[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
US, China take first steps toward cybersecurity cooperation
\nThe U.S. and China have reached an agreement on how to begin cooperating on cybersecurity, an issue that has caused high tension between the two nations over the last few years.
\nThe agreement, reached in the first high-level meeting of its kind, calls for guidelines on sharing computer security information, a hotline to discuss issues, a so-called tabletop cybersecurity exercise and further dialog on concerns such as the theft of trade secrets.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=834b248f4f&e=20056c7556<\/p>\n
Shark Tank Star On How Hackers Became The New Mafia
\nRobert Herjavec is best known as a star on ABC\u2019s Emmy Award-winning hit show Shark Tank.
\nBut that only requires 17 days a year of filming, according to Herjavec \u2013 who spends most of his time as founder and CEO running his namesake cybersecurity firm.
\nToronto-based Herjavec Group is Canada\u2019s largest pure-play information security services company.
\nOver the past couple of years they have expanded in to the U.S., Europe, and Asia-Pacific, through organic growth and a few small but strategic acquisitions of MSSPs (managed security service providers).
\nHerjavec\u2019s firm recently did some of its own filming \u2014 \u201cHackers are the New Mafia: Breakfast and Security Roundtable with DarkMarket author Misha Glenny\u201d \u2014 a video broadcast which discusses cyber crime with one of the top minds on the topic.
\nHerjavec Group\u2019s video was shot at their corporate headquarters and features Glenny recounting his experiences across 200 plus hours of research & interviews with the key players in the game of cybercrime including criminals, international security experts, politicians and fraud victims.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1837546679&e=20056c7556<\/p>\n
Data Breaches Now In-Line With 2014 Record Pace
\nThe latest account from the Identity Theft Resource Center (ITRC) reports that there has been a total of 717 data breaches recorded through December 1, 2015, and that more than 176 million records have been exposed.
\nThe annual total includes 21.5 million records exposed in the attack on the U.S.
\nOffice of Personnel Management (OPM) in June and 78.8 million health care customer records exposed at Anthem in February.
\nThe total number of breaches jumped by 27 incidents from the prior report on November 24, bringing the total number of incidents to date this year to within two of the 719 incidents as of the same period in 2014.
\nThe ITRC recorded 783 breaches last year, and that total could easily be topped in the last month of this year.
\nThe business sector accounts for about 16 million exposed records in 290 incidents so far in 2015.
\nThat represents 40.4% of the incidents, and 9.2% of the exposed records.
\nThe medical\/health care sector posted the second-largest percentage of the total breaches so far this year, 34.6% (248) out of the total of 717.
\nThe number of records exposed in these breaches totaled over 120 million, or 68.1% of the total so far in 2015.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b11421d2b4&e=20056c7556<\/p>\n
Coyote Hunt Lessons: Why Effective Info Security Means Playing Offense
\nIn order to hunt coyotes, you have to understand them \u2013 how they attack, how they operate, and how they get around controls.
\nAs I learned more about coyotes, I realized these animals think and act exactly like cybercrooks.
\nConsider these characteristics:
\nCoyotes get their strength in numbers.
\nCoyotes move on a cycle and will not hit the same property continuously.
\nCoyotes are very skeptical and highly alert.
\nCoyotes will howl and create noise to make sheep nervous.
\nNow farmers can proceed to carefully set up their traps.
\nFarmers must follow specific procedures if their traps are to be effective.
\nThe bait must be fresh, the traps must be put in the ground without the use of bare hands, and the dirt covering the traps must be packed tight so there are no signs of human involvement.
\nOver the past five years, the data security industry has made significant investments in finding weaknesses in fences, identifying coyotes and helping clients with ongoing \u201chunting\u201d strategies.
\nAt Infinitive Insight, our successful approach to remediation management helps companies mend the fences and actively hunt and get rid of these cyber coyotes.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0570b49332&e=20056c7556<\/p>\n
Top 5 Threat Predictions For 2016
\nAs 2016 approaches, Fortinet and its threat research division, FortiGuard Labs, have made their annual predictions of the most significant trends in malware and network security going into 2016.
\nAs in years past, the Internet of Things (IoT) and cloud play heavily in the predictions but new malicious tactics and strategies will create unique challenges for vendors and organizations alike.
\nThe top cybersecurity trends for 2016 include:
\n– Increased M2M Attacks and Propagation Between Devices
\n– Worms and Viruses Designed to Specifically Attack IoT Devices
\n– Attacks On Cloud and Virtualized Infrastructure
\n– New Techniques That Thwart Forensic Investigations and Hide Evidence of Attacks
\n– Malware That Can Evade Even Advanced Sandboxing Technologies
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=38ae3a5caf&e=20056c7556<\/p>\n
Free HTTPS certs for all \u2013 Let’s Encrypt opens doors to world+dog
\nHow-to The Let’s Encrypt project has opened to the public, allowing anyone to obtain free TLS certificates and set up HTTPS websites in a few simple steps.
\nThe certification-issuing service is run by the California-based Internet Security Research Group (ISRG), and is in public beta after running a trial among a select group of volunteers.
\nThe public beta went live at 1800 GMT (1000 PT) today.
\nIts certificates are trusted by all major browsers \u2013 Google Chrome, Mozilla Firefox and Microsoft’s Internet Explorer worked in our office with fresh certs from the fledgling certificate authority.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=29f59a8142&e=20056c7556<\/p>\n
Deloitte, HITRUST, HHS Test Health Insurers\u2019 Cyber Incident Readiness
\ncybersecurityDeloitte, the Health Information Trust Alliance and the Department of Health and Human Services have collaborated to help U.S. health insurance companies practice breach readiness and mitigation strategies through a cybersecurity simulation exercise.
\nAn after-action report from Deloitte\u2019s cyber risk services practice indicates that some CyberRX participants have focused on forensic data analysis and assessment of the possible impacts of a cyber attack on their companies\u2019 operation.
\nHITRUST noted a lack of regular cross-functional communication at the participating organizations has affected their decision-making process during a breach scenario.
\nThe alliance recommended that health insurers establish an incident-response ecosystem, share threat intelligence, know their cyber insurance claims processes, develop incident response plans and collaborate with law enforcement agencies.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8684683258&e=20056c7556<\/p>\n
Enterprises Need to Improve IT Vendor Risk Management
\nIn his presentation, Dr.
\nRoss delivered a bit of a counterintuitive message on cybersecurity by stating, “We have to stop obsessing about threats and start focusing on asset protection.” To drive home this point, Dr.
\nRoss added, “If 90% of our bridges were failing, we\u2019d mobilize teams of engineers right away.
\nYet when 90% of our IT systems are insecure, we focus a good part of our attention on external threats.”
\nWhen focusing on IT asset integrity and security, cybersecurity professionals should really start with IT service vendors themselves.
\nAfter all, we depend upon their products and services for mission-critical operations, so we should push our trusted partners on comprehensive security across product design, customization, delivery, support, etc.
\nThe ESG research report points to an alarming reality \u2013 many critical infrastructure organizations are relying on blind faith when it comes to the security of their IT products and services.
\nWe can only assume, then, that they are deploying insecure, misconfigured, or even malicious IT assets on their networks, so we shouldn\u2019t be surprised if these products fail, are compromised, or require lots of excess attention and cost for maintaining security.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b1018d7298&e=20056c7556<\/p>\n
Enterprises Need to Improve IT Vendor Risk Management
\nNEW YORK and WASHINGTON, Dec. 3, 2015 \/PRNewswire\/ — Burson-Marsteller, a leading global strategic communications and public relations firm, today announced a strategic partnership with Ridge Global \u2013 founded by Tom Ridge, the first U.S.
\nSecretary of Homeland Security and 43rd Governor of Pennsylvania.
\nThe alliance, which includes Gov.
\nRidge’s partner Howard A.
\nSchmidt, former cybersecurity advisor to President Barack Obama and President George W.
\nBush, will focus on enhancing board-level and senior management awareness of the critical need for comprehensive cybersecurity preparation to address any type of cyber risk, offering companies planning strategies and tools to address any cyber incident response.
\nThe partnership provides clients services including: Vulnerabilities and operational risk assessments; incident response plan development; stakeholder mapping and relationship development; spokesperson training; desktop and full-scale training exercises and drills; and corporate governance-related counsel, including the development and structure of cyber programs and cybersecurity briefings to senior management teams and boards of directors.
\nThe partnership also offers cyber attack response support for denial-of service attacks, phishing schemes, data breaches, ransomware and other types of hacks.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=393762f947&e=20056c7556<\/p>\n
Chimera Ransomware Tries To Turn Malware Victims Into Cybercriminals
\nThe Chimera ransomware — named after the monstrous fire-breathing creature of Greek mythology — was first spotted in the wild affecting customers in Germany.
\nBut researchers at security company Trend Micro recently uncovered a sinister new feature of the malware, which seeks to help accelerate its distribution by luring those affected into becoming carriers and infecting others.
\nThe Chimera ransomware does everything other forms of the malware does, asking for 2.4 bitcoins ($865) to decrypt the files — but it is different in two important ways: The first is that rather than simply threatening to leave your files encrypted and inaccessible forever, the operators of Chimera threaten to post all your files online.
\nHowever, according to the Anti Botnet Advisory Center, there is no indication to date that anyone’s details have been made public.
\nAdditionally, Trend Micro’s research suggests “the malware has no capability of siphoning the victim\u2019s files to a command-and-control (C&C) server.”
\nThe second difference is even more sinister.
\nA single line at the bottom of the ransom demand teases: “Take advantage of our affiliate program,\u201d directing technically inclined victims to inspect the source code to find out more.
\nIn the source code is a Bitmessage address that lets you connect with the operators of Chimera for more information.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e77640f59b&e=20056c7556<\/p>\n
Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom
\nThe hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month reportedly identified as Invest Bank, and began releasing customer account and transaction records via Twitter.
\nThe news was first reported by the Dubai-based newspaper Xpress.
\nAccording to the journalist, the hacker offered to give him 5 percent of the paid ransom for his cooperation, though it\u2019s unclear what kind of cooperation he was seeking from the reporter.
\nHe reportedly told the journalist that he had data from other banks as well. \u201cI give u 5 % from total I get.
\nHave many banks from UAE, Qater, ksa and etc.
\nWill work together,\u201d he reportedly wrote in a direct message to the reporter via Twitter.
\nThe hacker reportedly used the picture of an Invest Bank employee for his Twitter avatar to post the account statements of government officials and UAE firms on November 18.
\nAlthough Twitter closed the account, the hacker opened a new one and released the account statements of some 500 bank customers.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4f6209ac34&e=20056c7556<\/p>\n
One-third of firms waver on detecting sophisticated cyber attacks
\nAt least a third of global organizations (36%) still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY\u2019s Global Information Security Survey (GISS) 2015.
\nEY finds that 88% and 80% of the global and Singapore respondents respectively do not believe their information security structure fully meets their organization\u2019s needs.
\nWhen it comes to IT security budgets, 69% and 56% of the global and Singapore respondents respectively say that their budgets should be increased by up to 50% to align their organization\u2019s need for protection with its managements\u2019 tolerance for risk.
\nIn terms of the most likely sources of cyber attacks, criminal syndicates (59%), employees (56%) and hacktivists (54%) retained their top rankings globally, with state-sponsored (35%) in the sixth place.
\nAlso, 47% and 44% of global and Singapore respondents respectively do not have a security operations center.
\nFurther, 36% and 15% of global and Singapore respondents do not have a threat intelligence program while 18% (both global and Singapore) do not have an identity and access management program.
\nMore than 50% of companies in Singapore intend to spend more in these areas in next 12 months.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c9599860af&e=20056c7556<\/p>\n
VN cyber security sees big gains
\nHA NOI (VNS) \u2014 The Information Security Index of Viet Nam 2015 (VNISA Index 2015)- a Korean designed index to grade a nation’s cyber security capacity- increased from an average of 39 per cent last year to 46.4 per cent among Vietnamese agencies early this year.
\nThe Viet Nam Information Security Association (VNISA) announced the index results at this year’s Viet Nam Information Security Day in Ha Noi early this week, organised by the Ministry of Information and Communications, the Ministry of Education and Training, and Viet Nam Computer Emergency Response Team.
\nThe Viet Nam Information Security Association (VNISA) announced the index results at this year’s Viet Nam Information Security Day in Ha Noi early this week, organised by the Ministry of Information and Communications, the Ministry of Education and Training, and Viet Nam Computer Emergency Response Team.
\nVNISA Deputy Chairman Vu Quoc Thanh said that the past two years were a turning point for the global information security sector, and in Viet Nam in particular.
\nJust last month, he added, the Vietnamese National Assembly passed a law on information security.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ebf452f41e&e=20056c7556<\/p>\n
IDF appoints first head for unified cyber warfare corps
\nIDF Chief of Staff Lt.
\nGen.
\nGadi Eisenkot appointed a first commander for the army\u2019s new cyber protection corps, which is being touted as the first line of defense against online threats to Israel.
\nThe officer, who could not be identified for security reasons, was promoted from the rank of colonel to that of brigadier-general.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d5ffe54d37&e=20056c7556<\/p>\n
Bank of England adviser: ‘Everyone should have two bank accounts in case of cyber attack’
\nA leading banking academic and former adviser to the Bank of England has said everyone should have two bank accounts – so they can still access money if a major bank is crippled by a cyber attack.
\nPeter Hahn, senior fellow in banking at London’s Cass Business School, and between 2009 and 2014 a senior adviser to the Bank of England, said cyber crime was a new and growing risk which tended to be “not discussed”.
\nHis remarks came in an interview with the BBC’s Today Programme ahead of the release by the Bank of England’s Financial Policy Committee of its latest Financial Stability Report.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=28166e4fa1&e=20056c7556<\/p>\n
F-Secure Research Shows Hackers Are Using Social Media to Execute Attacks
\nSAN JOSE, CA — (Marketwired) — 12\/03\/15 — A researcher from F-Secure Labs has written a new report examining how hackers use third party services to coordinate malware campaigns.
\nThe paper was published by Virus Bulletin for their VB2015 conference, and examines how the encryption used by online services like Twitter enable attackers, such as the state-sponsored group The Dukes, to spread malware and steal data.
\nThe Dukes are a group of state-sponsored attackers that have been targeting governments and related organizations for at least the last seven years, and were the topic of a recent whitepaper published by F-Secure Labs.
\nLehti\u00f6’s new report provides details on how The Dukes execute attacks by using third party services as what security researchers call “command and control” infrastructure — essentially a tool to coordinate attacks.
\nThe report specifically highlights how The Dukes were able to use Twitter to communicate with infected machines, and direct them to download additional malware.
\nThe Dukes were also able to use Microsoft OneDrive as a data exfiltration tool, allowing them to retrieve stolen data without drawing attention to themselves.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d2e4714ddf&e=20056c7556<\/p>\n
Lack of visibility and security concerns hinder cloud adoption
\nWhen it comes to migrating to the cloud, 65% of companies are concerned with security and 40% worry about their loss of physical control over data in the cloud.
\nIn particular, 69% of companies are afraid that migration to the cloud will increase the risks of unauthorised access, while 43% worry about account hijacking.
\nNetwrix surveyed more than 600 IT professionals worldwide, representing technology, manufacturing, government, healthcare, finance, education and other industries, to answer questions about cloud security, expectations from cloud providers and measures being taken to ensure data security.
\nA hybrid cloud deployment model is preferred by 44% of respondents as they transition from an on-premise infrastructure to a cloud-based model.
\nPrivate clouds attract 37% of organisations prepared to invest in additional security.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8b0bdb2987&e=20056c7556<\/p>\n
Veracode finds most web apps fail Owasp security check list
\nFour out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark, according to a report from Veracode.
\nVeracode\u2019s analytics show that 86% of PHP-based applications contain at least one cross-site scripting (XSS) vulnerability and 56% have at least one SQL injection (SQLi) vulnerability.
\nThe findings raise concern over potential security vulnerabilities in millions of websites, according to Veracode\u2019s Supplement to the 2015 State of Software Security report.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9e6e76c57b&e=20056c7556<\/p>\n
Elasticsearch servers actively targeted by botmasters
\nElasticsearch is one of the most popular choices when it comes to enterprise search engines.
\nUnfortunately, a couple of remote code execution flaws (CVE-2015-5377, CVE-2015-1427) discovered and publicized earlier this year are being actively exploited by botnet operators to compromise these search servers and make them part of their malicious network.
\nAccording to AlienVault researchers, who have set up several honeypots designed to simulate Elasticsearch installations vulnerable to the above mentioned vulnerabilities, in the three months they kept them up and running, they were targeted with over 30 different bots.
\nOf the 30+ bots they managed to collect, only 15 actually run.
\nThey were either fBots (DDoS-Bots) or iBots (sophisticated bots that can download additional ones and then delete themselves).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d18be7ee89&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=247ecf4aad)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: US, China take first steps toward cybersecurity cooperation The U.S. and China have reached an agreement on how to begin cooperating on cybersecurity, an issue that has caused…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1176","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1176"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1176\/revisions"}],"predecessor-version":[{"id":3663,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1176\/revisions\/3663"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}