[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* 27% of US office workers would sell their passwords
* Mystery Of New York Fed Robbery Has Central Banks Asking Who’s Next
* In light of pervasive security threats, why not encrypt everything?
* Enhancing Singapore’s response to terrorism
* This one chart explains why cybersecurity is so important
* Managing cybersecurity and supply chain risks: The board’s role
* Turning cyber security threats into opportunity of growth
* Elisa says 3% of SMEs have suffered data breach
* Cocktail of global security threats pose real danger to maritime environment, MAST warns
* Three Health IT Trends to Watch in 2016: Cybersecurity, Telemedicine and Partnerships
* PCI Council Adds European Partner to Fight Fraud
* A third of email sent to U.S. House is malware, a virus or spam
* The IT-security divide is limiting full cyber attack chain analysis, expert warns
* Hacker-proof boardrooms top corporates’ agenda
* From Quidditch to cyber warfare: Israel’s military elite take on hackers, Harry Potter style
* Australian defense minister submits defense white paper to Indonesia
* The next generation of APTs: Highly successful but surprisingly simple
* Money managers starting to buy cyberattack insurance
* The Service Desk: The Unsung Hero of IT Security
* 25% of knowledge workers don’t trust their IT teams with personal data
* Amid Hacking Threats, Law Firms Turn to Cyber Insurance
* Malware Word Search: Identifying Angler’s Dictionary
* How to keep your highly skilled and paid security team happy and engaged
* Coming soon, Denmark’s intelligence presents the Danish Hacker Academy
* Threat intelligence exchanges OK, but most prefer to receive intel rather than give
* Cyber insurance gets Hill attention
27% of US office workers would sell their passwords
The study itself was conducted by Vanson Bourne, an independent research firm.
The same survey was conducted last year as well, but then only one in seven employees were willing to sell their passwords.
Crooks have to be willing to shell out some dough, however, as 56 percent of employees priced their credentials at over $1,000.
Others, however, were willing to go as low as $100.
“Last year, the minimum mark was $150,” said Rizkallah. “Things are getting worse.”
Plus, the employees were sneaky.
Many respondents added that after getting the money, they would immediately change their passwords.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6d1a27a627&e=20056c7556
Mystery Of New York Fed Robbery Has Central Banks Asking Who’s Next
On a quiet Friday morning in early February, a series of instructions using authenticated SWIFT codes was sent to 33 Liberty allegedly from the Bangladesh central bank requesting the transfer of nearly $1 billion from the country’s FX reserves.
Now, the first thing that should jump out at you there is that Friday is a weekend in Bangladesh, a fact which probably should have set off alarm bells.
But alas, it didn’t and by the time the hackers who sent the transfer instructions screwed the pooch by spelling “foundation” wrong in one of the requests, more than $80 million was sent to the Philippines where it landed in four accounts and eventually ended up transferred to at least two casinos and one unidentified man “of Chinese origin” who has since been named as a Weikang Xu.
For those who might have missed the story, here are our three previous accounts of what is truly a Hollywood-esque plot line:
According to testimony from a Rizal executive heard at a Senate hearing in the Philippines late last week, some $427,000 in cash was withdrawn from one of four accounts that received the illicit funds.
That money was promptly deposited – into the back of Deguito’s car.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d753d31567&e=20056c7556
In light of pervasive security threats, why not encrypt everything?
In healthcare, we all know what a breach is.
Generally, it’s an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of protected health information.
So here is the basic question: Since encryption of electronic PHI is the only true safe harbor of protection offered to providers, why not encrypt everything, whether it’s portable or on the desktop.
Today, encryption tools are embedded in current operating systems and come with almost every device purchased.
Why not use it?
Whatever the financial and human capital costs to encrypt all electronic devices (and it would not be that great these days), it pales in comparison to the costs of handling a breach, not to mention the imputed value of reputational damage.
As the stakes rise for keeping information secure, the industry needs to re-examine long-held practices—or the lack thereof—to protect patient information.
Any cost that offers protection against the damage of a hacker’s cyber attack now appears to be a defensible cost.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=acf3569590&e=20056c7556
Enhancing Singapore’s response to terrorism
Home Affairs Minister K.
Shanmugam announced changes to harden Singapore against a terrorist attack at a Home Team Leaders’ Forum yesterday.
Here is an edited excerpt of his speech.
It is no longer a question of whether an attack will take place but when an attack is going to take place in Singapore and we have to be prepared for that.
The critical task for the Ministry of Home Affairs (MHA) is really to deal with this in the coming years.
We have in place a comprehensive counter-terrorism strategy, which has dealt with the challenges so far and quite effectively.
Now we have to deal with an increased set of threats and deal with a new modus operandi.
There is no time to waste.
We have to do this urgently.
We have to and will significantly enhance measures in two areas: security protection and vigilance, and security response.
First, we will further enhance protective security measures for buildings and premises.
These include critical infrastructure, like Changi Airport and government buildings, and also soft targets, like entertainment centres, sports facilities and shopping centres.
The Home Team will develop deep data analytical capabilities to allow real-time monitoring and analysis of the CCTV data.
This will allow us to plan and execute our responses much more incisively.
The footage will also help us identify the perpetrators, shorten the time taken to apprehend them and prevent them from launching more attacks.
We will set up the network infrastructure to allow CCTV data in more areas to be accessible to the police, on-demand.
These include CCTVs monitoring the public transportation system, commercial buildings with high footfall and government buildings.
I will speak about this in Parliament, at some point, soon.
Police will work closely with premises owners to allow police access to their CCTVs.
Members of public will also be able to submit videos to the police on crowdsourcing platforms.
These are preventive, protective measures that we intend to put in place with necessary legislation.
But we must assume that even with all these measures, some attacks will get through, so we will also enhance our ability to respond to these attacks.
When an attack takes place, the speed and the manner in which we respond will be critical in taking down the attackers and limiting the damage.
Our ability to deal with terrorism effectively as a country depends on how many Singaporeans face up to, and respond, to this challenge as individuals and as members of the community.
I mentioned earlier that the aim of the attackers is to inflict maximum fear and casualties and divide society.
This is why the cornerstone of a counter-terrorism strategy has to be a community response plan – one that enhances community vigilance, community cohesion and community resilience.
With these considerations in mind, the Home Team will develop and launch a new national programme, which we will call “SG Secure”.
SG Secure will represent our national strategy to safeguard our homeland and our way of life against this threat.
Just as we have “Total Defence”, which involves every Singaporean playing a part for the defence of Singapore, SG Secure must become a rallying call for Singaporeans from all walks of life to unite, to play a part in making Singapore a safe place that it is today.
The fight ultimately is one between Freedom and Terror; a fight between Liberty and Servitude; a fight between the spirit of Humanity and the forces of Darkness; or very simply, a fight between Good and Evil.
I don’t believe that the terrorists will ever win in the longer term.
We must believe that we can never be kept down by terror.
Liberty, Freedom and the Human Spirit will ultimately succeed.
But we have to be prepared to fight for it.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a0d0f48460&e=20056c7556
This one chart explains why cybersecurity is so important
New hacking threats have emerged in the past two years, and with it has come an large increase in worldwide concern about cybersecurity.
In the infographic below, John Greenough of BI Intelligence, Business Insider’s premium research service, explains what cybersecurity is, what the investment will be, the top types of attacks, and the ways enterprises are protecting themselves.
In 2014, 69% of executives expressed concerned about cyber threats, including a lack of data security, according to a PricewaterhouseCoopers survey.
In 2015, an updated survey increased that number to 86%, so it’s clear that the desire for better cybersecurity is not going away anytime soon.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9e19d2046c&e=20056c7556
Managing cybersecurity and supply chain risks: The board’s role
Security is no longer solely the IT and security department’s responsibility.
The types of threats alone have changed in recent years, as politically motivated attacks and those seeking intellectual property become increasingly commonplace.
Take supply chain risk management (SCRM), for example.
When making the case to the board regarding the return on investment value of GRC analytics, the supply chain is a good place to start, said Jon Boyens, program manager of cyber-SCRM at NIST.
“Supply chain folks have been fairly successful in showing ROI because supply chain disruptions are expensive,” Boyens said during an RSA panel.
Just how expensive.
For starters, 55% of supply chain disruptions will exceed $25 million in costs, according to a recent survey by Business Continuity Institute.
Furthermore, 24% of these are caused by cyberattacks and 22% by data breaches.
It’s one thing to bring these statistics and risks to the attention of board members; the challenge is in helping them to understand that information and their role in managing supply chain risks and making use of GRC analytics.
“This is important because, as you’re preparing for the board, for senior management, what involvement level do they have and how often do you [have that conversation with them]?” Arsenault said.
“You have CIOs, CISOs responsible for IT; different business lines responsible for their business line — but there is rarely any intersection between the two,” he said.
This stems from not only the lack of intersection between SCRM training and IT management training but also system owners’ lack of involvement in information security processes.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5fe4feb0f8&e=20056c7556
Turning cyber security threats into opportunity of growth
All of a sudden, the dream of digital possibilities has turned into a frightening experience.
It has obviously dented the confidence of the people in the digital infrastructure in handling critical affairs.
In the aftermath of losing US$100 million in the biggest-ever cyber robbery, responsible people are blaming each other over the handling of the incident which may be likened to a tsunami or earthquake.
Some officials have also been fired.
Now, what measures should the government of Bangladesh take to combat information security menaces.
Like a coin, cyber security threat has two sides.
The heist of US$100 million of foreign currency reserves of the Bangladesh Bank (BB) from the account of the Federal Reserve Bank of New York has exposed the devastating side of the coin, traumatising the whole nation.
Bangladesh must focus on building the epicentre of information security innovation and entrepreneurships around universities-which may take a decade to start producing tangible results.
But this is the only option we have to turn cyber security threat into the opportunity of growth for us-like the way many smart nations have turned critical impediments to new engine of economic growth.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4b2725c388&e=20056c7556
Elisa says 3% of SMEs have suffered data breach
Finnish operator Elisa and the Federation of Finnish Enterprises (Suomen Yrittajiat) have published a study on digitisation and security among small and medium-sized enterprises (SMEs).
The majority of entrepreneurs (84%) felt that their company had not been compromised, while 13 percent were unsure and 3 percent said they had been victims of a data breach.
It said this translated to approximately 6,000 SMEs with between two and 50 employees.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7e03a2f13b&e=20056c7556
Cocktail of global security threats pose real danger to maritime environment, MAST warns
Asia was also the most active region for maritime crime in 2015, according to MAST’s new Risk Map.
There were a total of 386 maritime crime incidents reported, with 66% of all pirate activity taking place in Asia (255 incidents) compared with 16% around the Horn of Africa and 17% on the West African Coast.
A total of 62 counts of maritime crime were counted in the Horn of Africa, with nine logged as pirate attacks.
These numbers are a significantly low for the area which was traditionally a piracy hotspot and at its peak in 2008 cost the global economy around $6bn.
Of the 255 incidents in Asia last year, 97% involved a ship being boarded by unknown assailants with almost half (47%) resulting in a robbery, and 10 cases leading to the ship being hijacked.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2843a9e6bb&e=20056c7556
Three Health IT Trends to Watch in 2016: Cybersecurity, Telemedicine and Partnerships
Navigant’s healthcare practice identified three healthcare IT trends in 2016 that will have a profound impact on their business:
Cybersecurity
Telemedicine
Partnerships
Trend #1: Sophisticated Cybersecurity Protects Against Complex Cyberattacks
Trend #2: Technology Enables Patients to Own Their Healthcare
Trend #3: Companies Must Enhance IT Services and Offerings
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=313ef8ebaf&e=20056c7556
PCI Council Adds European Partner to Fight Fraud
The PCI Security Standards Council envisions PCI-DSS as a single, globally-unified data security standard.
Now that the European Card Payment Association is a strategic regional member of the council, that goal is significantly closer, says Jeremy King, the council’s international director.
The PCI Council on March 22 formally announced its partnership with the ECPA, describing the pairing as “joining forces to protect against payment data theft around the world.” What this means in practical terms is that the ECPA will now collaborate with the council’s working groups and committees to help shape future versions of PCI-DSS, as well as to promote adoption of the standard to its members, in conformance with evolving European Union regulations.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fcc8060a5a&e=20056c7556
A third of email sent to U.S. House is malware, a virus or spam
WASHINGTON — Roughly a third of the 200 million emails received by the U.S.
House in 2015 were comprised of malware, viruses or spam, according to the top House administrator.
House officials used cybersecurity tools to detect and block those emails, but the people trying to breach the network are getting craftier, House Chief Administrative Officer Will Plaster said at a recent hearing of the House Appropriations Legislative Branch Subcommittee.
Plaster was responding to questions from Rep.
Steven Palazzo, R-Miss., who said he is concerned about phishing attempts by “bad actors” trying to get congressional aides to click on innocent-looking email attachments and links that allow potential spies inside the House network.
Hackers who try to get into government networks can range from criminals trying to steal employees’ identities to foreign governments seeking classified information.
“The use of malware has gone up, whether you’re talking about government or the private sector,” said Arun Vishwanath, a communications professor and cybersecurity expert at the University at Buffalo. “Five to eight years ago, you would have had to have the ability to create your own malware if you wanted to infiltrate a system.
Now, you can just go buy malware off the shelf and use it.”
Plaster said the House administration is putting in place “more and more tools to monitor traffic within the network” and stop intruders from moving around within the network if they get inside.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=807572e38b&e=20056c7556
The IT-security divide is limiting full cyber attack chain analysis, expert warns
Despite years of technological progress, many companies are deploying security defences with an eye to blocking malware and command-and-control (C&C) traffic but fail to build internal relationships that ensure regular cyber attack chain gap analysis becomes an ongoing part of business as usual, an operational-security expert has warned.
This operational gap had emerged as many businesses implement appliance-based security without “a commitment to making prevention part of the architecture,” Tim Treat, cyber operation and defence expert with Palo Alto Networks, told CSO Australia.
“CISOs and CIOs cannot defend their enterprise in a vacuum,” he added, “and gap analysis isn’t a one-time deal; it’s a commitment we make with them, and every quarter we go in with IT architects and security architects to assess how fully the technologies are deployed.
It comes down to knowing your environment: you have to know what’s happening in the environment at all times.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=370d631583&e=20056c7556
Hacker-proof boardrooms top corporates’ agenda
Last week, Flipkart’s finance chief got an email from an account that looked similar to that of co-founder Binny Bansal, with an instruction to transfer $80,000 to a bank account.
According to research by PricewaterhouseCoopers, even the biggest companies are vulnerable to cyberattacks.
Hackers apparently have access to 525 email addresses of 34 companies (out of Nifty 50), and can potentially target these companies at their will, it said.
In the past one year, hackers have graduated to targeting big conglomerates as well, including prying on directors during the boardroom meetings.
“Cybersecurity in board rooms has become very important and this is not just about checking whether the room is bugged or not.
There are ways by which hackers can remotely trigger recording in the cellphone of a person attending the meeting or even hack into CCTV cameras and check the feed,” said Altaf Halde, managing director, South Asia, at software security group Kaspersky Lab India.
Top Comment
Board rooms must be protected from hackers to protect the company.Valid Sach
Often, say industry experts, the attack doesn’t come from the hacker but even from a competitor.
And, the espionage is only increasing and going to a different level in finding out what is happening inside the board room. “There have been instances reported where, apart from the cell phones and laptops of board members, the meeting room’s answering machine and the EPBX have been compromised to tap the room’s conversations.
We are moving towards a time where, like physical body guards, individuals will subscribe to virtual body or identity guards,” said Saket Modi, CEO of Lucideus Tech, an online cybersecurity company.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1beee414c3&e=20056c7556
From Quidditch to cyber warfare: Israel’s military elite take on hackers, Harry Potter style
Israeli’s newly formed Cyber Command are training in the virtual battlefield with Harry Potter drills including one exercise based on Quidditch, the sport played on broomsticks in the wizard world.
During the course, cyber cadets from land, air and sea corps were assigned to groups named after houses at the school in the Harry Potter books.
One exercise was based on Quidditch, the wizarding sport played on broomsticks.
In another drill, an insider based on the series’ Severus Snape character infiltrated networks while Death Eaters attacked on the perimeters.
Recruits both parried and carried out attacks on their fantasy enemies.
For the officer trainees in Israel’s cyber command, a top priority is learning to recognize that something as seemingly insignificant as an error message may be suspect.
Israel’s cyber security industry numbered nearly 430 companies at the end of 2015, according to the IVC Research Center, which tracks technology venture capital funding.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=763fd6a47f&e=20056c7556
Australian defense minister submits defense white paper to Indonesia
Jakarta (ANTARA News) – Australian Defense Minister Marise Ann Payne has submitted a copy of Australias white paper on defense to the Indonesian government.
The paper was submitted at a bilateral meeting between the Minister of Defense Ryamizard Ryacudu and his counterpart Marise Ann Payne on Monday (March 21).
The white paper on defense is a summary of the countrys defense policy, and is used as a guideline.
Sharing of this document is expected to help build mutual trust and ensure transparency.
The Australian Defense Minister said she expected that bilateral cooperation would proceed properly.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=423e3f43e0&e=20056c7556
The next generation of APTs: Highly successful but surprisingly simple
A new generation of Advanced Persistent Threats (APTs) is emerging around the world, and the key point of difference of these threats is that they aren’t advanced so much as they are persistent, says Maya Horowitz, Check Point intelligence operations group manager.
“The new generation of APTs are a bit different,” she says. “They have the same targets that are APT worthy, like government, critical infrastructure, and financial organisations, but nowadays these attacks are not only done by NSA, China, and Russia, but are being outsourced to individuals, and smaller groups who have less financial skills and technical resources.
They’re still APTs, but I would leave the ‘A’ out – they’re not advanced.”
One example of a threat campaign Check Point was able to uncover was known as ‘volatile cedar’, which Horowitz says was successful in breaching the security parameters of organisations, but was not very advanced at all.
In a report on the attack, Check Point wrote, “While many of the technical aspects of the threat are not considered ‘cutting edge’, the campaign has been continually and successfully operational throughout this entire timeline, evading detection by the majority of AV products.
This success is due to a well-planned and carefully managed operation that constantly monitors its victims’ actions and rapidly responds to detection incidents.”
Rocket Kitten is another example of this generation of APTs and has been investigated by organisations around the world, including Check Point.
According to the company, Rocket Kitten highlights a recurring problem: minimal changes to existing malware often evade most current protection solutions, and effectively stopping attackers requires employee engagement as well as basic security measures.
Education requires security teams to step up and become a source of information for their fellow employees.
Horowitz recommends these teams to find out about persistent threats, pick and choose a few that are more common or more easy to protect against, and educate the people – even if it’s just with a simple training session every few months or an email newsletter.
“Today there are smaller organisations that do APTs, there’s outsourcing to individuals to do APTs, and there are just people out there who know how to do some coding and having their own malware, so there are so many threat vectors out there.
And today also every one of us are a target.
It’s not just networks anymore, it’s stand-alone pcs.
Everyone is starting to hear about it, and be aware, but now we need to take the steps to protect ourselves,” she says.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e2444e1d0b&e=20056c7556
Money managers starting to buy cyberattack insurance
About 30% of U.S. institutional money managers had cybersecurity insurance coverage as of Jan. 1, sources said, most of which were firms with more than $10 billion in assets under management.
That compares with only 5% at the start of 2014, they said.
As part of the new round of Regulation SCI reviews, which focus on firms’ technology safeguards in the event of a breach or a system failure, the SEC wants to know what, if any, cybersecurity insurance managers have.
Most managers contacted for this story wouldn’t discuss whether they have cybersecurity insurance, citing overall concerns about publicizing their cybersecurity policies.
Along with the 30% of managers with cybersecurity insurance overall, another 25% have either talked with officials at Crystal and other brokerages about buying such coverage or are in the process of obtaining the insurance, sources said.
Part of the reason money managers — particularly those with less than $10 billion in AUM — don’t have cybersecurity insurance is cost, sources said.
A typical $1 million cyberinsurance policy with a $10,000 to $20,000 deductible for a money manager with $1 billion to $5 billion in assets costs about $10,000 a year in premiums.
Those costs can be onerous when added to firms’ required compliance costs to meet regulations under Basel III and the Dodd-Frank Wall Street Reform and Consumer Protection Act.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=949e03ac81&e=20056c7556
The Service Desk: The Unsung Hero of IT Security
In the real world, for the majority of any data breach-discovery period, it’s likely that an incident would’ve been logged with the service desk.
Properly actioned, there’s no chance it would take 200+ days to discover, and while this boils the argument down to a rather simplistic conclusion, it certainly seems to suggest that these teams could be doing much more to coordinate an effective response – not to mention building a defence against the attack in the first place.
Gartner says that by 2018, 40% of service desk interactions will be via mobile devices and, today, more tickets than ever are specifically IT security related.
Even routine requests that are easily dealt with in isolation may have a bearing on IT security.
Given access to the right tools, the service desk offers a powerful first line of cyber-defence.
The proactive management of operating systems and application vulnerabilities with automated patching; endpoint protection to ensure only authorised applications run; policy-based enforcement of removable devices to control data in/out of endpoints; application control and intelligent white-listing for endpoint security are all pre-requisites to making this happen.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d458c3a65c&e=20056c7556
25% of knowledge workers don’t trust their IT teams with personal data
Research from Code42’s 2016 Datastrophe Study studied over 400 ITDMs that included CISOs and CIOs within companies of 500+ people as well as 1,500 knowledge workers including CEOs, team leaders and employees.
It was discovered that 67 percent of knowledge workers don’t feel their company has a clearly defined bring your own device (BYOD) policy in place, however 65 percent of ITDMs believed that they do.
A quarter (25 percent) of knowledge workers don’t trust their IT teams/employers with their personal data.
Over a third (36 percent) of knowledge workers think the company they work for may be at risk of a data breach in the next year.
Knowledge workers feel that their company’s biggest challenges are insider threats (18 percent), constantly evolving threat (20 percent), unwitting employee behaviour (33 percent), and cyber-threats/hackers (44 percent).
On the other hand, ITDMs say the top challenges are encryption, the constantly evolving threat landscape, gaining visibility of threats (eight percent), cyber-security (13 percent), data privacy (13 percent), and data protection (17 percent).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fe78204e75&e=20056c7556
Amid Hacking Threats, Law Firms Turn to Cyber Insurance
According to insurance brokerage Aon, more than 60 out of the 250 medium and large law firms that it services have purchased cyber insurance within the last two years.
Marsh said that close to 40 percent of its roughly 100 large law firm clients have purchased the insurance, up from 20 percent two years ago.
Insurance professionals say the uptick is driven by an increased awareness of the threat of a data breach or hack, as well as a realization that existing law firm insurance policies don’t cover all the costs that could result from such an attack.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61b09fca73&e=20056c7556
Malware Word Search: Identifying Angler’s Dictionary
Exploit kits are constantly evolving and changing.
We recently wrote about some subtle Angler changes but then Angler changed drastically on March 8.
In this blog post, we will briefly cover these changes, examining different characteristics of the URL structure for Angler and the origins of the words being leveraged to create them.
Beginning on March 8, Talos noticed some major changes to the URL structure for Angler.
These changes were drastic and have altered every part of the URL for the landing pages.
Let’s first look at the old syntax
We extracted thousands words from the landing page URLs all of them unique and a number of them quite obscure, such as epigrammatic, atropine, and umbrageous.
We conclude that corncob.dict is a likely candidate for the source of words used by the Angler URL generation code because all the words seen in the URLs are found in that dictionary, even the obscure ones, and the distribution of lengths and starting letters are very close.
Additionally, corncob has the fewest words which means finding all 1776 words in the URLs by chance is unlikely.
This insight may lead to better detection and may also explain the source of some of the other generated words seen in Angler traffic.
It also offers a technique to identifying the generation mechanisms in other traffic such as DGAs.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b7fb9a2920&e=20056c7556
How to keep your highly skilled and paid security team happy and engaged
All is not lost.
There are several initiatives organizations can undertake to demonstrate their commitment to providing a rewarding cyber security culture that keeps its personnel.
In addition to providing a competitive salary or comparative work-life balance, some factors that can influence an individual’s decision to remain at his place of employment are:
– Determine the satisfaction level of the individual.
– Provide career growth and enhancement.
– Seek out their ideas.
Like in any tea