[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
US, China take first steps toward cybersecurity cooperation
The U.S. and China have reached an agreement on how to begin cooperating on cybersecurity, an issue that has caused high tension between the two nations over the last few years.
The agreement, reached in the first high-level meeting of its kind, calls for guidelines on sharing computer security information, a hotline to discuss issues, a so-called tabletop cybersecurity exercise and further dialog on concerns such as the theft of trade secrets.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=834b248f4f&e=20056c7556
Shark Tank Star On How Hackers Became The New Mafia
Robert Herjavec is best known as a star on ABC’s Emmy Award-winning hit show Shark Tank.
But that only requires 17 days a year of filming, according to Herjavec – who spends most of his time as founder and CEO running his namesake cybersecurity firm.
Toronto-based Herjavec Group is Canada’s largest pure-play information security services company.
Over the past couple of years they have expanded in to the U.S., Europe, and Asia-Pacific, through organic growth and a few small but strategic acquisitions of MSSPs (managed security service providers).
Herjavec’s firm recently did some of its own filming — “Hackers are the New Mafia: Breakfast and Security Roundtable with DarkMarket author Misha Glenny” — a video broadcast which discusses cyber crime with one of the top minds on the topic.
Herjavec Group’s video was shot at their corporate headquarters and features Glenny recounting his experiences across 200 plus hours of research & interviews with the key players in the game of cybercrime including criminals, international security experts, politicians and fraud victims.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1837546679&e=20056c7556
Data Breaches Now In-Line With 2014 Record Pace
The latest account from the Identity Theft Resource Center (ITRC) reports that there has been a total of 717 data breaches recorded through December 1, 2015, and that more than 176 million records have been exposed.
The annual total includes 21.5 million records exposed in the attack on the U.S.
Office of Personnel Management (OPM) in June and 78.8 million health care customer records exposed at Anthem in February.
The total number of breaches jumped by 27 incidents from the prior report on November 24, bringing the total number of incidents to date this year to within two of the 719 incidents as of the same period in 2014.
The ITRC recorded 783 breaches last year, and that total could easily be topped in the last month of this year.
The business sector accounts for about 16 million exposed records in 290 incidents so far in 2015.
That represents 40.4% of the incidents, and 9.2% of the exposed records.
The medical/health care sector posted the second-largest percentage of the total breaches so far this year, 34.6% (248) out of the total of 717.
The number of records exposed in these breaches totaled over 120 million, or 68.1% of the total so far in 2015.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b11421d2b4&e=20056c7556
Coyote Hunt Lessons: Why Effective Info Security Means Playing Offense
In order to hunt coyotes, you have to understand them – how they attack, how they operate, and how they get around controls.
As I learned more about coyotes, I realized these animals think and act exactly like cybercrooks.
Consider these characteristics:
Coyotes get their strength in numbers.
Coyotes move on a cycle and will not hit the same property continuously.
Coyotes are very skeptical and highly alert.
Coyotes will howl and create noise to make sheep nervous.
Now farmers can proceed to carefully set up their traps.
Farmers must follow specific procedures if their traps are to be effective.
The bait must be fresh, the traps must be put in the ground without the use of bare hands, and the dirt covering the traps must be packed tight so there are no signs of human involvement.
Over the past five years, the data security industry has made significant investments in finding weaknesses in fences, identifying coyotes and helping clients with ongoing “hunting” strategies.
At Infinitive Insight, our successful approach to remediation management helps companies mend the fences and actively hunt and get rid of these cyber coyotes.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0570b49332&e=20056c7556
Top 5 Threat Predictions For 2016
As 2016 approaches, Fortinet and its threat research division, FortiGuard Labs, have made their annual predictions of the most significant trends in malware and network security going into 2016.
As in years past, the Internet of Things (IoT) and cloud play heavily in the predictions but new malicious tactics and strategies will create unique challenges for vendors and organizations alike.
The top cybersecurity trends for 2016 include:
– Increased M2M Attacks and Propagation Between Devices
– Worms and Viruses Designed to Specifically Attack IoT Devices
– Attacks On Cloud and Virtualized Infrastructure
– New Techniques That Thwart Forensic Investigations and Hide Evidence of Attacks
– Malware That Can Evade Even Advanced Sandboxing Technologies
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=38ae3a5caf&e=20056c7556
Free HTTPS certs for all – Let’s Encrypt opens doors to world+dog
How-to The Let’s Encrypt project has opened to the public, allowing anyone to obtain free TLS certificates and set up HTTPS websites in a few simple steps.
The certification-issuing service is run by the California-based Internet Security Research Group (ISRG), and is in public beta after running a trial among a select group of volunteers.
The public beta went live at 1800 GMT (1000 PT) today.
Its certificates are trusted by all major browsers – Google Chrome, Mozilla Firefox and Microsoft’s Internet Explorer worked in our office with fresh certs from the fledgling certificate authority.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=29f59a8142&e=20056c7556
Deloitte, HITRUST, HHS Test Health Insurers’ Cyber Incident Readiness
cybersecurityDeloitte, the Health Information Trust Alliance and the Department of Health and Human Services have collaborated to help U.S. health insurance companies practice breach readiness and mitigation strategies through a cybersecurity simulation exercise.
An after-action report from Deloitte’s cyber risk services practice indicates that some CyberRX participants have focused on forensic data analysis and assessment of the possible impacts of a cyber attack on their companies’ operation.
HITRUST noted a lack of regular cross-functional communication at the participating organizations has affected their decision-making process during a breach scenario.
The alliance recommended that health insurers establish an incident-response ecosystem, share threat intelligence, know their cyber insurance claims processes, develop incident response plans and collaborate with law enforcement agencies.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8684683258&e=20056c7556
Enterprises Need to Improve IT Vendor Risk Management
In his presentation, Dr.
Ross delivered a bit of a counterintuitive message on cybersecurity by stating, “We have to stop obsessing about threats and start focusing on asset protection.” To drive home this point, Dr.
Ross added, “If 90% of our bridges were failing, we’d mobilize teams of engineers right away.
Yet when 90% of our IT systems are insecure, we focus a good part of our attention on external threats.”
When focusing on IT asset integrity and security, cybersecurity professionals should really start with IT service vendors themselves.
After all, we depend upon their products and services for mission-critical operations, so we should push our trusted partners on comprehensive security across product design, customization, delivery, support, etc.
The ESG research report points to an alarming reality – many critical infrastructure organizations are relying on blind faith when it comes to the security of their IT products and services.
We can only assume, then, that they are deploying insecure, misconfigured, or even malicious IT assets on their networks, so we shouldn’t be surprised if these products fail, are compromised, or require lots of excess attention and cost for maintaining security.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b1018d7298&e=20056c7556
Enterprises Need to Improve IT Vendor Risk Management
NEW YORK and WASHINGTON, Dec. 3, 2015 /PRNewswire/ — Burson-Marsteller, a leading global strategic communications and public relations firm, today announced a strategic partnership with Ridge Global – founded by Tom Ridge, the first U.S.
Secretary of Homeland Security and 43rd Governor of Pennsylvania.
The alliance, which includes Gov.
Ridge’s partner Howard A.
Schmidt, former cybersecurity advisor to President Barack Obama and President George W.
Bush, will focus on enhancing board-level and senior management awareness of the critical need for comprehensive cybersecurity preparation to address any type of cyber risk, offering companies planning strategies and tools to address any cyber incident response.
The partnership provides clients services including: Vulnerabilities and operational risk assessments; incident response plan development; stakeholder mapping and relationship development; spokesperson training; desktop and full-scale training exercises and drills; and corporate governance-related counsel, including the development and structure of cyber programs and cybersecurity briefings to senior management teams and boards of directors.
The partnership also offers cyber attack response support for denial-of service attacks, phishing schemes, data breaches, ransomware and other types of hacks.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=393762f947&e=20056c7556
Chimera Ransomware Tries To Turn Malware Victims Into Cybercriminals
The Chimera ransomware — named after the monstrous fire-breathing creature of Greek mythology — was first spotted in the wild affecting customers in Germany.
But researchers at security company Trend Micro recently uncovered a sinister new feature of the malware, which seeks to help accelerate its distribution by luring those affected into becoming carriers and infecting others.
The Chimera ransomware does everything other forms of the malware does, asking for 2.4 bitcoins ($865) to decrypt the files — but it is different in two important ways: The first is that rather than simply threatening to leave your files encrypted and inaccessible forever, the operators of Chimera threaten to post all your files online.
However, according to the Anti Botnet Advisory Center, there is no indication to date that anyone’s details have been made public.
Additionally, Trend Micro’s research suggests “the malware has no capability of siphoning the victim’s files to a command-and-control (C&C) server.”
The second difference is even more sinister.
A single line at the bottom of the ransom demand teases: “Take advantage of our affiliate program,” directing technically inclined victims to inspect the source code to find out more.
In the source code is a Bitmessage address that lets you connect with the operators of Chimera for more information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e77640f59b&e=20056c7556
Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom
The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month reportedly identified as Invest Bank, and began releasing customer account and transaction records via Twitter.
The news was first reported by the Dubai-based newspaper Xpress.
According to the journalist, the hacker offered to give him 5 percent of the paid ransom for his cooperation, though it’s unclear what kind of cooperation he was seeking from the reporter.
He reportedly told the journalist that he had data from other banks as well. “I give u 5 % from total I get.
Have many banks from UAE, Qater, ksa and etc.
Will work together,” he reportedly wrote in a direct message to the reporter via Twitter.
The hacker reportedly used the picture of an Invest Bank employee for his Twitter avatar to post the account statements of government officials and UAE firms on November 18.
Although Twitter closed the account, the hacker opened a new one and released the account statements of some 500 bank customers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4f6209ac34&e=20056c7556
One-third of firms waver on detecting sophisticated cyber attacks
At least a third of global organizations (36%) still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY’s Global Information Security Survey (GISS) 2015.
EY finds that 88% and 80% of the global and Singapore respondents respectively do not believe their information security structure fully meets their organization’s needs.
When it comes to IT security budgets, 69% and 56% of the global and Singapore respondents respectively say that their budgets should be increased by up to 50% to align their organization’s need for protection with its managements’ tolerance for risk.
In terms of the most likely sources of cyber attacks, criminal syndicates (59%), employees (56%) and hacktivists (54%) retained their top rankings globally, with state-sponsored (35%) in the sixth place.
Also, 47% and 44% of global and Singapore respondents respectively do not have a security operations center.
Further, 36% and 15% of global and Singapore respondents do not have a threat intelligence program while 18% (both global and Singapore) do not have an identity and access management program.
More than 50% of companies in Singapore intend to spend more in these areas in next 12 months.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c9599860af&e=20056c7556
VN cyber security sees big gains
HA NOI (VNS) — The Information Security Index of Viet Nam 2015 (VNISA Index 2015)- a Korean designed index to grade a nation’s cyber security capacity- increased from an average of 39 per cent last year to 46.4 per cent among Vietnamese agencies early this year.
The Viet Nam Information Security Association (VNISA) announced the index results at this year’s Viet Nam Information Security Day in Ha Noi early this week, organised by the Ministry of Information and Communications, the Ministry of Education and Training, and Viet Nam Computer Emergency Response Team.
The Viet Nam Information Security Association (VNISA) announced the index results at this year’s Viet Nam Information Security Day in Ha Noi early this week, organised by the Ministry of Information and Communications, the Ministry of Education and Training, and Viet Nam Computer Emergency Response Team.
VNISA Deputy Chairman Vu Quoc Thanh said that the past two years were a turning point for the global information security sector, and in Viet Nam in particular.
Just last month, he added, the Vietnamese National Assembly passed a law on information security.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ebf452f41e&e=20056c7556
IDF appoints first head for unified cyber warfare corps
IDF Chief of Staff Lt.
Gen.
Gadi Eisenkot appointed a first commander for the army’s new cyber protection corps, which is being touted as the first line of defense against online threats to Israel.
The officer, who could not be identified for security reasons, was promoted from the rank of colonel to that of brigadier-general.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d5ffe54d37&e=20056c7556
Bank of England adviser: ‘Everyone should have two bank accounts in case of cyber attack’
A leading banking academic and former adviser to the Bank of England has said everyone should have two bank accounts – so they can still access money if a major bank is crippled by a cyber attack.
Peter Hahn, senior fellow in banking at London’s Cass Business School, and between 2009 and 2014 a senior adviser to the Bank of England, said cyber crime was a new and growing risk which tended to be “not discussed”.
His remarks came in an interview with the BBC’s Today Programme ahead of the release by the Bank of England’s Financial Policy Committee of its latest Financial Stability Report.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=28166e4fa1&e=20056c7556
F-Secure Research Shows Hackers Are Using Social Media to Execute Attacks
SAN JOSE, CA — (Marketwired) — 12/03/15 — A researcher from F-Secure Labs has written a new report examining how hackers use third party services to coordinate malware campaigns.
The paper was published by Virus Bulletin for their VB2015 conference, and examines how the encryption used by online services like Twitter enable attackers, such as the state-sponsored group The Dukes, to spread malware and steal data.
The Dukes are a group of state-sponsored attackers that have been targeting governments and related organizations for at least the last seven years, and were the topic of a recent whitepaper published by F-Secure Labs.
Lehtiö’s new report provides details on how The Dukes execute attacks by using third party services as what security researchers call “command and control” infrastructure — essentially a tool to coordinate attacks.
The report specifically highlights how The Dukes were able to use Twitter to communicate with infected machines, and direct them to download additional malware.
The Dukes were also able to use Microsoft OneDrive as a data exfiltration tool, allowing them to retrieve stolen data without drawing attention to themselves.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d2e4714ddf&e=20056c7556
Lack of visibility and security concerns hinder cloud adoption
When it comes to migrating to the cloud, 65% of companies are concerned with security and 40% worry about their loss of physical control over data in the cloud.
In particular, 69% of companies are afraid that migration to the cloud will increase the risks of unauthorised access, while 43% worry about account hijacking.
Netwrix surveyed more than 600 IT professionals worldwide, representing technology, manufacturing, government, healthcare, finance, education and other industries, to answer questions about cloud security, expectations from cloud providers and measures being taken to ensure data security.
A hybrid cloud deployment model is preferred by 44% of respondents as they transition from an on-premise infrastructure to a cloud-based model.
Private clouds attract 37% of organisations prepared to invest in additional security.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8b0bdb2987&e=20056c7556
Veracode finds most web apps fail Owasp security check list
Four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark, according to a report from Veracode.
Veracode’s analytics show that 86% of PHP-based applications contain at least one cross-site scripting (XSS) vulnerability and 56% have at least one SQL injection (SQLi) vulnerability.
The findings raise concern over potential security vulnerabilities in millions of websites, according to Veracode’s Supplement to the 2015 State of Software Security report.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9e6e76c57b&e=20056c7556
Elasticsearch servers actively targeted by botmasters
Elasticsearch is one of the most popular choices when it comes to enterprise search engines.
Unfortunately, a couple of remote code execution flaws (CVE-2015-5377, CVE-2015-1427) discovered and publicized earlier this year are being actively exploited by botnet operators to compromise these search servers and make them part of their malicious network.
According to AlienVault researchers, who have set up several honeypots designed to simulate Elasticsearch installations vulnerable to the above mentioned vulnerabilities, in the three months they kept them up and running, they were targeted with over 30 different bots.
Of the 30+ bots they managed to collect, only 15 actually run.
They were either fBots (DDoS-Bots) or iBots (sophisticated bots that can download additional ones and then delete themselves).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d18be7ee89&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=247ecf4aad)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)