China accounts for 41 percent of global computer attack traffic

Posted on by admini

In comparison, Verizon’s 2013 Data Breach Investigation Report (DBIR) also blamed China for cyberattacks and pointed the finger at the country as a main instigator of data breaches.

Earlier this month, speaking at the 2013 RSA Conference, Akamai’s chief security officer Andy Ellis suggested that human reaction to risk factors is a common problem when attempting to defend against cybercrime. Ellis argues that even if security experts warn a firm about potential risks to their networks or company infrastructure, business leaders may have a psychological disposition to either tolerate a certain amount of risk, or even to seek it out. Although our top priorities should be in securing a business and increasing profit, human risk factors can often be as much to blame as outdated security protocols.

Link: http://www.zdnet.com/china-accounts-for-41-percent-of-global-computer-attack-traffic-7000014392/

Read more

IT Professionals Say Employees Ignore Security Rules

Posted on by admini

While vendors of conventional security products—like firewalls and antivirus—are constantly updating their tools to reactively protect against the latest threats, hackers are looking for flaws and engineering new attacks to exploit them,” Philip Lieberman, president and CEO of Lieberman Software, said in a statement. “The reality is that 100 percent protection is nearly impossible to achieve, but there are still best practices for securing access to critical systems and data that many organizations tend to ignore.”

Just over three-quarters (75.8 percent) of IT personnel said they think that employees in their organization have access to information that they don’t necessarily need to perform their jobs, and while 38.3 percent of IT security personnel have witnessed a colleague access company information that he or she should not have access to, more than half (54.7 percent) of those respondents did not report their colleagues who accessed that information.

The survey also found 32.3 percent of IT security professionals work in organizations that do not have a policy to change default passwords when deploying new hardware, applications and network appliances to the network.

“IT departments that do not have a solution in place to automatically detect, flag and change default privileged passwords on newly deployed systems are neglecting a very common security hole,” Lieberman concluded.

Link: http://www.channelinsider.com/security/it-professionals-say-employees-ignore-security-rules/

Read more

75 percent of cyber attacks are opportunistic

Posted on by admini

In a small number of cases recorded by Verizon it was a customer that discovered the breach, causing embarrassment for the business and its reputation.

Verizon argues that there are three key types of hackers who target online data; criminals, who are motivated by financial gain, spies, who are state sponsored – often by Russia and China – and are looking to steal industrial or military secrets for their country and activists (or hacktivists) who aim to cause maximum disruption and embarrassment to their victims.

State sponsored spies, contrary to common belief, used relatively simple phishing types of attacks focused on garnering important data from weak links in organisations. Criminals, said the report, were the most sophisticated of the three groups, with hacktivists relying upon relatively quick and simple methods that caused public embarrassment, rather than financial damage.

Link: http://www.ihotdesk.co.uk/article/801575682/75-percent-of-cyber-attacks-are-opportunistic#axzz2RKSggmsF

Read more

Thailand revising cybercrime law for balance, better security

Posted on by admini

Surangkana also explained the law left gaps in the cybercrime and the cyber environment, so people are still concerned about the balance between freedom of speech and the exercise of authority to maintain the right to privacy.

Meanwhile, other countries’ governments have better realisation and awareness on information security, which is a sensitive issue involving a balance between security and the liberty of people as a whole,” Surangkana said.

The draft revision of the computer crime law is expected to be completed in the next six months, following which, the ETDA will then conduct a further public hearing before submitting the draft for the Cabinet’s approval.

She said that the agency had established focus groups covering five areas–freedom of speech, law enforcement, consumers and victims, hardcore security versus professional security, and evaluation and revision of computer crime law–to balance and develop the law to protect against threats, the country and all those in the cyber-security environment.

However, the overall revision of computer crime law is expected to take three years, and will include the development of best practices and a code of conduct to encourage the law’s use against new threats and cybercrime from the Internet. For example, it will cover the rights of Internet users, especially students who develop their own blogs and websites to disclose private information, a practice which open to abuse and often risky online.

Link: http://www.zdnet.com/th/thailand-revising-cybercrime-law-for-balance-better-security-7000014389/

Read more

BAE Systems Detica unveils CyberReveal security alert service for private firms

Posted on by admini

The new CyberReveal analytics and investigation product is designed to give internal IT security analysts a single view of existing cyber threats so they can protect intellectual property and sensitive commercial or customer banking data information from being stolen or compromised and to cut investigation times by up to 75%, claims BAE Systems Detica.

It gives internal anti-fraud bank analysts and other end users a single view of network activity across their whole IT estate, detecting attacks by their behaviour – not just by the signatures of previous attacks – so that distributed denial of service (DDOS) attacks can be prevented or customer data protected from identity threat attempts.

It is designed to help analysts protect their FS organisation faster, driving more value by integrating with existing infrastructure and security systems, with plug-in analytics packs also providing cost-effective protection to combat evolving threats and new threat vectors.

Commenting on the new launch, Martin Sutherland, managing director of BAE Systems Detica, said: “Commercial organisations are growing ever more concerned about securing their most valuable [data] assets – the larger the organisation, the greater the number of avenues for cyber attackers to exploit. CyberReveal addresses four key areas where traditional approaches are proving ineffective against the modern cyber threat – it helps analysts to prioritise the incidents they investigate, manage huge data volumes, evolve their defences, and enable quicker, more informed decision-making.”

Link: http://www.bobsguide.com/guide/news/2013/Apr/22/bae-systems-detica-unveils-cyberreveal-security-alert-service-for-private-firms.html

Read more

The CISO’s Guide to Advanced Attackers: Mining for Indicators

Posted on by admini

Forensics folks have been doing this for years during investigations, but proactive continuous full packet capture – for the inevitable incident responses which haven’t even started yet – is still an early market. That’s a start, but you will likely require some kind of Big Data thing, which should be clear after we discuss what we need this detection platform to do.

We spent a time early in this process on sizing up the adversary for some insight into what is likely to be attacked, and perhaps even how. But once you do the work to model the likely attacks on your key information, and then enumerate those attack patterns in your tool, you can get tremendous value.

We have already listed a number of different threat intelligence feeds, which can be used to search for specific malware files, command and control traffic, DNS request patterns, and a variety of other indicators.

So you can search your security data infrastructure for almost anything you are collecting – or even better, for a series of events and/or files within your environment – quickly and accurately to narrow down your searches to the most likely attacks.

We have every confidence that big data holds promise for security intelligence, both because we have witnessed attacker behavior captured in event data just waiting to be pulled out, and because we have also seen miraculous ideas sprout from people just playing around with database queries.

You are clearly constrained in terms of internal capabilities (you will be looking for a lot of data scientists over the next few years), as well as the lack of maturity of technologies such as Hadoop, MapReduce, Pig, Hive, and a variety of others in the security context.

But companies seriously looking to detect advanced attackers within their environments will be capturing packets to supplement the other data they already collect, and subsequently starting to use Big Data technologies to mine it all.

Link: https://securosis.com/blog/the-cisos-guide-to-advanced-attackers-mining-for-indicators

Read more