for just about every type of Crypto currency in existence.

Troy Gill, manager of security research at AppRiver confirms, "Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations. The messages simply state that ‘your order has been confirmed’ and contains a small amount of details. The user being targeted is directed to an attached .doc file for the shipping and tracking details."

In order for the .doc (MD5sum=998692c0e93d4821c069aa96ddff800c) to actually infect the user’s machine they must have Macro’s enabled for MS Word.

Troy continues, "The malware contained in these messages is identified as part of the Fareit malware family. This family of malware is often distributed via Word documents with malicious macros embedded and has been known to drop multiple malware variants on the target machine. In this particular case the malware quickly goes to work attempting to steal the Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera. It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. In addition it begins pilfering the target machine for just about every type of Crypto currency in existence. This behavior (stealing Crypto currency) is something we have been seeing with more frequency as of late. The anonymous nature and lack of regulation in the Crypto Currency market make it more akin to stealing actual cash than to committing wire fraud by raiding someone's online bank accounts. But in this case the cybercriminals are okay with that, too. The last observed behavior was to drop a copy of the Zeus Trojan to be used to capture and steal bank related information."

Thursday, June 11, 2015

'Zombifying' Cyber-attack Could Affect +50 Million Internet Users

More than 50 million people per month could be at risk of a mass-scale 'malvertising' cyber-attack that turns computers into Zombies, according to researchers at Websense, reports Lara Lackie of Eskenzi PR. The attack routes through advertising platforms to target popular websites, with researchers noting breaches on Bejewelled Blitz on Facebook, CNN Indonesia, the official websites of Prague Airport and RTL Television Croatia, as well as Detik and AASTOCKS.

It was discovered that the attack utilizes open advertising platform OpenX, which sees up to 100 billion impressions per month, to compromise and inject malicious code which is spread to multiple websites. The injected code leads to a redirect which has been seen to lead to the highly prevalent Angler Exploit Kit, which exploited the latest Adobe Flash Player vulnerability (CVE-2015-3090), distributed CryptoWall 3.0, Bedep and Necurs, as well as a Trojan known as 'Bunitu.' The Bunitu malware dropped by Angler 'Zombifies' computers, by causing infected machines to act as a proxy. This enables it to be used for subsequent malicious activity and allows cybercriminals to hide behind legitimate users’ machines to avoid detection by the authorities.

Carl Leonard, principal security analyst at Raytheon|Websense, said, "Advertising networks are an increasingly popular focus for cybercriminals, as they open up avenues to infect millions of users with minimal effort. The growing nature of evasion, stealth and variation employed in the malicious code means that it's more important now than ever to deploy a security solution capable of stopping threats at multiple points in the kill chain."

TK Keanini, Lancope CTO, added, "I think this quote from Websense says it all, and let me call out a few things here to highlight the salient points.

"These methods are popular for cybercrime because they require minimal effort, which means lowering their operational costs. We, in turn, need to ensure that we are doing everything thing to raise their operating costs. Business leaders understand these economics, and until we treat this as a business problem, cyber crime will continue to operate at a low cost and high profit meaning their business is growing and they are expanding.

"He also says that we need to do everything to stop their operations along the kill chain. This kill chain terminology limits us in our discussion, and I prefer to call it the attack continuum because then we can, in the same thought process, speak about a defense continuum which describes perfectly the strategy we must instrument and operate. The defense continuum captures the defender's tactics, techniques and procedures that raise to the cost to the attacker's operation and objectives."

Monday, June 8, 2015

Who Knows More about You – The US, or China?

While I suspect China lags the US in knowing about its citizens, China might be catching up quickly.

In light of last week's 4 million strong data breach, described as one of the largest thefts of government data ever seen, TK Keanini, CTO at Lancope, offers the following.

"Last Thursday night, U.S. officials said that the Office of Personnel Management (OPM) had suffered a breach. Data from four million current and former federal employees, across numerous government agencies, may have been stolen by Chinese hackers. It does not take a security expert to see a pattern taking place here. Most of the attacks allegedly from China over the past few years have gone after the personal information of US citizens, and there is no sign that this trend will diminish. It is fair to assume at this point in the game, China may have more accurate information on US citizens than the US itself. 

"The OPM manages security clearances for various government organisations. During that process, employees must provide extreme detail to every aspect of their life – which is in turn stored and kept in the same systems that were breached.
"Organizational confidence takes a long-time to build, but can (and is) eroded much more quickly. Governmental breaches put these trusted government organizations in the same light as all the recent private company breaches (like Target, Home Depot). Much like your personal medial history, the big difference here is the government has much more sensitive data about their victims, and the victims have no choice in sharing that data.

"This attack once again exemplifies the need for more security resourcing in the federal government and the need for a different more comprehensive approach to incident detection and response. The current methodologies have lead to this breach – not avoided them. Attacks are being detected much too late in the attack continuum. Effective security these days means detecting these threat actors as they operate and before they exfiltrate data. You can't win all the battles but all of these headlines suggest that we are still on the losing side.

"In particular, organizations need to categorize and isolate what they need to protect, place additional controls around that information, and meticulously log & monitor access to that encrypted data.
For example, some past advanced attacks have targeted Windows administrative accounts. Smart organizations have realized this, and created a separate isolated set-up for domain admin accounts, with additional security controls around them (like dual factor authentication, jump boxes that are the only place domain admin activity can occur and logging and monitoring of that separate set-up). This isn’t fast, easy or cheap, but organizations have been pushed into adding these controls by ongoing attacks.

"In addition, organizations need to leverage telemetry, and leave hackers no place to hide. If there is a blind spot on your network, someone will be hiding there. Find them and remove them in a way that they can't get back in. These types of incident detection and response approaches have been vastly under-funded in the past, but as these hacks increase, we will see a shift in focus. Until organizations get better at doing this, we can guarantee that the Chinese will continue to have better data on US citizens than anyone in this country does and this information superiority is what scares me the most."

Thursday, June 4, 2015

Call for Chapters: Information Security Management Handbook, Seventh Edition

Information Security Management Handbook, Seventh Edition

We've updated the Call for Chapters for the new edition of the handbook, which is following the National Cybersecurity Workforce Framework.

Securely Provision
Operate and Maintain
Protect and Defend
Collect and Operate
Oversight and Development

If interested in participating in this new edition please contact Rich O'Hanley ( or Peter Stephenson (

Monday, June 1, 2015

Why Insider Threats Are Succeeding

Why Insider Threats Are Succeeding

As corporate networks expand in scope and geographic area, it has become easier for insider threats to access sensitive data and inflict catastrophic damage. While the malicious insider comes with a different set of challenges than other security concerns, organizations can protect themselves with the right tools and mindset. In this article, Lancope CTO TK Keanini explains why early detection of these attackers can keep a security event from becoming a high-profile data breach.

Thursday, May 21, 2015

Protecting Mobile Networks and Devices 2015: Call for Book Chapter

Protecting Mobile Networks and Devices 2015

Call for Book Chapters: Protecting Mobile Networks and Devices: Challenges and Solutions (CRC Press-Taylor & Francis)

Monday, May 18, 2015

Operational Models of Corporate Security Intelligence

This excerpt from Corporate Security Intelligence and Strategic Decision Making discusses why it is useful to have a model of intelligence to help guide structures, processes, and the deployment of resources. It then introduces a simple security intelligence model, applicable to any scale of deployment. Finally, it discuss aspects of a common dedicated countercrime model (the National Intelligence Model).

Wednesday, May 13, 2015

Hackers Hit Starbucks Mobile Users to Steal Credit Card Credentials

Credit card hackers are targeting Starbucks gift card and mobile payment users and stealing from consumers' credit cards. This new scam is so ingenious, the cyber criminals don't even need to know the account number of the card they are hacking! By taking advantage of the Starbucks auto-reload feature, they can steal hundreds of dollars in a matter of minutes. Because the crime is so simple, it can escalate quickly.

"This hack underscores the need for companies to protect all of the sensitive information they hold on their customers," said Brendan Rizzo, technical director EMEA, HP Security Voltage. "Criminals are always looking for a way to exploit a system in a way that they can then turn into cold hard cash. In this case, there is a further risk in that the app stores and displays personal information about the user such as their name, full address, phone number and email address. Criminals could then use this information or sell it on for use in more targeted larger-scale spear-phishing or identity theft attacks. Beyond the threat to customers' sensitive data, companies need to be concerned with the impact such an event can have on their reputation and, ultimately, on their bottom line. A data-centric approach to security is the key cornerstone needed to allow companies to mitigate the risk and impact of these types of attacks."

"16 Million Starbucks customer who utilize their mobile payment service may have been compromised as part of a organized attack," observed Stephen Coty, chief security evangelist, Alert Logic. "There have been reports of the mobile app being manipulated to hijack funds once the mobile device is reloaded with funds from a credit or gift card. There has been conversations through Twitter about customers seeing fraud taking place with their Starbucks accounts. Starbucks has said that they process approximately $2 billion in mobile payments

"The timing of this attack is very interesting since, just about a week ago, Starbucks had an issue in their stores with their payment system not allowing for the processing of credit cards. Makes you think what exactly happened to the payment system that shut down the service for a day and gave attackers an opportunity to compromise a part of their system."

Gavin Reid, VP of threat intelligence, Lancope, points out that, "Nothing too new here – if you guess the username and password for an account that is backed by you bank bad things can and will follow. This highlights problems with using consumer cards and accounts that are backed up with either a high limit credit card or even worse the current checking account. Ideally vendors would make this form of compromise harder by using multi factor authentication and the banks themselves would issue one-time-use account numbers that contain a fixed amount of cash limiting the loss. This type of small amount theft can be automated reusing already exposed credentials. Consumers can protect themselves by setting hard to guess unique passwords."

Monday, May 4, 2015

Fifteen Years After the ILoveYou Bug: Has the Face of Malware Changed?

Where were you when the ILOVEYOU bug started spreading on May 4, 2000, exactly 15 years ago? Was your computer one of the tens of millions of PCs the Love Letter attacked? How has malware changed in the last 15 years? Read on ...

Wednesday, April 15, 2015

Verizon: Mobile Security Is a Back-Burner Issue for Now

As reported on CNET, enterprises should devote fewer resources to securing their mobile infrastructure, since it is less prone to attacks, Verizon Communications advises in its 2015 Data Breach Investigations Report. The telecom does expect mobile security to become more of a major issue once companies improve efforts in areas where hackers are more apt to invade.

In-flight WiFi Risks Airline Security, says GAO

As reported at, the GAO has concluded that in-flight WiFi runs the risk of increasing cyber-security threats against airlines, aircraft, and air-traffic control information systems.

Regardless, of course, people will demand their WiFi,  and the airlines will provide it, thereby making air travel far more miserable. Maybe the airlines can charge a ridiculously high fee that users will bitch about but gladly pay, and reduce baggage fees. No, that'll never happen. What was I thinking?

Wednesday, April 8, 2015

Scam Of The Week: E-ZPass Notice To Appear

From Stu Sjouwerman, Founder and CEO, KnowBe4:

A scam is doing the rounds purportedly sent by the American electronic toll-collection agency, E-ZPass. The emails subject is "Notice to Appear." E-ZPass is available on tolled roads, bridges, and tunnels in the United States and is also accepted at border crossings to Canada.

The copy states "You have a debt to pay for using a toll road, and you are kindly asked to service your debt in the shortest time possible. You can find the invoice in the attachment."

The email supposedly comes from a manager of E-ZPass Support, uses the correct color scheme and logo and appears to be collecting money from an unpaid toll. The message says you have ignored previous bills and urges you to pay immediately by downloading an attached 'invoice.'

This is the latest phishing scam and it's a good idea to send your employees, friends and family a note stating something like the following. Feel free to copy/paste or edit:

"At the moment there is a phishing scam doing the rounds claiming to be from E-ZPass, and that you have ignored previous bills and not paid a toll. They want you to open the attached invoice or else you need to appear. Opening the invoice pay infect your workstation with malware so delete this email the moment it arrives.

"E-ZPass will never send an email or contact you requesting sensitive personal information such as credit card number, social security, user names, passwords, etc. If you are contacted by anyone via email or the phone stating they are from E-ZPass and they are seeking personal information, call 1-800-333-8655 to report you have been contacted by someone attempting to obtain personal information."

Thursday, March 12, 2015

Protecting Healthcare Records from Cyber Attacks Is a Game of Cat and Mouse

Protecting Healthcare Records from Cyber Attacks Is a Game of Cat and Mouse

By Mike Potts, CEO, Lancope

The never-ending battle between healthcare organizations and cyber attackers has always been like a game of cat and mouse. The hacker plays the role of the mouse, constantly trying to sneak past the company’s cat that is guarding information. For years, the cat not only consistently beat the mouse, he would help his fellow cats identify new mice and keep them out of their cupboards too. But as the successful data breaches over the past year demonstrate, including one earlier this year that made headlines after millions of health insurance records were compromised, the mice are now kicking the cats in their tails.

As the healthcare sector continues its collective effort to move to a 100-percent electronic records system, these recent attacks should serve to do two things. First, it should shine a light on why your existing cybersecurity system is likely inadequate – even if it complies with HIPAA’s Security Rule. Second, it should prompt you to immediately call your CSO, CIO and IT administrators into your office to overhaul your security posture and establish new employee education and incident response training programs.

While you may not have thought of this industry as a primary target for attackers, I hope you understand that cyber criminals consider healthcare information just as valuable as credit card numbers and other financial records if not more so given the longer shelf life of social security numbers and other personal information. And furthermore, traditional security solutions alone are incapable of keeping thieves out of your network. Healthcare security needs a more holistic approach that keeps watch both outside and inside your network and can help your security personnel more quickly identify and remediate threats. Here is why:

A Game of Cat and Mouse

Your first question might be, “what happened to the cat that I thought was such an effective guard?” Actually, the question you should be asking first is “what’s happened to the mouse to make him so much better at sneaking past the cat-guarded gate?”

The mouse has become faster, smarter and more agile. His motivations have evolved too, from hacking into systems to gain public notoriety and praise from his fellow mice, to silently and anonymously stealing information for financial gain.

In fact, the cat often does not even realize the mouse has snuck in and has been sitting for weeks, possibly months, stealing whatever it finds valuable.

The solution is not to add more cats that keep their ever-watchful eyes trained outside your network in order to spot outside attackers from trying to get in. That’s still important, the cat hasn’t become obsolete. But now building a better mouse trap requires a more holistic approach that guards both from the outside-in and from the inside-out.

This requires monitoring activity across your entire network in real time, including who is accessing and moving data stored in third-party cloud-based services like Dropbox or Simply put, security cannot be a one-time “set it and forget it” process.

In addition to implementing technology tools to enable you to see who is in your network and what, exactly, they are doing, you need to educate and train all of your employees, not just those in the IT department. Practice makes perfect. Just as you run regular fire drills, do the same to ensure your teams know what to do when a security threat is identified outside or inside your network? You want to put out a fire in a trash can long before it becomes a blaze that engulfs the whole building and causes irreparable damage.

A Holistic Approach

There’s no sugar-coating this fact: it’s likely only a matter of time before a breach occurs. You still want to lock your front doors (a.k.a. your perimeter), but don’t put all your eggs in that one basket. You have to balance your cybersecurity technology budget and include tools that provide your security team with the intelligence, visibility and forensic IR capabilities they need to identify when someone picks the lock and shut them down before any significant damage is done.

Also, for more information about just how serious the insider threat has become to healthcare organizations, please review the infographic “The Reality of Insider Threats” at

Wednesday, March 11, 2015

Why You May NOT Want to Freeze Your Credit

This just in: Reasons to Rethink Freezing Your Credit During ID Fraud Scare

Here are some reasons you may want to consider for any stories you might be planning around tax season:

• If you do put a freeze on your credit report it can take up to a month for the credit bureaus to do the unfreeze
• During a freeze, all credit cards are frozen
• Your debit card may also be impacted
• Consumers may need to go to a cash lifestyle even to pay bills
• All of your automated bill payments are then frozen and that can negatively impact your credit even further if or when you miss payments
• The Federal Trade Commission warns that tax ID theft, the most common form of identity theft, is a bigger problem than any one company.
• The Internal Revenue Service said Tuesday that tax-related identity theft is on the rise. In 2014, the IRS conducted over 1,000 identity theft-related investigations. There were also 748 sentencings connected to identity theft crimes, representing an increase of 75 percent over 2013.

"Once you freeze your credit report, it takes a long time to unfreeze it and you may have to live off liquid assets in the meantime," said Brian Richards, ID Theft Expert at Protect Your Bubble. "Only wait until there has been an activity reported against you specifically before you actually put a freeze on your credit report. It's difficult to dictate the timing of the freeze or unfreeze and that places added stress on consumers to maintain bill payment or have access to credit."

Monday, March 9, 2015

Smart Cities Need Smart Vaccine against Cyber Attacks

A Smart Vaccine approach is needed to protect the Middle East's smart cities, says security expert Dr. Rocky Termanini. It applies, of course, to other regions, too.

Dr. Termanini is the auther of The Cognitive Early Warning Predictive System Using the Smart Vaccine, to be published by CRC Press in November 2015.

Tuesday, February 10, 2015

Call for Book Chapters: Protecting Mobile Networks and Devices

Call for Book Chapters: Protecting Mobile Networks and Devices

This book welcomes chapters on a wide range of issues related to mobile networks and devices, including all aspects of attacks and solutions. Indicative topics include, but are not limited to, the following:

- Intrusion detection and prevention schemes for mobile networks
- Tracing back mobile attackers
- Secure routing and access control
- Mobile authentication mechanisms
- Security testing of new or existing usability features,
- Agent based intrusion surveillance
- Wireless Access Technologies
- Multimedia security issues for tackling intruders

We welcome both surveys and technical chapters presenting novel analytical research, simulations, practical results and case studies.

New Ransomware Strain Encrypts Files from Memory

Tampa Bay, FL (February 10, 2015) -- KnowBe4 CEO Stu Sjouwerman issued an alert to security professionals today about a newly discovered piece of ransomware dubbed ”Fessleak” by security firm Invincea. The ransomware is Russian and delivers its malicious code straight into system memory and does not drop any files on a disk. That means almost all antivirus software is unable to catch this. The infection vector is malicious ads on popular websites that the cybercriminals are able to display by bidding on the ad space through legit ad networks.

"This particular strain is new and quite harmful as it takes advantage of file-less infections that can communicate through the TOR network," said Sjouwerman. "We are going to continue to see more and more ransomware this year and this is just the latest innovation.”

This strain can check to ensure the host is not running on a virtual machine to frustrate security researchers and analysts. For end-users, they might visit a major site on their lunch break like HuffingtonPost, Photobucket, CBSsports, or and check out someone's "Granny opening a new iPhone video", or "These are the Charlie Hebdo cartoons that terrorists thought were worth killing over" headlines. Clicking that one link is enough to get confronted with a full screen announcing all personal or business files, photos and videos have been one-way encrypted and to get them back you need to pay a ransom in Bitcoin.

The cybercriminals first set up a short-lived burner domain directing to a landing page where the exploit kit is hosted. Then they start real-time bidding for ads pointing to the burner domain. Once their bad ad is displayed on a popular website and users clicked on it, they would be redirected to the malicious domain which in turn infects their workstation.

The same gang is also using 0-day exploits for Flash Player, and is apparently able to change their malware on the fly to exploit the most recent vulnerabilities. Fessleak drops a temp file via Flash and makes calls to icacls.exe, the file that sets permissions on folders and files. At this time, there is no detection for the malicious binary, which likely rotates its hash value to avoid Antivirus detection.

Sjouwerman makes a few recommendations to mitigate this type of attack:

1) Backup, backup, backup and take a weekly copy of your backup off-site.

2) Keep your attack surface as small as possible and religiously patch the OS and third party apps as soon as possible. Visit site for some additional help.

3) Run a UTM or a good Proxy, block centrally rather than machine by machine. If that's not possible, install AdBlocker plugins for each browser.

4) It is increasingly clear that effective security awareness training is a must these days. Once a year training for compliance does not cut it anymore. End-users need to be on their toes with security top of mind.