Login
This week, we welcome Chase Robertson, CEO at Robertson Wealth Management, to discuss the state of the financial markets in 2020 and beyond! In our second segment, it's our quarterly Security Money update! This segment tracks the Top 25 public security vendors, known as the Security Weekly 25 Index, and the private funding!
Show Notes: https://wiki.securityweekly.com/BSWEpisode159
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Trevor Bryant, Senior Information Security Architect at Epigen Technology, to talk about the Risk Management Framework, and how to leverage sound business practices to promote security and compliance initiatives in the workplace!
Show Notes: https://wiki.securityweekly.com/SCWEpisode14
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Clearview app lets strangers find your information through Facial Recognition, Travelex begins reboot as VPN bug persists, ADP users hit by Phishing Scam, Exposed Telnet ports lead to over 500,000 IoT devices credentials stolen, and over 1000 local governments reported they were hit by ransomware in 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how the FBI is to inform election officials about hacking attempts!
Show Notes: https://wiki.securityweekly.com/SWNEpisode5
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in our first segment, Mike, Matt, and John, discuss Protecting Data in Apps and Protecting Apps from Data! In the Application Security News, PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills, and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities!
Show Notes: https://wiki.securityweekly.com/ASWEpisode92
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Security News, A Powerful GPG collision attack spells the end for SHA-1, an unpatched Citrix Flaw now has PoC Exploits, a Lottery hacker gets 9 months for his 5 cut of the loot, Windows 10 has a security flaw so severe the NSA disclosed it, and PayPal patches a high severity password vulnerability! In our second segment, we welcome Ryan Speers & Jeff Spielberg of River Loop Security, to talk about Embedded Product Security: Left of Ship! In our final segment, we will be airing our Hacker Culture Roundtable, recorded from the Security Weekly Christmas Extravaganza, with a boatload of hosts from the Security Weekly Family!
Show Notes: https://wiki.securityweekly.com/PSWEpisode635
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Highlights from the Security Weekly shows this week, including dealing with personalities and compliance, Windows 10 exploits, alert fatigue in your SoC, security for startups, Windows 10 exploits, Tik Tok backdoors, lottery hack, 5G (in)security and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode4
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter. They’re a one-click gateway to our favorite videos, live messaging, email, banking, social media and much more.
There are said to be around 2.8 million of these apps on the official Google Play Store today. But unfortunately, where there are users, there are also hackers looking to capitalize. And one of their favorite ways to make money is by tricking you into downloading a malicious app they’ve sneaked onto the marketplace.
Most recently, 42 such apps had to be removed after being installed eight million times over the period of a year, flooding victims’ screens with unwanted advertising. This is just the tip of the iceberg. As more of us turn to mobile devices as our primary internet gateway, the bad guys will follow suit. Trend Micro blocked over 86 million mobile threats in 2018, and we can expect this figure to increase into the future.
So how can you protect your devices and your data from hackers?
Adware ahoy
The latest bunch of 42 apps are from a class of malicious software known as adware. This follows a previous discovery by Trend Micro earlier this year of a further 85 adware-laden apps downloaded eight million times. Cyber-criminals fraudulently make money by displaying unwanted ads on the victim’s device. In the meantime, the user has to contend with annoying pop-ups which can run down the device’s battery and eat up computing resources. Some even silently gather user information.
Ones to watch
Unfortunately, it’s increasingly difficult to spot malicious apps on the Play Store. A popular tactic for hackers is to hide their malware in titles which impersonate legitimate applications. A recent two-year study found thousands of such counterfeits on the Play Store, exposing users unwittingly to malware. Banking apps are a particularly popular type of title to impersonate as they can provide hackers with highly lucrative log-ins to open users’ accounts.
Some malware, like the recently disclosed Agent Smith threat, works by replacing all the legitimate apps on a user’s device with malicious alter-egos.
So, as we hit 2020, what other threats hidden in legitimate-seeming apps should mobile users be looking out for?
|
|
Is Google helping?
The Android ecosystem has always and remains to be a bigger threat than iOS because it’s relatively easier for developers to get their applications onto the official marketplace. Now, it’s true that Google carries out some vetting of the apps on its Play Store and it is getting better and quicker at spotting and blocking malware. It says the number of rejected app submissions grew by over 55% in 2018 while app suspensions increased by over 66%.
However, Google’s Play Protect, which is pre-installed on Android devices, has garnered less than favorable reviews. This anti-malware solution is intended to scan for malicious apps to prevent you downloading them. However, it has received poor reviews for its “terrible malware protection.”
In fact, in independent tests run in July by German organization AV-TEST, Google Play Protect found just 44% of the 3,347 “real-time” online malware threats, and just 55% of the 3,433 malware samples that were collected in the previous month. According to Tom’s Guide, “these scores are all well below the industry averages, which were always 99.5% or above in both categories for all three rounds.”
How do I stay safe?
So how can mobile users ensure their personal data and devices are secure from the growing range of app-based threats?
Consider the following:
|
|
How Trend Micro Mobile Security helps
Trend Micro Mobile Security (TMMS) offers customers comprehensive anti-malware capabilities via its real-time Security Scan function. Security Scan alerts you to any malware hidden in apps before they are installed and suggests legitimate versions. It can also be manually run on devices to detect and remove malicious apps, including ransomware, that may already have been installed.
To use the manual scan, simply:
1. Tap the Security Scan panel in the TMMS Console. The Security Scan settings screen appears, with the Settings tab active by default.
2. Tap Scan Now to conduct a security scan. The result appears.
3. In the example shown, “Citibank” has been detected as a fake banking app, installed on the device before Mobile Security was installed. Apps are recommended for you to remove or to trust.
4. Tap Uninstall to uninstall the fake app. A Details screen defines the security threats.
5. Tap Uninstall A popup will ask if you want to uninstall the app.
6. Tap Uninstall once more to uninstall it. The app will uninstall.
7. If there are more potentially unwanted apps, tap the panel for Apps Removal Recommended to show the list of apps recommended for removal. The Removal Recommended list will show apps to Remove or Trust.
8. You can configure settings via Security Scan > Settings This will allow you to choose protection strength (Low, Normal, and High).
9. In Settings, check the Pre-Installation Scan, which is disabled by default, to block malware from Google Play before it’s installed. It sets up a virtual private network (VPN) and enables the real-time scan.
Among its other features, Trend Micro Mobile Security also:
|
|
To find out more about Trend Micro Mobile Security, go to our Mobile Security Solutions website, where you can also learn about our Mobile Security solution for iOS.
Tags: Mobile Security, Mobile Antivirus, Mobile Antimalware, Android Antivirus
The post Defend Yourself Now and in the Future Against Mobile Malware appeared first on .
So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executables to make them look legitimate, leading to potentially disastrous man-in-the-middle attacks.
Here’s the good news. Microsoft has already released a patch to protect against any exploits stemming from this vulnerability. But here’s the catch: You have to patch!
While Trend Micro offers industry-leading virtual patching capabilities via our endpoint, cloud, and network security solutions, the best protection against vulnerabilities is to deploy a real patch from the software vendor. Let me say it again for effect – the best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update.
We understand how difficult it can be to patch systems in a timely manner, so we created a valuable tool that will test your endpoints to see if whether they have been patched against this latest threat or if they are still vulnerable. Additionally, to ensure you are protected against any potential threats, we have just released additional layers of protection in the form of IPS rules for Trend Micro Deep Security and Trend Micro Vulnerability Protection (including Trend Micro Apex One). This was rolled out to help organizations strengthen their overall security posture and provide some protection during lengthy patching processes.
You can download our Trend Micro Vulnerability Assessment Tool right now to see if you are protected against the latest Microsoft vulnerability. And while you’re at it, check out our latest Knowledge Based Article for additional information on this new vulnerability along with Trend Micro security capabilities that help protect customers like you 24/7. Even during those quiet days in January.
The post Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601 appeared first on .
“Data-centric” can sometimes feel like a meaningless buzzword. While many companies are vocal about the benefits that this approach, in reality, the term is not widely understood.
One source of confusion is that many companies have implemented an older approach – that of being “data-driven” – and just called this something else. Being data-centric is not the same as being data-driven. And, being data-centric brings new security challenges that must be taken into consideration.
A good way of defining the difference is to talk about culture. In Creating a Data-Driven Organization, Carl Anderson starts off by saying, “Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” In short, being data-driven is about acquiring and analyzing data to make better decisions.
Data-centric approaches build on this but change the managerial hierarchy that informs it. Instead of data teams collecting data, management teams making reports about it, and then CMOs taking decisions, data centrism aims to give everyone (or almost everyone) direct access to the data that drives your business. In short, creating a data-driven culture is no longer enough: instead, you should aim to make data the core of your business by ensuring that everyone is working with it directly.
This is a fairly high-level definition of the term, but it has practical implications. Implementing a data-centric approach includes the following processes.
1. Re-Think Your Organizational Structure
Perhaps the most fundamental aspect of data-centric approaches is that they rely on innovative (and sometimes radical) management structures. As Adam Chicktong put it a few years ago, these structures are built around an inversion of traditional hierarchies: instead of decisions flowing from executives through middle management to data staff, in data-centric approaches everyone’s “job is to empower their team do their job and better their career”.
This has many advantages. In a recent CMO article, Maile Carnegie talked about the ‘frozen middle’ where middle-management is inherently structured to resist change. By looking closely at your hierarchy and identifying departments and positions likely to resist change, you’ll be able to streamline the structure to allow transformation to more easily filter through the business. As she puts it, “Increasingly, most businesses are getting to a point where there are people in their organization who are no longer are experts in a craft, and who have graduated from doing to managing and basically bossing other people around and shuffling PowerPoints.”
2. Empowering the Right People
Once these novel managerial structures are in place, the focus must necessarily shift toward empowering, rather than managing, staff. Effectively employing a data-centric approach means giving the right people access to the data that underpins your business, but also allowing them to affect the types of data you are collecting.
Let’s take access first. At the moment, many businesses (and even many of those that claim to be data-driven) employ extremely long communicative chains to work with the data they collect. IT staff report their findings, ultimately, to the executive level, who then disseminate this to marketing, PR, risk and HR departments. One of the major advantages of new data infrastructures, and indeed one of the major advantages of cloud storage, is that you can grant these groups direct access to your cloud storage solution.
Not only does this cut down the time it takes for data to flow to the "correct" teams, making your business more efficient. If implemented skillfully, it can also be a powerful way of eliciting input from them on what kinds of data you should be collecting. Most businesses would agree, I think, that executives don't always have a granular appreciation for the kind of data that their teams need. Empowering these teams to drive novel forms of data collection short-circuits these problems by encouraging direct input into data structures.
3. Process Not Event
Third, transitioning to a data-centric approach entails not just a change in managerial structure, responsibility, and security. At the broadest level, this approach requires a change in the way that businesses think about development.
Nowadays, running an online business is not as simple as identifying a target audience, creating a website, and waiting to see if it is effective. Instead, the previously rigid divide between the executive, marketing, and data teams means that every business decision should be seen as a process, not an event.
4. Security and Responsibility
Ultimately, it should also be noted that changing your managerial structure in this way, and empowering teams to take control of your data collection processes, also raises significant problems when it comes to security.
At a basic level, it’s clear that dramatically increasing the number of people with access to data systems simultaneously makes these systems less secure. For that reason, implementing a data-centric approach must also include the implementation of extra security measures and tools.
These include managerial systems to ensure responsible data retention, but also training for staff who have not worked with data before, and who may not know how to take basic security steps like using secure browsers and connecting to the company network through a VPN when using public WiFi. On the other hand, data centrism can bring huge benefits to the overall security of organizations.
Alongside the approach’s contribution to marketing and operational processes, data-centric security is also now a field of active research. In addition, the capability to share emerging threats with almost everyone in your organization greatly increases the efficacy of your cybersecurity team.
Data-centric approaches are a powerful way of increasing the adaptability and profitability of your business, but you should also note that becoming truly data-centric involves quite radical changes in the way that your business is organized. Done correctly, however, this transition can offer huge advantages for almost any business.
About the author: A former defense contractor for the US Navy, Sam Bocetta turned to freelance journalism in retirement, focusing his writing on US diplomacy and national security, as well as technology trends in cyberwarfare, cyberdefense, and cryptography.
Nowadays, businesses across all industries are turning to owned websites and domains to grow their brand awareness and sell products and services. With this dominance in the e-commerce space, securing owned domains and removing malicious or spoofed domains is vital to protecting consumers and businesses alike. This is especially important because domain impersonation is an increasingly popular tactic among cybercriminals. One example of this is ‘look-a-like’ urls that trick customers by mimicking brands through common misspellings, typosquatting and homoglyphs. With brand reputation and customer security on the line, investing in domain protection should be a top priority for all organizations.
Domain-based attacks are so popular, simply because of how lucrative they can be. As mentioned above, attackers often buy ‘look-alike’ domains in order to impersonate a specific brand online. To do this, bad actors can take three main approaches: copycatting, piggybacking and homoglyphs/typosquatting. From mirroring legitimate sites to relying on slight variations that trick an untrained eye, it’s important to understand these top tactics cybercriminals use so you can defend your brand and protect customers. Let’s explore each in more detail.
1. Copycatting Domains
One tactic used by bad actors is to create a site that directly mirrors the legitimate webpage. Cybercriminals do so by copying a top-level domain (TLD), or TLD, that the real domain isn’t using, or by appending multiple TLDs to a domain name. With these types of attacks, users are more likely to be tricked into believing they are interacting with the legitimate organization online. This simplifies the bad actor’s journey as the website appears to be legitimate, and will be more successful than an attack using a generic, throwaway domain. To amplify these efforts, bad actors will also use text and visuals that customers would expect to see on a legitimate site, such as the logo, brand name, and products. This sense of familiarity and trust puts potential victims at ease and less aware of the copycat’s red flags.
2. Piggybacking Name Recognition
The first approach attackers utilize is spoofed or look-alike domains that help them appear credible by piggybacking off the name recognition of established brands. These domains may be either parked or serving live content to potential victims. Parked domains are commonly leveraged to generate ad revenue, but can also be used to rapidly serve malicious content. They are also often used to distribute other brand-damaging content, like counterfeit goods.
3. Tricking Victims with Homoglyphs and Typosquatting
This last tactic has two main methods -- typosquatting and homoglyphs -- and looks for ways to trick unsuspecting internet users where they are unlikely to look or notice they are being spoofed.
Why domain protection is necessary
Websites are a brand’s steadfast in the digital age, as they are often the first source of engagement between a consumer, partner, prospective employee and your organization. Cyberattackers see this as an opportunity to capitalize on that interaction. If businesses don’t take this problem seriously, their brand image, customer loyalty and ultimately financial results will be at risk.
While many organizations monitor domains related to their brand in order to ensure that their brand is represented in the way it is intended, this is challenging for larger organizations composed of many subsidiary brands. Since these types of attacks are so common and the attack surface is so large, organizations tend to feel inundated with alerts and incidents. As such, it is crucial that organizations proactively and constantly monitor for domains that may be pirating their brand, products, trademarks or other intellectual property.
About the author: Zack Allen is both a security researcher and the director of threat intelligence at ZeroFOX. Previously, he worked in threat research for the US Air Force and Fastly.
Copyright 2010 Respective Author at Infosec IslandToronto, Canada-based Security Compass has received additional funding from growth equity investment firm FTV Capital. The amount has not been disclosed, indicating that it is likely to be on the smaller side.
According to the security firm, the purpose of the cash injection is to allow it to enhance its product portfolio and accelerate a planned global expansion.
The company was founded by Nish Bhalla in 2005. Former COO Rohit Sethi becomes the new CEO. Bhalla remains on the Board, and is joined by Liron Gitig and Richard Liu from FTV Capital.
Long-serving Sethi was Security Compass' first hire, and was an integral part of the creation of the company's SD Elements platform -- now the focus of the firm' operations. SD Elements helps customers put the Sec into DevOps without losing DevOps's development agility.
"The strong trends towards agile development in DevOps," he says, "increased focus on application security and on improving risk management are on course for collision. Security Compass is uniquely positioned to help organizations address the inherent conflicts. With FTV's investment, we're poised to accelerate our growth while maintaining the culture of excellence we've worked so hard to build."
The worldwide growth in security and privacy regulations, such as GLBA, FedRAMP, GDPR, CCPA and many others, requires that security is built into the whole product development lifecycle. "Security Compass' SD Elements solution," says FTV Capital partner Gitig, "is uniquely focused on the software stack, enabling DevOps at scale by helping enterprises develop secure, compliant code from the start."
He continued, "SD Elements provides both engineering and non-engineering teams with a holistic solution for managing software security requirements in an efficient and reliable manner, alleviating meaningful friction in the software development life cycle, accelerating release cycles and improving business results. We are excited to work with the Security Compass management team in its next phase of global growth as a trusted information security partner."
Security Compass claims more than 200 enterprise customers in banks, federal government and critical industries use its solutions to manage the risk of tens of thousands of applications.
Related: Chef Launches New Version for DevSecOps Automated Compliance
Related: ChatOps is Your Bridge to a True DevSecOps Environment
Related: Shifting to DevSecOps Is as Much About Culture as Technology and Methodology
Copyright 2010 Respective Author at Infosec IslandWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a major crypto-spoofing bug impacting Windows 10 that has been fixed as part of Microsoft’s January Patch Tuesday update. Also, read about the launch of Pwn2Own Vancouver, where it will pay to hack a Tesla Model 3.
Read on:
Can You Hack a Tesla Model 3? $500,000 Says That You Can’t
Trend Micro’s Zero Day Initiative (ZDI) has officially announced that its Pwn2Own Vancouver competition will be hosted at CanSecWest March 18-20. This time, the stakes have been upped in the automotive category: the hacker who can evade the multiple layers of security found in a Tesla Model 3 to pull off a complete vehicle compromise will win a $500,000 prize and a new Tesla Model 3.
Texas School District Loses $2.3 Million to Phishing Scam, BEC
Manor Independent School District (MISD) in Texas is investigating an email phishing attack after a series of seemingly normal school-vendor transactions resulted in the loss of an estimated $2.3 million. According to the statement posted on Twitter, the district is cooperating with the Manor Police Department and the Federal Bureau of Investigation (FBI).
Equifax Settles Class-Action Breach Lawsuit for $380.5M
A Georgia court granted final approval for an Equifax settlement in a class-action lawsuit, after the credit-reporting agency was hit by its massive 2017 data breach. This week, the Atlanta federal judge reportedly ruled that Equifax will pay $380.5 million to settle lawsuits regarding the breach.
Sodinokibi Ransomware Increases Year-End Activity, Targets Airport and Other Businesses
The Sodinokibi ransomware, detected as Ransom.Win32.SODINOKIBI,was involved in several high-profile attacks in 2019. The ransomware ended the year by launching a new round of attacks aimed at multiple organizations, including the Albany International Airport and the foreign exchange company Travelex.
ICS Security in the Spotlight Due to Tensions with Iran
Given the heightened tensions between the U.S. and Iran, organizations with connected industrial infrastructure should be on guard. In the wake of the assassination, several cybersecurity experts and U.S. government officials have warned of the ICS security risk that Iran-affiliated adversaries pose. Others point to the likelihood of smaller cyberattacks designed to distract rather than prompt retaliation.
Dymalloy, Electrum, and Xenotime Hacking Groups Set Their Targets on US Energy Sector
At least three hacking groups have been identified aiming to interfere with power grids across the United States. The oil, gas, water and energy industries have proved to become a valuable target for threat actors looking to compromise ICS environments, and according to a report on the state of industrial control systems (ICSs), attempts in attacking the utilities industry are on the rise.
Microsoft Patches Major Crypto Spoofing Bug
A major crypto-spoofing bug impacting Windows 10 users has been fixed as part of Microsoft’s January Patch Tuesday security bulletin. The vulnerability could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.
Mobile Banking Trojan FakeToken Resurfaces, Sends Offensive Messages Overseas from Victims’ Accounts
Researchers recently discovered an updated version of the mobile banking trojan FakeToken after detecting 5,000 smartphones sending offensive text messages overseas. Once the malware infects an unprotected Android device, FakeToken is able to send and intercept text messages such as 2FA codes or tokens, as well as scan through the victim’s contacts to possibly send phishing messages.
Report: Chinese Hacking Group APT40 Hides Behind Network of Front Companies
An online group of cybersecurity analysts calling themselves “Intrusion Truth” doxed their fourth Chinese state-sponsored hacking operation. After previously exposing details about Beijing’s hand in APT3 (believed to operate out of the Guangdong province), APT10 (Tianjin province), and APT17 (Jinan province), Intrusion Truth has now begun publishing details about China’s cyber apparatus in the state of Hainan, an island in the South China Sea.
What are your thoughts on the major crypto-spoofing bug that was found by the NSA? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced appeared first on .
This week, we talk Enterprise News, to talk about How to Create Easy and Open Integrations with VMRays REST API, Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR, PacketViper Deception360 now available for Microsoft Azure, Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, and Say Goodbye to Windows Server 2008 and Hello to Azure?! In our second segment, we welcome Mark Orlando, Founder, and CEO of Bionic, to discuss Outdated Defense Approaches and the need to revisit traditional thinking about security operations in the Enterprise! In our final segment, we welcome Ward Cobleigh, Product Line Manager at VIAVI Solutions, to discuss VISA Security Alerts - What we can learn, and what we can do!
Show Notes: https://wiki.securityweekly.com/ESWEpisode168
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We’ve all been in the situation trying to set a new password – you need one uppercase character, one number and one character from a special list. Whatever password we come up with needs to be between 8 and 24 characters long. Once created, we need to remember that password and heaven help us should we need to reset it. Yes, that’s the dreaded “you can’t reuse the last five passwords” message – but IT security requires the password to be changed every month. If you’ve lived in the corporate world, this experience is quite familiar. So too is this a common experience with most web properties.
Then along comes the dreaded “your account was part of a set of accounts which may have been breached” letter. As a consumer, you’re now left with some anxiety over what data might be in the hands of proverbial “bad guys”. Part of the anxiety comes from the prospect that these same bad guys might also now know your password, so you need to change it. If you’re like many people, that password likely was used in many places so the anxiety increases as you recall each of the websites you now need to update your password on – just to be safe.
Into this mess we have security pundits suggesting that multiple security factors are the solution. The net results being that not only do users need to remember their password, but they also need to enter a second code – often a set of numbers – in order to access their account. While each of these password complexity, password expiration, and multiple factor authentication rules can deter attempts to compromise an account, they do nothing to simplify the experience and when it comes to consumer grade devices or consumer websites, simplification is what we should be striving for.
Consider the current situation with Ring customers. It’s being reported that some users of Ring video devices are experiencing random voices speaking through their video devices. Some have even reported threats against them. These users are rightfully concerned for their safety, but some have been quick to lay the blame for the situation at the feet of the user. When someone states that “you should have a more secure password” or “you should enable 2FA”, those statements are fundamentally a form of victim shaming. The end user likely isn’t a security expert, but an expectation is being set that they should know how best to secure these devices.
The current situation with Ring devices isn’t new. We need only look back to September of 2016 when the US saw a major internet outage caused by an attack on the DNS infrastructure. This attack originated from a large quantity of DVRs, webcams and other consumer grade devices which weren’t properly password protected. At the time, there were similar cries that ‘password123’ wasn’t an effective password and users shouldn’t use it. This situation even prompted major service providers like GitHub to advise their customers to change their password – not because the user’s data had been part of a breach, but that the password had itself been part of a set of data sold on the black market.
These examples highlight a key challenge with product security– how to properly prevent unauthorized access while maintaining ease of use. This goal can’t be met if we shame users based on their security choices. Instead, product designers should look at the ways to use context to best secure systems. In the case of a video camera, access to the camera in all forms should be from approved devices. For example, if a user configured the camera from an Android phone, then that device is by definition an approved device to access the camera. Since the phone can’t be in two locations in two places at the same time, if the app is running on the phone, then there is only one possible way to access the camera until the user authorizes additional devices from within the app. This entire example doesn’t rely on password complexity to secure the camera, but rather uses user context as part of the overall system security where passwords are but one component. The net result being that while a simple password may not be advised from a security pundit perspective, the contextual information helps ensure that users don’t harm themselves. With the complexity of consumer devices only increasing, contextual security should be a priority for all – a situation which would avoid password shaming.
About the author: Tim Mackey is Principal Security Strategist, CyRC, at Synopsys. Within this role, he engages with various technical communities to understand how to best solve application security problems.
Copyright 2010 Respective Author at Infosec IslandThis week, we welcome Al Ghous, VP and Head of Security at ServiceMax, to discuss Startup Security - It s Everyone s Business! In the Leadership Articles, Unexpected Companies Produce Some of the Best CEOs, Security Think Tank: Hero or villain? Creating a no-blame culture, The Guy Who Invented Inbox Zero Says We're All Doing It Wrong, Enterprise-scale companies adopting Azure over AWS, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode158
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ben Rothke, Senior Information Security Specialist for Tapad, to talk about the Multiple Personalities we encounter during Compliance and Audit Engagements! In the Security and Compliance news, A Risk Assessment Path to Real-Time Assurance, Culture, Integrity and the Board's Role in Guarding Corporate Reputation, Skills For the Compliance Professional in the 2020s, Four Compliance Insights For 2020 and Beyond, Compliance Officer Burnout, Why You Should Draft a Compliance Mission Statement, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode13
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Tesla goes Pwn2Own again this year, GRU "hacks" a Ukranian gas company at the heart of scandals in DC, Microsoft has officially ended support for Windows 7 and Server 2008, and a nasty bug in Firefox, Citrix exploits are being well...exploited, and the return of Emotet! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about The State of 5G Security!
Show Notes: https://wiki.securityweekly.com/SWNEpisode3
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
‘It’s not if, but when’ is a long-established trope in the world of cybersecurity, warning organizations that no matter how robust their defenses, nor how sophisticated their security processes, they cannot afford to be complacent.
In 2020, little has changed – and yet everything has changed. The potential scale and scope of distributed denial of service (DDoS) attacks is far greater than it ever has been. Attackers can call on massive botnets to launch attacks, thanks to the ongoing rapid growth in cloud usage and expansion of the IoT, which has given more devices and resources which can be exploited. Furthermore, the vulnerabilities that these botnets can target are challenging to protect using standard network security solutions.
So what attack types will we see during this year? Here are 5 key trends that I expect to see developing during the coming months.
Attacks will reach unprecedented scale
According to the Department for Homeland Security, the scale of DDoS attacks has increased tenfold over the last five years. The DHS has also stated that if this trend continues, it not certain whether corporate and critical national infrastructures will be able to keep up.
A perfect storm of factors is feeding into the growth in DDoS scale. Criminals are hijacking cloud resources, or simply renting public cloud capacity using stolen card details to massively amplify their attacks. At the same time, the explosion in IoT devices gives criminals more potential recruits as soldiers for their botnet armies. As a result, the gap between an organization’s available bandwidth on its internet connection and the size of an average DDoS attack is widening. Even the biggest security appliances currently available cannot compete with attack volumes that in many cases are over 50 times greater than the capacity of an organization’s internet connection.
Game-changing industrialized attacks
Furthermore, DDoS attacks are no longer the realm of digital vandalism, launched primarily by individuals interested in testing their own capabilities or causing a nuisance. The underground economy is booming, with new marketplaces for cybercrime tools and techniques being introduced all the time. There is a clear recognition amongst bad actors that cyberattacks, including DDoS attacks, can be enormously profitable – whether for criminal or even political purposes. Criminals are monetizing their investments in creating massive botnets by offering DDoS-for-hire services to anyone that wants to launch an attack, for just a few dollars per minute.
And on the subject of politics, with a US presidential election coming up in 2020, and following recent destabilizing events in the Middle East, the potential for a major politically-motivated cyberattack is higher than ever. It would not be the first such attack – Estonia fell victim to a country-wide DDoS attack over a decade ago – but the blackout-level potential of today’s attacks is far greater. Simultaneously, it is becoming ever easier to obfuscate the true source of an attack, making definite attack attribution very difficult. From a political perspective, the ability to ‘frame’ an enemy for a large-scale attack has obvious, and worrying consequences.
Power infrastructures under targeted attack
On a related point, targeting industrial controls has become an increasing focus for nation-state attacks. The US power grid, and power infrastructure in Ukraine are both known to have been targeted by state-sponsored Russian hackers.
As more industrial systems are exposed to the public internet, a targeted DDoS attack against these could easily cause outages that interrupt critical power, gas or water supplies (think industry 4.0). And at the other end of the supply chain, Trend Micro’s recent Internet of Things in the Cybercrime Undergroundreport described how hackers are sharing information on how to hack Internet-connected gas pumps and related devices often found in industrial applications. These devices could either be flooded to cause a wide-ranging blackout, or infected and recruited into botnets for use in DDoS attacks, or to manipulate industrial processes.
APIs are the weakest link
However, DDoS attacks are no longer limited to merely attacking or exploiting organizations’ infrastructure. In 2020, I expect attacks against APIs to move into the spotlight. As we know, more and more organizations are moving workloads into the cloud, and this means that APIs are increasing in volume.
Every single smart device within an IoT ecosystem, for example, is ultimately interacting with an API. And far less bandwidth is needed to attack APIs, and they can rapidly become hugely disruptive bottlenecks. Unlike a traditional DDoS attack which bombards a website or network with bogus traffic so that infrastructure grinds to a halt, an API DDoS attack focuses on specific API requests which generate so much legitimate internal traffic that the system is attacking itself – rather like a massive allergic reaction. Many cloud-based organizations are vulnerable to this, and APIs are harder to protect using conventional methods. So I expect attackers to increasingly exploit this vulnerable spot in organizations’ defensive armor.
The cloud is not a safe haven
There is an assumption in the market that migrating workloads to public cloud providers automatically makes businesses better off – and in many ways of course, this is true. Flexibility, scalability, agility, cost-effectiveness – there are myriad business benefits to be gleaned from the cloud. Yet the assumption that the major providers automatically offer attack-proof security is an illusion. In October 2019, AWS was taken offline for eight hours, demonstrating that even the biggest public cloud providers are vulnerable to DDoS attacks, with hugely disruptive potential knock-on effects to their customers. Some studies estimate that knocking out a single cloud provider could already cause $50 billion to $120 billion in economic damage—on a par with the aftermath resulting from Hurricane Katrina and Hurricane Sandy.
In conclusion, these points may paint a bleak picture for 2020. But companies that adopt the mindset of ‘not if, but when’ will be well positioned to counter the escalating threats. Using solutions which are capable of fending off high-volume DDoS attacks as well as resource-intensive exploits on protocols and application levels, organizations can stay a step ahead of threat actors, and avoid becoming their next victim.
About the author: Marc Wilczek is Chief Operating Officer at Link11, an IT security provider specializing in DDoS protection.
Copyright 2010 Respective Author at Infosec IslandThis week, we welcome Hillel Solow, CTO at Check Point, to discuss The Evolution of DevSecOps and AppSec Trends in 2020! In the Application Security News, Policy and Disclosure: 2020 Edition, A look back & forward for bug bounties over the past decade, 4 Ring Employees Fired For Spying on Customers, Exploit Fully Breaks SHA-1, Lowers the Attack Bar, The Open Source Licence Debate: Comprehension Consternations & Stipulation Frustrations, Synopsys Buys Tinfoil, and Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates!
Show Notes: https://wiki.securityweekly.com/ASWEpisode91
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
As the new year starts, it’s natural to think about the network security challenges and opportunities that organizations are likely to face over the next 12 months – and how they will address them. Of course, we are likely to see brand-new threats emerging and unpredictable events unfolding. But here are four key security challenges that I believe will be at the top of enterprise agendas this year.
Managing misconfigurations
The first challenge that organizations will address is data and security breaches due to misconfigurations. These have been a constant problem for enterprises for decades, with the most recent example being the large-scale incident which impacted Capital One in 2019. These are usually caused by simple human error, leaving a security gap that is exploited by actors from outside the organization. Unfortunately, humans are not getting any more efficient in avoiding mistakes, so breaches due to misconfigurations will continue to be a problem that needs to be fixed.
At the same time, the technology environment that the network security staff is working within is getting ever more complex. There are more network points to secure – both on-premise and in public or private clouds – and therefore a much larger attack surface. The situation is getting worse – as highlighted in our 2019 cloud security survey, which showed that two thirds of respondents use multiple clouds, with 35% using three or more cloud vendors, and over half operating hybrid environments. The only solution to this growing complexity is network security automation. Humans need tools to help them set and manage network configurations more accurately and more efficiently, so the demand for security automation is only going to increase.
Compliance complexity
Achieving and maintaining regulatory compliance has long been a major challenge for networking staff, and as networks become more complex it is only getting harder. In recent years, we have seen a raft of new compliance frameworks introduced across multiple verticals and geographical regions. Regulators worldwide are flexing their muscles.
The crucial point to understand is that new regulations typically don’t replace existing regimes – rather, they add to what is already in place. The list of regulatory demands facing organizations is getting longer and achieving and demonstrating compliance is becoming an ever-larger commitment for organizations. Once again, the only solution is more automation: Being in “continuous compliance”, with automatic creation of audit-ready reports for all the relevant regulations, delivers both the time and resource savings that organizations need in order to meet their compliance demands.
The turn to intent-based network security
What do I mean by intent-based network security? It is ultimately about asking a simple question – why is this security control configured the way it is?
Understanding the intent behind individual network security rules is crucial for a wide range of network maintenance and management tasks, from responding to data breaches to undertaking network cleanups, from working through vulnerability reports to dealing with planned or unplanned downtime. In every scenario, you need to understand why the security setting is the way it is, and who to notify if something has gone wrong or if you want to amend or remove the rule.
And the answer is always that a particular business application needed connectivity from point A to point B. The organization “just” needs to find out which application that was – and that’s 95% of the intent.
The trouble is that organizations are usually not diligent enough about recording this intent. The result is a huge number of undocumented rules whose intent is unclear. In other words, organizations are in a ‘brownfield’ situation; they have too many rules, and not enough information about their intent.
So, I believe that this year, we will see more and more deployment of technologies that allow a retrospective understanding of the intent behind security rules, all based on the traffic observed on the network. By listening to this traffic and applying algorithms, these new technologies can reverse-engineer and ultimately identify, and document, the original intent.
Embracing automation
Public cloud vendors are providing more and more security features and controls, and this trend looks set to continue, with more security controls becoming available as part of their core offerings. This is a good thing. The more controls available, the more secure organizations can be – if they take advantage of the additional capabilities.
But this doesn’t mean less work for IT and security teams. They need to take ownership of these new capabilities, and to configure and manage them properly – and this takes us straight back to the misconfiguration issue I outlined earlier.
In conclusion, to distil my predictions for network security over this year into a single point, it would be the need to embrace more automation across all security and compliance-related processes. This is at the core of enabling organizations to manage the ever-growing complexity of their networks and responding to the constantly evolving threat landscape.
About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.
Copyright 2010 Respective Author at Infosec IslandWeighing SMB Security Woes Against the Managed Security Promise
Looking strictly at the numbers, it appears small to mid-sized businesses (SMBs) are sinking under the weight of their own IT complexity. To be more efficient and competitive, SMBs are reaching to the same IT solutions that large enterprises consume: hybrid/multi-cloud solutions (61% have a multi-cloud strategy, with 35% claiming hybrid cloud use), remote work tools, and a dizzying array of platforms. But unlike the large enterprise, SMBs often have fewer dedicated information security staff to manage the increasing attack surface these systems create. As if to prove the point, attacks on the SMB are escalating: 66% experienced a cyberattack in the past year, with average incident costs on the rise. In a world where smaller business data is as monetizable as that of the large enterprise, it’s not surprising that bad actors target organizations they may reasonably assume have weaker defenses.
I think it’s safe to say the SMB is keeping pace with their larger brethren in terms of IT complexity (if not scale) but falling short in terms of the methods to keep a handle on it—and they appear to be suffering the consequences.
Are Managed Security Solutions the Answer?
While it appears many SMBs could use a lifeline, the extent to which managed security services (MSS) are that holistic answer requires a deeper analysis of the organization’s unique strengths and weaknesses. Cyber risk is not a simple problem, and solutions are not “one-size-fits-all.” On the plus side, MSS offers companies the ability to quickly augment internal capabilities with a high degree of specialized expertise, tools, and solutions they may lack without having to take on the daily maintenance, hire from a competitive labor pool, or burden existing staff. By outsourcing these capabilities, companies can leverage teams that are highly specialized in security, enabling them to improve their security defenses in key areas at a lower overall cost as measured against the CapEx, OpEx, and time requirements of standing up the same capabilities internally. Any measure of relative costs must also include the value of mitigating cyber risk—such risks, if capitalized upon by malicious actors, carries significant costs of its own.
However, there is a wide range of managed security services out there—and most providers would happily sell them all to every prospective customer. The burden is on the SMB to fully understand whether and in what areas they need that extra support to supplement the tools, people, processes, and capabilities they already have.
Managed Security Services: Assessing for Optimal Value
Most organizations have made investments in information security tools and resources. A few outperformers (usually large enterprises) may already be at best-practice security in many areas, with dedicated staff, their own Security Operations Center and endpoint detection and response capabilities. Such enterprises may have little need to outsource security functions. Others may focus little on security and require across-the-board help. Most organizations will be somewhere in the middle. Ultimately, the goal should be to maximize the use of the investments already made and augment staff with MSS only where you can get the most strategic value for the expenditure.
To begin, organizations should consider executing a security risk assessment—preferably against a security framework such as the NIST Cybersecurity Framework (CSF) or other, potentially required industry-specific framework (HITRUST would be an example in the healthcare sector). These can be conducted in house or via third-party assessment firms. The output should enable the organization to take an in-depth look at their people, processes, and technology and get a realistic view of where their gaps lie. This up-front work should help isolate areas where MSS would be of great value; and it may identify areas where a few investments may be enough to build internal capabilities sufficiently to manage in house.
At the end of the day, businesses must ensure they have enough resources to do everything from basic blocking and tackling on security—such as log monitoring, patching, sorting through alerts (routine, repetitive, time-consuming tasks) to incident readiness and response and security for endpoints, cloud, and Software as a Service (SaaS), among others. Because the SMB is indeed getting vastly more complex and difficult to defend, this span of specialized security requirements is where gaps often will lie in obvious pockets of both tools and people, leaving direct pointers to where MSS can potentially provide a lifeline.
Managed Security Services for the SMB: The Net-Net
There is no across-the-board answer for whether MSS is right for every SMB and which services offer the most value. Yet applied strategically, MSS can greatly help SMBs bridge the divide between their growing complexity (and associated security vulnerabilities) and that elusive utopia called “Best-Practice Security.” MSS providers do nothing but security and can help address the cybersecurity skills shortage. But to find the right services that complement specific resource gaps, enterprises should first fully assess their own security current state to find out where MSS will add the most value.
About the author: Sam Rubin is a Vice President at The Crypsis Group, where he leads the firm’s Managed Security Services business, assists clients, and develops the firm’s business expansion strategies.
Copyright 2010 Respective Author at Infosec IslandWelcome to the first-ever Security Weekly News Wrap up for the week of January 5th, 2020. We have a massive amount of content here on Security Weekly every week, and Doug White is here to try and sum it all up for you, so you can just hit the high points for the week. So, stick around, and we'll cover all the shows and all the top stories of the week!
Show Notes: https://wiki.securityweekly.com/SWNEpisode2
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan DeCloss, President and CEO at PlexTrac, to talk about How to Improve Penetration Testing Outcomes with Purple Teaming! In our second segment, we welcome Ambuj Kumar, CEO, and Co-Founder of Fortanix, to discuss The Keys to Your Kingdom: Protecting Data in Hybrid and Multiple Public Clouds! In the Security News, Car hacking hits the streets, Four Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES!
Show Notes: https://wiki.securityweekly.com/PSWEpisode634
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro’s collaboration with INTERPOL’s Global Complex for Innovation helped reduce cryptojacking by 78% in Southeast Asia. Also, read about three malicious apps in the Google Play Store that may be linked to the SideWinder threat group.
Read on:
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
Trend Micro found three malicious apps in the Google Play Store that work together to compromise a device and collect user information. The three malicious apps — disguised as photography and file manager tools — are likely to be connected to SideWinder, a known threat group that has reportedly targeted military entities’ Windows machines.
Operation Goldfish Alpha Reduces Cryptojacking Across Southeast Asia by 78%
Interpol announced the results of Operation Goldfish Alpha, a six-month effort to secure hacked routers across the Southeast Asia region. The international law enforcement agency said its efforts resulted in a drop of cryptojacking operations across Southeast Asia by 78%, compared to levels recorded in June 2019. Private sector partners included the Cyber Defense Institute and Trend Micro.
Celebrating Decades of Success with Microsoft at the Security 20/20 Awards
Trend Micro, having worked closely with Microsoft for decades, is honored to be nominated for the Microsoft Security 20/20 Partner awards in the Customer Impact and Industry Changemaker categories. Check out this blog for more information on the inaugural awards and Trend Micro’s recognitions.
Security Predictions for 2020 According to Trend Micro
Threat actors are shifting and adapting in their choice of attack vectors and tactics — prompting the need for businesses and users to stay ahead of the curve. Trend Micro has identified four key themes that will define 2020: a future that is set to be Complex, Exposed, Misconfigured and Defensible. Check out Digital Journal’s Q&A with Greg Young, vice president of cybersecurity at Trend Micro, to learn more about security expectations for this year.
The Everyday Cyber Threat Landscape: Trends from 2019 to 2020
In addition to security predictions for the new year, Trend Micro has listed some of the biggest threats from 2019 as well as some trends to keep an eye on as we begin 2020 in this blog. Many of the most dangerous attacks will look a lot like the ones Trend Micro warned about in 2019.
5 Key Security Lessons from the Cloud Hopper Mega Hack
In December 2019, the U.S. government issued indictments against two Chinese hackers who were allegedly involved in a multi-year effort to penetrate the systems of companies managing data and applications for customers via the computing cloud. The men, who remain at large, are thought to be part of a Chinese hacking collective known as APT10.
The Summit of Cybersecurity Sits Among the Clouds
Shifts in threats in the security landscape have led Trend Micro to develop Trend Micro Apex One, a newly redesigned endpoint protection solution. Trend Micro Apex One brings enhanced fileless attack detection and advanced behavioral analysis and combines Trend Micro’s powerful endpoint threat detection capabilities with endpoint detection and response (EDR) investigative capabilities.
New Iranian Data Wiper Malware Hits Bapco, Bahrain’s National Oil Company
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain’s national oil company. The incident took place on December 29th and didn’t have the long-lasting effect hackers might have wanted, as only a portion of Bapco’s computer fleet was impacted and the company continued to operate after the malware’s detonation.
Ransomware Recap: Clop, DeathRansom, and Maze Ransomware
As the new year rolls in, new developments in different ransomware strains have emerged. For example, Clop ransomware has evolved to integrate a process killer that targets Windows 10 apps and various applications; DeathRansom can now encrypt files; and Maze ransomware has been targeting U.S. companies for stealing and encrypting data, alerted by the Federal Bureau of Investigation (FBI).
4 Ring Employees Fired for Spying on Customers
Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure comes in a recent letter to senators from Amazon-owned Ring as it attempts to defend the privacy of its platform, which has been plagued by data privacy incidents over the past year.
Web Skimming Attack on Blue Bear Affects School Admin Software Users
A web skimming attack was recently used to target Blue Bear, a school administration software that handles school accounting, student fees, and online stores for educational institutions. Names, credit card or debit card numbers, expiration dates and security codes, and Blue Bear account usernames and passwords may have been collected.
Patched Microsoft Access ‘MDB Leaker’ (CVE-2019-1463) Exposes Sensitive Data in Database Files
Researchers uncovered an information disclosure vulnerability (CVE-2019-1463) affecting Microsoft Access, which occurs when the software fails to properly handle objects in memory. The vulnerability, dubbed “MDB Leaker” by Mimecast Research Labs, resembles a patched information disclosure bug in Microsoft Office (CVE-2019-0560) found in January 2019.
A Trend Micro honeypot detected a cryptocurrency-mining threat on a compromised site, where the URL hxxps://upajmeter[.]com/assets/.style/min was used to host the command for downloading the main shell script. The miner, a multi-component threat, propagates by scanning vulnerable machines and brute-forcing (primarily default) credentials.
What are your thoughts on the rise of cryptomining malware and cryptojacking tactics? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: INTERPOL Collaboration Reduces Cryptojacking by 78% and Three Malicious Apps Found on Google Play May be Linked to SideWinder APT Group appeared first on .
This week, we talk Enterprise News, to talk about Tapplock introducing new enterprise fingerprint scanning padlock accessories, Protecting corporations without sacrificing performance with Cloudflare, as well as their acquisition of S2 Systems, Pulse Secure, and SecureWave enter a partnership, Mimecast acquires Segasec, and more! In our second segment, we discuss Docker Container Security - Vulnerable Upon Inception! In our final segment, we welcome back Britta Glade, Director of Content and Curation for RSAC, and Linda Gray, Senior Director and General Manager for RSAC, to discuss what to expect at the world's largest cybersecurity conference in San Francisco!
Show Notes: https://wiki.securityweekly.com/ESWEpisode167
To register for RSAC 2020 using our discount code or to book an interview with Security Weekly on-site at RSA Conference visit: https://securityweekly.com/rsac2020
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week on Security and Compliance Weekly, we welcome Ian Amit, CSO at Cimpress, to discuss utilizing quantitative (vs qualitative) metrics in a security program, maturing it from a technical novelty to something a business can align with and see value from, and understanding where security fits into risk management!
Show Notes: https://wiki.securityweekly.com/SCWEpisode12
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
As we kickoff a new decade, it's time, once again, to gaze into our crystal ball and look at the year ahead.
In 2020, businesses of all sizes must prepare for the unknown, so they have the flexibility to withstand unexpected and high impact security events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since new attacks will most certainly impact both shareholder value and business reputation.
After reviewing the current threat landscape, there are three dominant security threats that businesses need to prepare for in 2020. These include, but are not limited to:
An overview for each of these areas can be found below:
The Race for Technology Dominance
Technology has changed the world in which we live. Old norms are changing, and the next industrial revolution will be entirely technology driven and technology dependent. In short, technology will enable innovative digital business models and society will be critically dependent on technology to function. Intellectual property will be targeted as the battle for dominance rages.
Evidence of fracturing geopolitical relationships started to emerge in 2018 demonstrated by the US and China trade war and the UK Brexit. In 2020, the US and China will increase restrictions and protectionist measures in pursuit of technology leadership leading to a heightened digital cold war in which data is the prize. This race to develop strategically important next generation technology will drive an intense nation-state backed increase in espionage. The ensuing knee jerk reaction of a global retreat into protectionism, increased trade tariffs and embargos will dramatically reduce the opportunity to collaborate on the development of new technologies. The UK’s exclusion from the EU Galileo satellite system, as a result of the anticipated Brexit, is one example.
New regulations and international agreements will not be able to fully address the issues powered by advances in technology and their impact on society. Regulatory tit for tat battles will manifest across nation states and, rather than encourage innovation, is likely to stifle and constrain new developments, pushing up costs and increasing the complexity of trade for multinational businesses.
Third Parties, the IoT and the Cloud
A complex interconnection of digitally connected devices and superfast networks will prove to be a security concern as modern life becomes entirely dependent on technology. Highly sophisticated and extended supply chains present new risks to corporate data as it is necessarily shared with third party providers. IoT devices are often part of a wider implementation that is key to the overall functionality.
Few devices exist in isolation, and it is the internet component of the IoT that reflects that dependency. For a home or commercial office to be truly 'smart', multiple devices need to work in cooperation. For a factory to be 'smart', multiple devices need to operate and function as an intelligent whole. However, this interconnectivity presents several security challenges, not least in the overlap of consumer and operational/industrial technology.
Finally, since so much of our critical data is now held in the cloud, opening an opportunity for cyber criminals and nation states to sabotage the cloud, aiming to disrupt economies and take down critical infrastructure through physical attacks and operating vulnerabilities across the supply chain.
Cybercrime – Criminals, Nation States and the Insider
Criminal organizations have a massive resource pool available to them and there is evidence that nation states are outsourcing as a means of establishing deniability. Nation states have fought for supremacy throughout history, and more recently, this has involved targeted espionage on nuclear, space, information and now smart technology. Industrial espionage is not new and commercial organizations developing strategically important technologies will be systematically targeted as national and commercial interests blur. Targeted organizations should expect to see sustained and well-funded attacks involving a range of techniques such as zero-day exploits, DDoS attacks and advanced persistent threats.
Additionally, the insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network.
The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.
Don’t Get Left Behind
Today, the stakes are higher than ever before, and we’re not just talking about personal information and identity theft anymore. High level corporate secrets and critical infrastructure are constantly under attack and organizations need to be aware of the emerging threats that have shifted in the past year, as well as those that they should prepare for in the coming year.
By adopting a realistic, broad-based, collaborative approach to cyber-security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber-threats and respond quickly and appropriately. This will be of the highest importance in 2020 and beyond.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.
Copyright 2010 Respective Author at Infosec Island
This week on Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the best and worst companies and performance of 2019 including Amazon, Apple, Lululemon, Facebook, Boeing, and Pacific Gas and Light! In the Leadership and Communications segment, 5 CIO and IT leadership trends for 2020, First Look: Leadership Books for January 2020, The Right Way to Form New Habits, and 5 Questions You Can Ask to Learn About Company Culture in a Job Interview and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode157
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Happy New Year and welcome to the first episode ever of Security Weekly News! It's another year of malware, exploits, and fun here on the Security Weekly Network, with your host, Doug White! Ransomware, TikTok, and in the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about Iranian Cyber Threats: Practical Advice for Security Professionals!
Show Notes: https://wiki.securityweekly.com/SWNEpisode1
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Cybercriminals are often seen as having the upper hand over the “white hat” community. After all, they’re anonymous, can launch attacks from virtually anywhere in the world, and usually have the element of surprise. But there’s one secret weapon the good guys have: Collaboration. That’s why Trend Micro has always prioritized its partnerships with law enforcement, academia, governments and other cybersecurity businesses.
We’re proud to have contributed to yet another successful collaborative operation with INTERPOL Global Complex for Innovation (IGCI) in Singapore that’s helped to reduce the number of users infected by cryptomining malware by 78%.
Cryptomining On The Rise
Also known as cryptojacking, these attacks have become an increasingly popular way for cybercriminals to make money.
Why?
Because victims don’t know they’ve been infected. The malware sits on their machine in the background mining for digital currency 24/7/365. Increasingly, hackers have taken to launching sophisticated attacks against enterprise IT systems and cloud servers to increase their mining and earning potential. But many still target home computer systems like routers, as these are often left relatively unprotected. Stitch enough of these devices together in a botnet and they have a ready-made cash cow.
That’s why cryptojacking remained the most detected threat in the first half of 2019 in terms of file-based threat components, according to our data.
Unlike serious data breaches, phishing attacks, ransomware and banking Trojans, cryptojacking doesn’t have major impact on the victim. They don’t lose sensitive personal data, there’s no risk of follow-on identity fraud and they’re not extorted for funds by being locked out of their PC.
However, it’s not without consequences: Cryptomining malware can slow your home network to a crawl while running up serious energy bills. It may even bring your home computers to a premature end. Also, there’s always the risk with any kind of malware infection that hackers may switch tactics and use their footprint on your home machines to launch other attacks in the future.
Enter Operation Goldfish Alpha
That’s why we were keen to offer our assistance to INTERPOL during this year’s Operation Goldfish Alpha. Thanks to our broad global visibility into attack trends and infection rates, we were able to articulate the scale of the cryptojacking threat and key mitigation steps, at a pre-operation meeting with ASEAN law enforcement officers in June.
A few months later, we developed and disseminated a key Cryptojacking Mitigation and Prevention guidance document. It details how a vulnerability in MikroTik routers had exposed countless users in the region to the risk of compromise by cryptomining malware. The document explains how to scan for this flaw using Trend Micro HouseCall for Home Networks, and how HouseCall can be used to detect and delete the Coinhive JavaScript that hackers were using to mine for digital currency on infected PCs.
Spectacular Success
Over the five months of Operation Goldfish Alpha, experts from national Computer Emergency Response Teams (CERTs) and police across 10 countries in the region worked to locate the infected routers, notify the victims and use our guidance document to patch the bugs and kick out the hackers.
Having helped to identify over 20,000 routers in the region that were hacked in this way, we’re delighted to say that by November, the number had reduced by at least 78%.
That’s the value of partnerships between law enforcement and private cybersecurity companies: They combine the power of investigative policing with the detailed subject matter expertise, visibility and resources of industry experts like us. We’ll continue to lend a hand wherever we can to make our connected, digital world a safer place.
The post INTERPOL Collaboration Reduces Cryptojacking by 78% appeared first on .
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles! In the Application Security News, Featured Flaws and Big Breaches, Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs)!
Show Notes: https://wiki.securityweekly.com/ASWEpisode90
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Trend Micro Apex One as a Service
You have heard it before, but it needs to be said again—threats are constantly evolving and getting sneakier, more malicious, and harder to find than ever before.
It’s a hard job to stay one step ahead of the latest threats and scams organizations come across, but it’s something Trend Micro has done for a long time, and something we do very well! At the heart of Trend Micro security is the understanding that we have to adapt and evolve faster than hackers and their malicious threats. When we released Trend Micro OfficeScan 11.0, we were facing browser exploits, the start of advanced ransomware and many more new and dangerous threats. That’s why we launched our connected threat defense approach—allowing all Trend Micro solutions to share threat information and research, keeping our customers one step ahead of threats.
With the launch of Trend Micro OfficeScan XG, we released a set of new capabilities like anti-exploit prevention, ransomware enhancements, and pre-execution and runtime machine learning, protecting customers from a wider range of fileless and file-based threats. Fast forward to last year, we saw a huge shift in not only the threats we saw in the security landscape, but also in how we architected and deployed our endpoint security. This lead to Trend Micro Apex One, our newly redesigned endpoint protection solution, available as a single agent. Trend Micro Apex One brought to the market enhanced fileless attack detection, advanced behavioral analysis, and combined our powerful endpoint threat detection capabilities with our sophisticated endpoint detection and response (EDR) investigative capabilities.
We all know that threats evolve, but, as user protection product manager Kris Anderson says, with Trend Micro, your endpoint protection evolves as well. “While we have signatures and behavioral patterns that are constantly being updated through our Smart Protection Network, attackers are discovering new tactics that threaten your company. At Trend Micro, we constantly develop and fine-tune our detection engines to combat these threats, real-time, with the least performance hit to the endpoint. This is why we urge customers to stay updated with the latest version of endpoint security—Apex One.”
Trend Micro Apex One has the broadest set of threat detection capabilities in the industry today, and staying updated with the latest version allows you to benefit from this cross-layered approach to security.
One easy way to ensure you are always protected with the latest version of Trend Micro Apex One is to migrate to Trend Micro Apex One as a Service. By deploying a SaaS model of Trend Micro Apex One, you can benefit from automatic updates of the latest Trend Micro Apex One security features without having to go through the upgrade process yourself. Trend Micro Apex One as a Service deployments will automatically get updated as new capabilities are introduced and existing capabilities are enhanced, meaning you will always have the most recent and effective endpoint security protecting your endpoints and users.
Trend Micro takes cloud security seriously, and endpoint security is no different. You can get the same gold standard endpoint protection of Trend Micro Apex One, but delivered as a service, allowing you to benefit from easy management and ongoing maintenance.
The post The Summit of Cybersecurity Sits Among the Clouds appeared first on .
FreshRSS 