[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
The Importance of Cybersecurity in M&A Transactions
Ten years ago, a CEO in this position could not be faulted if she closed the transaction as soon as possible following basic due diligence into the financial condition of the target. But in today’s environment, there is an evolving threat to the success of every transaction, one requiring an entirely new level of pre-acquisition investigation called cybersecurity due diligence. Those who ignore this investigation face the real possibility of acquiring not the next crown jewel, but a host of crippling liabilities stemming from an undisclosed cyberattack or data breach.
Despite the obvious risks, according to an article published by Corporate Counsel, titled “Don’t Let Cyberrisk Sour a Good M&A Deal,” a recent study of companies engaged in international M&A found that:
⢠78 percent of respondents believe cybersecurity is not analyzed in great depth or specifically quantified as part of the M&A due diligence process;
⢠83 percent of respondents believe a cyberincident mid-deal, or the identification of past data breaches during due diligence, could have an impact on the transaction; and
⢠90 percent of respondents stated that information about past breaches or cybersecurity weaknesses would reduce the sale price of an acquisition.
Both buyers and sellers need to tread carefully in today’s era of cyberattacks and data breaches. A deep and thorough investigation of the target’s data privacy history and security procedures is now equally as important as confirming the financials, if not more. Simply put, if you don’t know what you’re acquiring in terms of technology and cyberrisk, then you don’t know the value of what you’re acquiring.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1cb168687d&e=20056c7556
Data breaches in Ireland surged 50pc in 2014
Dixon said the principle causes of data breaches were human error and not systemic, such as the inclusion of the wrong bank statement in the wrong envelope or the wrong spreadsheet in an email.
Data protection complaints in 2014 included access rights (54pc), electronic direct marketing (18pc), disclosure (7.2pc), unfair processing of data (5pc), internet search result delisting (3pc) and the use of CCTV footage (3pc).
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1fb3caa0ce&e=20056c7556
10 highest-paying IT security jobs
With increasing concern around identity theft, hacking, data security and privacy, and with a number of high-profile data breaches in the news, organizations are doubling down on their need for qualified, talented security professionals. Not surprisingly, salaries are increasing right along with demand.
“They’re investing heavily in the talent with the skills and experience to protect against these threats. If I were advising an IT pro where they should focus their energies, or a student entering college for an IT degree, I’d tell them you can’t go wrong with a computer science degree and a specialization in security,” says Berkowitz. Here are the 10 highest-paying security roles, based on average salary data from Dice.com clients’ job postings.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9cf6c0bc51&e=20056c7556
Proofpoint Researchers Expose Underground Cybercrime Economy Triggering Surge in Malicious Macros
SUNNYVALE, Calif., June 23, 2015 (GLOBE NEWSWIRE) — Proofpoint, Inc., (Nasdaq:PFPT), a leading next-generation security and compliance company, announces the release of a report that exposes the economic and technical drivers behind the recent worldwide surge of malicious macrosâmany delivering the Dridex banking Trojan. Proofpoint’sThe Cybercrime Economics of Malicious Macrosreport highlights how cybercriminals have, in the last nine months, increasingly returned to cost-effective macros to reach more targets and see a greater return on their financial investment.
Proofpoint’sThe Cybercrime Economics of Malicious Macros report combines technical analysis of malware samples from top malicious macro developers with investigation of underground cybercriminal forums. Results indicate that the high success rates and cost-effectiveness of malicious macros have rapidly and significantly altered the landscape of email-borne threats. Before the latter half of 2014, cybercriminals relied overwhelmingly on malicious URLs to deliver malware in high-volume unsolicited email phishing campaigns.
Campaigns rely heavily on the human factor.
Macros campaigns are increasingly sophisticated and evade many modern detection tactics including sandboxes.
Effectiveness is a primary driver.
Malicious macro attachment campaigns have grown in both size and frequency.
Sophisticated actors lead the campaigns.
Lower cost and high accessibility promote attacker success.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b156412022&e=20056c7556
System Vulnerabilities That Hackers Can Easily Exploit
Businesses are subject to a large number of threats, so many in fact that sometimes it is impossible to manage all of them. This is the fact that hackers prey on â they find the vulnerabilities in a business and use that to their advantage. No matter the type of information stored in the database that hackers are trying to get into, whether financial or proprietary, it will hold value for them. Believe it or not, the vulnerability of a system is often created by the people that run the systems. Take a minute to learn about these vulnerabilities in order to protect your company.
– Deployment Issues – Multiple Devices on the Network – Untrained Employees – Avoiding Patches
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e48ea2383c&e=20056c7556
Cyber crime ‘costing Middle East $1 billion’
The Middle East IT sector is on track to register a year-on-year growth of 8 per cent against a backdrop of cyber crime which is costing the region up to $1 billion, said organisers of an upcoming cyber security event in Abu Dhabi, UAE.
The first Middle East Cyber Security Life event, organised by Comexposium and DG Consultants and to take place on February 16-18 201, will address the issues associated with the latest trends in technological development and IT security, attended by industry experts from around the world.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=94acdcf4b5&e=20056c7556
Attack as the best form of defence â should we consider unleashing cyber security teamsâ offensive talents?
Responding to cyber attacks involves many specialist teams. There is the triage team, which analyses how the attack is affecting the organisation and how best to prevent or at least reduce damage caused by the attack. Forensic analysts then examine how the attack was carried out and attempt to gather evidence to enable prosecutions. Lastly, the defensive security teams use the information provided by the other teams to try to prevent the organisation from being attacked in the same way again.
Hypothetically (and bear with me because this is a bit radical), but what if an offensive security resource, whose job it was to identify the perpetrators of the attack and destroy their capability to continue the attack, were to be included in these teams? These would be highly skilled practitioners capable of sophisticated cyber attacks in their own right and, crucially, able to categorise different types of attacker. Large organisations may feel this is something they could do themselves. Smaller organisations would almost certainly want to engage someone else to do this for them, in the same way that incident response is currently handled.
As things stand, businesses and citizens cannot rely on the legal system preventing, or even punishing, cyber attacks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1a784cdbdd&e=20056c7556
Breach Defense Playbook: Open Source Intelligence
Your OSINT program should passively monitor while not actively participating in ongoing communications. For example, you should listen to chat rooms and watch forum posts, but donât engage, as it would tip the attackers off that you are watching them. If they find out that you are listening to their conversations, then they will âgo darkâ to where you cannot listen in, and then you will not get any information.
The last step in the OSINT cycle is reporting. The goal of the program is to provide your operational personnel and leadership with the information they need to properly assess and react — keep in mind that this requires packaging in a way thatâs easily âtranslatableâ for those on the leadership team that are further removed from day-to-day security practices.
If in any situation you find information that could indicate an eminent cyber or physical threat or attack, you should have an emergency escalation plan in place and put it to use.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ae96978761&e=20056c7556
CISOs: Why you should care about whoâs attacking your firm
Over 95 per cent of chief information security officers (CISOs) say it is at least âmoderately likelyâ that their company will face what they call an âadvancedâ attack in the next 12 months and, worse, nearly three-quarters of CISOs think their function wonât deal with it properly.
One big problem is that many CISOs only focus on how an attack is conducted (i.e., on the techniques used), and assume that figuring out who is behind an attack is for IT vendors, law enforcement, or only the most advanced information security (IS) functions. This is short-sighted and means teams will miss valuable information that is not overly onerous to collect and can help combat many different types of threat.
For instance, because organised crime, competitor, and state-sponsored attackers are more likely to launch multiple attacks, recording information about these intruders can help organizations recognise them again in the future.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ed42c99bb5&e=20056c7556
Cybersecurity Threat-Sharing in the Legal Community
Law firms face cybersecurity risks (and related legislation) on two major fronts: externally, for clients, and internally, as law firms are attractive targets for hackers of all kinds. Recently, The New York Times reviewed an internal report from Citigroup’s Cyber Intelligence Center that outlined the financial institution’s concerns related to attacks on law firm networks, in an article titled “Citigroup Report Chides Law Firms for Silence on Hackings.” The report stated that law firms were at “high risk for cyberintrusions” and would “continue to be targeted by malicious actors looking to steal information on highly sensitive matters such as mergers and acquisitions and patent applications.â
A large part of the problem is a lack of communication. Attorneysânevermind the general publicâhave likely not heard of many (if any) cyberattacks or data breaches affecting law firms. But they do occurâfrequently. Law firms present treasure troves of rich information regarding intellectual property, trade secrets and client listsâon top of personally identifiable information available on internal networks. Unfortunately, a 2014 law firm cybersurvey conducted by Marsh USA indicated that 72 percent of respondents said their firm had not assessed or scaled the cost of a data breach based on the information it retains. This raises significant points to consider: Has your firm established a data breach response plan? Has your firm hired a third-party vendor to perform network penetration testing? Do you know how secure your data is?
It is not just law firms that are reluctant to share information regarding data breaches and cyberattacks. However, law firms are at an interesting intersection of these hot issues, as legal practice groups relating to privacy, data security, data protection, cyberlaw and cybersecurity crop up throughout the country. As firms look to protect the cybersecurity legal needs of their clients, they also must look inward and analyze how to best protect themselves as well.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9223cc7af3&e=20056c7556
Vectra Releases Post-Intrusion Report on In-Progress Cyberattacks
SAN JOSE, Calif., June 23, 2015 — Vectra Networks, the leader in real-time detection of cyber attacks in-progress, today announced the results of the second edition of its Post-Intrusion Report, a real-world study about threats that evade perimeter defenses and what attackers do once they get inside your network.
Report data was collected over six-months from 40 customer and prospect networks with more than 250,000 hosts, and is compared to results in last yearâs report. The new report includes detections of all phases of a cyber attack and exposes trends in malware behavior, attacker communication techniques, internal reconnaissance, lateral movement, and data exfiltration.
According to the report, there was non-linear growth in lateral movement (580 percent) and reconnaissance (270 percent) detections that outpaced the 97 percent increase in overall detections compared to last year. These behaviors are significant as they show signs of targeted attacks that have penetrated the security perimeter.
While command-and-control communication showed the least amount of growth (6 percent), high-risk Tor and external remote access detections grew significantly. In the new report, Tor detections jumped by more than 1000 percent compared to last year and accounted for 14 percent of all command-and-control traffic, while external remote access shot up by 183 percent over last year.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=340d3d4f76&e=20056c7556
SEC Hunts Hackers Who Stole Corporate Emails to Trade Stocks
U.S. securities regulators are investigating a group of hackers suspected of breaking into corporate email accounts to steal information to trade on, such as confidential details about mergers, according to people familiar with the matter.
The Securities and Exchange Commission has asked at least eight listed companies to provide details of their data breaches, one of the people said. The unusual move by the agency reflects increasing concerns about cyber attacks on U.S. companies and government agencies.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d13f6ef927&e=20056c7556
There’s Another Adobe Flash Zero-Day And Chinese Hackers Are Abusing It
Yet another Adobe Flash zero-day, a previously-unknown and unpatched software vulnerability, has been uncovered. According to experts at FireEye, a group of Chinese hackers are abusing it, though in a rather unstealthy way.
The hackers, according to the US security firm, have been abusing the Flash vulnerability this month to get leverage on targetsâ networks, steal passwords and set up surveillance operations. But their initial email, designed to get the user to click on a link, contained a lure usually seen by bottom feeder cybercriminals. âSave between $200-450 by purchasing an Apple AAPL -0.45% Certified Refurbished iMac through this link. Refurbished iMacs come with the same 1-year extendable warranty as new iMacs. Supplies are limited, but update frequently,â one email read.
And yet FireEye believes the APT3 group to be one of the more sophisticated threat groups around. It has targeted major businesses from critical industries, including aerospace and construction, the firm said. APT3 was spotted abusing a Microsoft MSFT -0.74% Internet Explorer zero-day last year in an operation labelled âOperation Clandestine Foxâ.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5463b5d3f8&e=20056c7556
Winnti Malware Gets into Pharmaceutical Business
A large pharmaceutical company in Europe has been targeted by the operators of Winnti, a piece of malware believed to be used to exfiltrate sensitive information from entities related to the gaming business.
However, recent findings show that the campaigns of the Winnti group target entities from a wider range of sectors, as Kaspersky picked up samples from the toolkit version analyzed by Novetta that suggested an attack on a âwell-known global pharmaceutical company headquartered in Europe.â
Indication that Winnti has compromised a computer system is the presence of âtmpCCD.tmpâ in the Windows temporary folder and the files âServiceAdobe.dllâ and âksadobe.dat.â When working, the RAT (remote access Trojan) also uses a service pretending to be from Adobe (Adobe Service).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c8f632edd8&e=20056c7556
Education Sector Represents Over One-Third Of All Detected Malware-Related Events, According To New Report From NTT Com Security
Students, faculty and staff beware: education continues to represent more than one-third of all detected malware events during 2014, according to the 2015 Global Threat Intelligence Report (GTIR) from NTT Com Security that analyzed attacks, threats and trends from over six billion attacks last year.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=962b00c8d4&e=20056c7556
Greater Risk of Data Theft and a Growing BotNet Infection Identified in ScrapeSentry Scraping Threat Report 2015
Analysis of ScrapeSentryâs Global Scraping Intelligence Platform, which is the largest database for scraping related activity, has shown another yearâs growth in scraping attacks on the six sectors at greatest risk of the activity. Those sectors are Travel, Online Classifieds, Online Directories, Ticketing, Betting and E-Commerce.
Looking at where scraping traffic originates, USA now tops the table, accounting for 49% in 2014. In the previous year, China, USA and Australia combined accounted for 50% of the traffic.
However, this year the report shows that the ratio of total traffic to scraper traffic is worst from traffic originating in China. China accounts for 1.40 % of the total traffic but 17.13 % of the scraper traffic
In the case of the Travel Industry, it has seen scraper numbers more than double from 15% of visitors in 2013 to 33% last year.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9839d4824b&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=83f8aed9a8)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)