[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* UAE rises to 41st rank globally as source of cybercrime threats
* FEMA Seeks Comments on National Incident Management System
* Intel Security: more needs to be done to help understand consequences of cloud adoption
* Farms Big and Small Prime Targets for Cyber Attacks
* Cybercriminals zeroing in on Singapore banks
* Cyber crime is an increasingly serious business and a new report released today by Trustwave looks at the top trends from the past year based on real-world data from data breach investigations.
* 77 per cent of companies can’t respond effectively to cyber attacks
* Cybersecurity gets five hearings on Capitol Hill this week
* Google Finds 16,500 New Malware Infections Per Week
* G DATA Releases Malware Report for the Second Half of 2015
* AsTech Consulting Warns Companies That Lacking Adequate Cyber Insurance Coverage Poses Major Threat
* 10 Questions You Must Ask Your Bot Mitigation Vendor
* Vendors’ Cybersecurity is Insurers’ Concern, Too
* NTT Group Announces the Availability of Annual Global Threat Intelligence Report
UAE rises to 41st rank globally as source of cybercrime threats
“One of the major factors is that attackers are becoming more organised and funded.
They [attackers] are operating like normal businesses with working hours and taking holidays in order to increase the efficiency of their attacks against enterprises and consumers,” Hassam Sidani, regional manager for Symantec Gulf, told Gulf News after unveiling its internet Security Threat Report (ISTR), Volume 21.
He said that UAE’s threat profile has worsened in a global ranking from 49 in 2014 to 41 in 2015 with the numbers of attacks originating in the UAE increasing over the last year.
“The UAE is considered a pivotal gateway to the Middle East and owing largely to its world-class IT infrastructure, connectivity and an attractive business environment, the UAE is a commercial hub for a large number of global organisations.
Given its high-profile internationally, the country is a lucrative target for cybercriminals,” he said.
In the Middle East and Africa, UAE dropped one position to sixth place compared to the previous year.
Organisations in the UAE were also highly attacked by spear-phishing (an email fraud attempt from hackers that targets an individual or business to steal confidential data), ranking first within the Middle East and Africa region and eighth globally for targeted attacks.
In the UAE, spam and malicious code (malware) were the most prevalent threats as well: one in 199 emails contained malware, while more than half (55.2 per cent) of the emails were spam.
Notably, the UAE was the source of a considerably larger percentage of global spam in 2015 compared to 2014, catipulating the country’s global rank to 31st place, up 20 positions from 51st in 2014.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3a739e70dc&e=20056c7556
FEMA Seeks Comments on National Incident Management System
Last week, the Federal Emergency Management Agency (FEMA) released the updated National Incident Management System (NIMS) for a 30-day national engagement period.
National engagement provides an opportunity for interested parties to comment on the draft updated NIMS, so that it reflects the collective expertise and experience of the whole community.
The national engagement period will conclude at 5:00 pm EDT May 9, 2016.
The draft NIMS:
• Reiterates the concepts and principles of the original 2004 version and the updated 2008 version;
• Reflects and incorporates lessons learned from exercises and real world incidents and policy updates, such as the National Preparedness System, and the 2013 NIMS Intelligence/Investigation Function Guidance and Field Operations Guide;
• Reflects progress in resource typing and mutual aid and builds a foundation for the development of a national qualification system;
• Clarifies that NIMS is more than just the Incident Command System (ICS) and that it applies to all stakeholders with roles in incident management across all five mission areas (Prevention, Protection, Mitigation, Response and Recovery)
• Provides guidance on a common structure and activation levels for operations and coordination centers, including Emergency Operations Centers (EOC), through new Center Management System (CMS) guidance;
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a9fd7f3021&e=20056c7556
Intel Security: more needs to be done to help understand consequences of cloud adoption
Intel Security today released a global report advocating the need for technology vendors to help businesses, governments and consumers understand the implications surrounding the growing adoption of the cloud.
The report, which discusses the state of cloud adoption, shows that 77 percent of participants noted their organisations trust cloud computing more than a year ago, with just 13 percent who completely trust public cloud providers to secure sensitive data.
The report says these findings highlight improved trust and security and are critical to encouraging continued adoption of the cloud.
Other key findings include:
Cloud investment trends: 81 percent of organisations are planning on investing in infrastructure-as-a-service, closely followed by security-as-a-service (nine percent), platform-as-a-service (69 percent), and lastly software-as-a-service (60 percent).
Security and compliance: 72 percent of respondents list compliance as the primary concern across all types of cloud deployments, and only 13 percent of respondents knew whether or not their organisations stored sensitive data in the cloud.
Security risks and the cloud – perception and reality: More than one in five respondents expressed their main concern around using SaaS is having a data security incident, and correspondingly, data breaches were a top concern for IaaS and private clouds.
The C-Suite blind spot: High-profile data breaches with major financial and reputational consequences have made data security a top-of-mind concern for C-level executives, but many respondents feel there is still a need for more education and increased awareness and understanding of risks associated with storing sensitive data in the cloud.
Shadow IT, risk and opportunity: Despite IT departments’ activity to curb shadow IT, 52 percent of respondents said that some departments still expect IT to secure their unauthorised department-sourced cloud services.
ecurity investment: Cloud security investment varies in priorities across the different types of cloud deployment, with the top security technologies leveraged by respondents being email protection (43 percent), web protection (41 percent), anti-malware (38 percent), firewall (37 percent), encryption and key management (34 percent) and data loss prevention (31 percent).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d54e544bff&e=20056c7556
Farms Big and Small Prime Targets for Cyber Attacks
AMES, Iowa – Officials from the FBI and the Justice Department held a roundtable recently at Iowa State University, emphasizing the seriousness of cyber attacks for a surprising target – the agriculture industry.
“There’s valuable soil and content data,” he explains. “There’s GMO variables.
There’s pesticide and chemical formulas, genetic engineering, innovative animal breeding techniques, planting, harvesting, processing, storage, transporting.
There’s a lot of important business data there.”
“Many smaller farms serve as feeders, essentially, up into the larger elements of the system, so sharing information and securing everybody is really what’s necessary here,” he stresses.
Clinton says trade secrets are currently the biggest risk, but cyber terrorists could one day go after data or even computer-controlled farm equipment in a way that jeopardizes the U.S. food supply.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61098b0cd2&e=20056c7556
Cybercriminals zeroing in on Singapore banks
“Tech-savvy consumers in Singapore are getting more and more reliant on mobile and online banking services but continue to be unaware of evolving cyber threats and risks,” said Vincent Loy, Asia Pacific financial crime and cyber leader, PwC Singapore. “As one of the top financial centres in the world, Singapore banks will continue to face the risk of being more vulnerable, as technologies continue to evolve to keep pace with business and consumer needs.”
Data from IBM showed the most common banking cyberattack in Singapore is through a redirection technique via a trojan – a malware disguised as legitimate software – that sends victims to a fake website when they try to access their online banking site.
Bank customers are fooled into revealing, among other things, authentication codes.
Cybercriminals are attacking employees within organisations such as banks, too.
They may be checking LinkedIn to get a sense of the corporate hierarchy, and crafting legitimate-looking emails in hopes that employees will introduce malware into systems, said Ms Kelley.
She recounted a case experienced by a senior executive at a global financial services firm. “He said to me, ‘I got an email, and it was so good, I would have clicked on it.
And the only reason I didn’t, is that it was supposedly coming from me’.”
The black market for information, such as credit card details, has also evolved, he observed.
Now, buyers can customise their searches for details from cards stolen in a certain country, and within a certain period.
PwC’s 2016 study on information security showed about 25 per cent of banks in Asia had an information security budget of about at least US$10 million.
As a very rough benchmark, the percentage of cybersecurity spending of the total IT budget for banks averages between 4 and 10 per cent, said PwC’s Mr Loy. “To minimise the impact of attacks, organisations should look at their governance, processes, people and technology in totality,” he added.
Singapore will soon introduce a new Cybersecurity Bill, the Ministry of Communications and Information said this month.
This is meant to ensure operators of Singapore’s critical information infrastructure secure such systems.
It will also empower the Cybersecurity Agency to manage cyber incidents and raise standards of cybersecurity providers here.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=484dec2390&e=20056c7556
Cyber crime is an increasingly serious business and a new report released today by Trustwave looks at the top trends from the past year based on real-world data from data breach investigations.
In a rare glimpse into the scope of its active surveillance operations, the UK’s National Crime Agency (NCA), also dubbed the ‘British FBI’, has outlined some examples of the computer hacking and snooping techniques it uses to help catch crooks involved in everything from financial cybercrime to sextortion schemes.
Key findings from the report include that 97 percent of applications tested by Trustwave in 2015 had at least one vulnerability.
In addition 10 percent of the vulnerabilities discovered were rated as critical or high risk.
Retail is the industry most commonly targeted by criminals, accounting for 23 percent of Trustwave investigations, followed by hospitality at 14 percent and food and beverage at 10 percent.
The findings show that eCommerce breaches accounted for 38 percent of investigations, compared to 42 percent in 2014.
Twenty-two percent were of point-of-sale (POS) breaches.
The Magneto open source platform accounted for 85 percent of eCommerce breaches.
At least five critical Magento vulnerabilities were identified in 2015, and most of the affected systems weren’t fully updated with security patches.
In 60 percent of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 percent of incidents), which came mainly from POS environments, and card-not-present data (29 percent), which mostly came from eCommerce transaction
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4a170a2983&e=20056c7556
77 per cent of companies can’t respond effectively to cyber attacks
NTT Com Security today released its annual Global Threat Intelligence Report (GTIR), which examines the threat landscape by analysing the attacks, threats and trends from the previous year.
This year’s report is the most comprehensive to date, featuring key findings from partners including Lockheed Martin and the Center for Internet Security and pulling information from 24 security operations centres, seven R&D centres, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
This year’s report is the most comprehensive to date, featuring key findings from partners including Lockheed Martin and the Center for Internet Security and pulling information from 24 security operations centres, seven R&D centres, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
In terms of the types of attacks, spear phishing accounted for 17 per cent of incident response activities, with the attacks targeting executives and finance personnel in many cases.
The volume of Distributed Denial of Service (DDoS) attacks fell by 39 per cent compared to 2014 and all of the top 10 vulnerabilities targeted by exploit kits during 2015 were related to Adobe Flash.
Furthermore, the number of publicised Flash vulnerabilities jumped by a massive 312 per cent from 2014.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e19c207a78&e=20056c7556
Cybersecurity gets five hearings on Capitol Hill this week
HILL HEARTS CYBER — It’s another busy week on Capitol Hill: Five separate committees are holding hearings on cybersecurity.
On Tuesday, the FBI and Apple square off again at a hearing of a House Energy and Commerce subcommittee, albeit on different panels.
A Senate Armed Services subcommittee meets behind closed doors to scrutinize the fiscal 2017 budget proposal for Cyber Command.
And a House Ways and Means subcommittee becomes the third panel in the past two weeks to hold a hearing heavily focused on what the IRS is doing to protect sensitive taxpayer data from hackers.
On Wednesday, a House Oversight subcommittee brings in officials from State, Homeland Security and Treasury to address a range of cyber issues, one of which is how the Juniper firewall backdoor affected federal agencies
And the House Small Business Committee holds a hearing on how cyberattacks affect small businesses and government agencies.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9118c342eb&e=20056c7556
Google Finds 16,500 New Malware Infections Per Week
Researchers at Google and academics at the University of California, Berkeley discovered that nearly 800,000 websites around the world were newly compromised over a one-year period, equivalent to 16,500 per week.
Google found that when it contacted affected web administrators who had signed up for the company’s Search Console directly via email, the communication led to 75 percent of sites being re-secured.
In other cases, Google contacted webmasters via their Whois email addresses, and the study found that this contact, along with displaying browser interstitials and search warnings, led to 54.6 percent of the affected sites fixing their malware problems, compared to a rate of only 43.4 percent for sites that were flagged with search warnings alone.
The findings indicate that while the malware problem is serious, communication with those affected can help, Google said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=976ab95719&e=20056c7556
G DATA Releases Malware Report for the Second Half of 2015
Today, global security firm, G DATA, released its H2 2015 Malware Report, which found that attacks by banking Trojans mainly targeted English-speaking countries, with 80% of all target sites located in the Anglophone region.
The researchers also found a significant amount of attacks by banking Trojan, Dridex in particular.
The criminals behind Dridex used spam email containing fictitious invoices or supposed tax refunds to lure recipients into their trap.
The massive wave of attacks was averted by the unique G DATA BankGuard technology.
In the second half of 2015, G DATA’s security researchers also recorded a total of 2,098,062 new signature variants.
The total number of new malware files for 2015 was 5,143,784 – just under the amount for 2014.
Following a rapid increase in the second half of 2014 and the first half of 2015, the outbreaks appeared to have abated.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=584ab62707&e=20056c7556
AsTech Consulting Warns Companies That Lacking Adequate Cyber Insurance Coverage Poses Major Threat
SAN FRANCISCO, CA–(Marketwired – Apr 19, 2016) – Losses from cyberattacks and security breaches continue to plague companies of all sizes, and while more organizations are investing in basic cyber insurance, most are woefully underinsured.
According to Greg Reber, CEO of AsTech Consulting — independent cyber security experts specializing in software and IT infrastructure security — to protect themselves, companies need a comprehensive risk assessment and to work with underwriters to make sure they both agree and understand the terms of cyber insurance policies.
“Executives underestimate the potential losses from a cyber-attack and are unclear how to best insure their operation against potential losses,” said Reber. “They buy cyber risk insurance, but too often the coverage is inadequate since many insurance companies rely on self-reporting when assessing areas of coverage.
By being better educated about cyber risk and cyber risk insurance and taking simple preventative steps to isolate potential areas of cyber risk, companies will be in a much better position to protect themselves when they do have a security breach.”
Cyber risk insurance policy coverage is often based solely on information provided by the company and insurance questionnaires are generic and leave companies under insured.
Another common issue is undervaluing the potential losses from a cyber breach, resulting in substantial losses not covered by insurance.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9329812f50&e=20056c7556
10 Questions You Must Ask Your Bot Mitigation Vendor
1) How does your solution deal with advanced persistent bots?
2) Does your solution make use of modern bot detection techniques?
3) Does your product make use of machine learning.
If so, how does it work?
4) Does your solution incorporate external and community sourced intelligence feeds?
5) Are you able to secure my APIs from automated threats?
6) What deployment options do you offer?
7) Can your solution be implemented and configured on a per domain basis?
8) What parameters does your access control list include and does it perform self-maintenance?
9) What kind of visibility do you provide in terms of bot traffic, trends, and motives?
10) What options do I have for enforcement?
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8e1a058e0d&e=20056c7556
Vendors’ Cybersecurity is Insurers’ Concern, Too
An International Standards Organisation and International Electrotechnical Commission document that helps organisations handle responsible vulnerability disclosures is now free to access.
The ISO/IEC 29147 document sets out how hardware and software vendors, and other organisations that provide applications such as financial institutions and governments, can integrate vulnerability disclosure management into their normal business processes.
Until this weekend, ISO charged 138 Swiss Francs (A$185) for the 29147 standards document.
At one time, insurers focused cybersecurity efforts solely on preventing theft of payment card systems, social security numbers and bank account records.
But, today’s hackers are after all data.
Data that by itself may be of little value, but when aggregated with information from other sources builds massive repositories for identity theft, according to Amica’s CISO, Gil Bishop.
According to the firm’s “3rd Annual Endpoint Security Survey”, more than a quarter of respondents said they were first notified of a breach by a third party for the second consecutive year.
Additionally, 44% of the 829 IT professionals surveyed also said their endpoint systems have been compromised in the last 24 months.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c873346b38&e=20056c7556
NTT Group Announces the Availability of Annual Global Threat Intelligence Report
OMAHA, NE–(Marketwired – Apr 19, 2016) – Solutionary, an NTT Group security company (NYSE: NTT) and leading cybersecurity services provider, is pleased to announce the release of the annual Global Threat Intelligence Report (GTIR).
NTT Group has expanded its view of the threat landscape to include findings from key partners — Lockheed Martin, Wapack Labs, Recorded Future and the Center for Internet Security — to analyze the attacks, threats and trends from the previous year.
The 2016 GTIR is the most comprehensive report to date, pulling information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
Key findings from the report include:
Incident Response and Case Studies
Trend data from incident response activities illustrates on average only 23 percent of organizations are capable of responding effectively to a cyber incident. 77 percent have no capability to respond to critical incidents and often purchase support services after an incident has occurred.
Activity related to the Reconnaissance phase of the Lockheed Martin Cyber Kill Chain (CKC) accounted for nearly 89 percent of all log volume. These logs accounted for approximately 35 percent of escalated attack activity, making Reconnaissance the largest single element in the CKC.
Spear phishing attacks accounted for approximately 17 percent of incident response activities supported in 2015.
Geographic and Vertical Market Trends
The retail sector experienced the most attacks per client.
NTT Group observed an 18 percent rise in malware detected for every industry other than education.
Vulnerabilities, Attacks and Exploitation
Nearly 21 percent of vulnerabilities detected in client networks were more than three years old.
DoS/DDoS attack volume fell 39 percent from levels observed in 2014.
All of the top 10 vulnerabilities targeted by exploit kits during 2015 are related to Adobe Flash.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cb8f1dc733&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=915588dc6e)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)