[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* How To Succeed At Third-Party Cyber Risk Management: 10 Steps
\n* How will cybersecurity look like in 2020? Five threat scenarios
\n* CISOs need to pay attention to IoT security spending
\n* What are the 3 Key Layers in Healthcare Data Security?
\n* BBSwift is the name given by Microsoft to the malware analyzed by BAE Systems and identified in their report on the attack on the SWIFT money transfer system at Bangladesh Bank. Aliases include Banswift, Bankswi, Alreay, and TSPY_ALSOF. BBSwift is not one program but a collection of malware plus o
\n* IT leaders pick productivity over security
\n* The New Front In Cybersecurity: How to prevent hackers from taking down critical infrastructure
\n* Latest Security Study Worry: How Many Times Will You Be Breached?
\n* The hospital of the future
\n* Researchers Find Electronic Medical Records Often Targeted by Hackers
\n* New SolarWinds Research Study Reveals Progress Against Security Risks
\n* Securing DNS for secure NFV
\n* Why automation is the key to the future of cyber security
\n* Localized “designer” malware campaigns all the rage, says Sophos
\n* India, Pakistan biggest victims of malware: Microsoft
\n* DHS urges \u2018whitelisting\u2019 programs to protect industrial controlers
\n* Protect your computer: Data breaches in the state are on the rise [New York City]
\n* Ransomware attacks hit all-time record high in April
\n* Hotel sector faces cybercrime surge as data breaches start to bite
\n* Why MX Records Matter in the Fight Against BEC and Spear Phishing<\/p>\n
How To Succeed At Third-Party Cyber Risk Management: 10 Steps
\nOrganizations are failing — and badly — assessing the risk of attacks and data breaches from vendors and supply chains, according to a recent Ponemon Institute study. The solution starts at the top.
\nStep 1. The CEO and boards of directors should be responsible for establishing a positive tone at the top.
\nStep 2. The CEO and boards of directors should become more proactive in the third-party risk program.
\nStep 3. An organization should communicate its values to employees and other stakeholders through training and policies to ensure enterprise wide adoption.
\nStep 4. Make the business case for dedicating more resources to third-party risk management by estimating the potential costs to your organization due to negligent or malicious third parties.
\nStep 5. Assess the potential threats posed by technologies such as the use of cloud and IoT in third parties.
\nStep 6. The risk of cyberattacks to sensitive and confidential information, ensure they have appropriate technologies to reduce and mitigate threats.
\nStep 7. Third-party risk management programs should incorporate metrics that reveal the vulnerabilities created by the third parties in your organization\u2019s supply chain.
\nStep 8… a strategy should incorporate the people, process, and technologies for managing the risk.
\nStep 9. Assign accountability for the third-party risk management program to ensure the objectives of the risk management program are accomplished.
\nStep 10. Become involved in a consortium or council dedicated to best practices in addressing third-party risks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4dc9e9be01&e=20056c7556<\/p>\n
How will cybersecurity look like in 2020? Five threat scenarios
\nResearchers from UC Berkeley\u2019s School of Information tried to answer this immensely challenging question in their most recent report, Cybersecurity Futures 2020.
\nThe paper explores how technology and security will be transformed in the uncertain and not-so-distant future.
\nBriefly, here are five scenarios the researchers have envisioned for the next four years \u2013 to be taken with a pinch of salt, they say.
\n– As cyber-attacks become commonplace, everyone expects to have their data stolen and exposed online.
\n– Companies and cyber-criminals are after undervalued data, the new potential currency.
\n– New cyber-security vulnerabilities emerge as data scientists will be able to predict human behavior at a very precise level.
\n– Internet of Things technologies become part of everyday lives, thanks to government efforts.
\n– Wearables expose users\u2019 intimacy and makes it vulnerable to tracking and manipulation.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f6c162a151&e=20056c7556<\/p>\n
CISOs need to pay attention to IoT security spending
\nResearch firm Gartner released a new report this week which summarized Internet of Things (IoT) security spending at $281.54 million in 2015 — and projects that to double and reach $547.20 million by 2018.
\nThe “Forecast: IoT Security, Worldwide, 2016” report predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.
\n“IoT requires security for both software and hardware, often referred to as cyberphysical security” blogs Microsoft in a post on how enterprises can enable IoT security. “Securing an IoT infrastructure requires a rigorous, in-depth security strategy”.
\nCSOs and CISOs who haven’t developed an IoT security strategy may want to start on it now.
\nThe saving grace for ITers may be the IoT device makers.
\nIf vendors embed security into their Things in the first place (the broader IoT security forecasts suggest they are), then it will dramatically reduce the cyber threat risk to corporate networks.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2776bd90ab&e=20056c7556<\/p>\n
What are the 3 Key Layers in Healthcare Data Security?
\nAs you work to create your healthcare data center and cloud partnerships, it\u2019s important to note that modern cloud and data center security has evolved quite a bit.
\nModern data center and cloud providers take security and break them out into three critical levels to ensure compliance, efficiency, and workload security.<\/p>\n
Physical Security
\nThis starts with physical cloud and data center security.
\nThere have been some big breaches that have happened because a locker was left open and a physical disk was taken.
\nLet me give you an anecdotal example.
\nAs reported in a recent article, Texas Health Harris Methodist Hospital Fort Worth has put up a notice on its website titled \u201cThe Microfiche Incident.\u201d<\/p>\n
Logical Security
\nVirtual appliances, services, and other abstracted security features are making their way into the data center.
\nFurthermore, these new technologies are being utilized by healthcare organizations.
\nAdditional layers of security revolve around information security, operations security, internal security, and logical security, with the latter being supported by two-factor authentication, testing with intrusion detection, penetration tests, and other aspects of logical access.<\/p>\n
Compliance
\nHaving the most secure platform out there still may not make you compliant.
\nThis is why it\u2019s critical to work with a data center partner that can offer the full trifecta of physical, logical, and compliance-drive security.
\nLook for providers that have the following compliance requirements set in place: PCI, HIPAA\/HITECH, SOC 1, SOC 2, Safe Harbor, and more.
\nFor example, a large and growing number of healthcare providers, payers and IT professionals are using AWS’s utility-based cloud services to process, store, and transmit PHI.<\/p>\n
If you\u2019re in the healthcare industry, don\u2019t fear cloud.
\nRather, plan around it and use it as a tool to better enable your business and the healthcare services that you deliver.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=52f7d99266&e=20056c7556<\/p>\n
BBSwift is the name given by Microsoft to the malware analyzed by BAE Systems and identified in their report on the attack on the SWIFT money transfer system at Bangladesh Bank. Aliases include Banswift, Bankswi, Alreay, and TSPY_ALSOF. BBSwift is not one program but a collection of malware plus o
\nBBSwift is the name given by Microsoft to the malware analyzed by BAE Systems and identified in their report on the attack on the SWIFT money transfer system at Bangladesh Bank.
\nAliases include Banswift, Bankswi, Alreay, and TSPY_ALSOF.
\nBBSwift is not one program but a collection of malware plus other tools that aren\u2019t inherently malicious, like a custom version of the \u201cnroff\u201d print formatting utility.
\nBBSwift activity includes local network communications with printers (LPR port 9100\/tcp) in order to manipulate the printed SWIFT conformation messages.
\nThose communications would be very difficult to distinguish from normal traffic on the wire, but there is a better option: database communications.
\nWhether there is any local database traffic depends on how the SWIFT Alliance Access server is configured in a particular network environment.
\nIt appears the system is designed to communicate with a database server on the same machine by default, and in that case, no database client-server traffic would pass over the network.
\nThe malware uses the local Oracle SQL*Plus command-line (sqlplus.exe) client to communicate with the database server.
\nIn cases where the database is on a separate server, the local network traffic could be inspected if it\u2019s not encrypted. To protect that traffic, encryption would have to be enabled in the sqlnet.ora configuration file, and \u201cwallets\u201d would need to be created using the orapki utility to hold the SSL certificates on both the client and the server.
\nThis is not the default.
\nThe file evtdiag.exe (SHA1: 525a8e3ae4e3df8c9c61f2a49e38541d196e9228) is the only known component of BBSwift that communicates with external networks.
\nThe outbound network traffic consists of HTTP GET requests to a remote IPv4 address.
\nIn BAE Systems\u2019 report, this IP address is referred to as a \u201ccommand-and-control\u201d server.
\nAlthough it might be expressed this way in a STIX object, the malware is much more \u201cfire and forget\u201d than this implies.
\nOnce installed, the malware operates autonomously until a predetermined deactivation time.
\nThe malware takes no action based on the communication with the remote server.
\nIn fact, the response is simply ignored and discarded.
\nThere are no \u201ccommands\u201d or \u201ccontrol\u201d.
\nThis does, however, represent a reporting channel used to alert the attackers to when the SWIFT system is being used to process transactions.
\nEvery hour, BBSwift will contact the remote server with a status update regarding the results of its login monitoring routine.
\nIn the Bangladesh Bank case, the following messages were represented by the respective URLs:
\nAn indicator of automation is the hourly frequency of these HTTP requests.
\nDamballa employs technology in their network security monitoring offerings that uses advanced statistical analysis methods on these types of indicators to raise confidence in a determination and automatically convict malicious network destinations.
\nSWIFT has said they have issued an emergency software update, planned for release soon.
\nDoes this mean BBSwift is no longer a threat?
\nAttacks using BBSwift have the capability to be extremely damaging, resulting in a potentially destabilizing amount of losses.
\nEven though the malware works autonymously, without a C2 (command-and-control) server, it does report back to the attackers so that they know a) that their malware is functioning when it should be, and b) when transactions are processed so that they can spring into action and minimize the opportunities for belaying or reversing any transfers.
\nKeying on indicators of that reporting functionality can be a good way of identifying active attacks using the BBSwift bank fraud toolkit.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=511af28026&e=20056c7556<\/p>\n
IT leaders pick productivity over security
\nIn its 2016 Cybersecurity Confidence Report, Barkly, an endpoint security company, surveyed 350 IT pros to determine the top security concerns for 2016 and gauge how confident IT leaders are when it comes to cybersecurity issues.
\nThe survey looked at IT leaders’ biggest security concerns, levels of confidence around security, number of breaches in 2015, amount of time spent on security, biggest priorities in IT and the downsides to current security solutions — and, for the most part, the results were grim.<\/p>\n
Confidence in security is low
\nFor IT pros did not express high levels of confidence when it comes to security.
\nFifty percent reported that they aren’t confident in their current security products and initiatives, while one in five don’t believe it’s even possible to have effective endpoint security.<\/p>\n
Difficulty proving security ROI
\nAnother reason IT pros are abandoning effective security practices is that it’s difficult to calculate the ROI of security.
\nThe study found that 54 percent of respondents have low confidence in their company’s ability to demonstrate the ROI of security.<\/p>\n
When asked in the Barkly study what the biggest issues around implementing effective security procedures are, 41 percent said they slow down the system, 33 percent said they’re too expensive, 36 percent cited too many updates and 20 percent said that security “requires too much headcount to manage.” IT leaders are being forced to choose between strong security and productivity, and most companies are sticking to the latter, according to the data from Barkly.
\nUltimately, these solutions aren’t stopping breaches, as the study points out, and the effects are simply slowing down day-to-day business.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a785292ff5&e=20056c7556<\/p>\n
The New Front In Cybersecurity: How to prevent hackers from taking down critical infrastructure
\nFew cyber attacks against critical infrastructure have had the level of success and sophistication as the attack in Ukraine though.
\nThe attackers spent months laying groundwork before storming the power grid\u2019s control systems on the day of the blackout.
\nExperts say that other hackers could leverage some of the same tools and tactics used in the attack to target control systems for other critical infrastructure targets.
\nIn a new report, BI Intelligence details the current cybersecurity landscape for companies in critical infrastructure sectors, as well as how companies can protect their control systems from hackers.
\nHere are some of the key points from the report:
\nCompanies that operate critical infrastructure sites reported 295 cyber incidents in 2015, up from 245 in 2014.
\nHackers are targeting the industrial control systems that operate critical infrastructure because of the enormous damage they can cause by crippling such infrastructure.
\nIndustrial control systems typically weren\u2019t designed to be connected to the internet, so they weren\u2019t built with cybersecurity capabilities to ward off hackers.
\nThe hack that caused a blackout in the Ukraine could serve as a blueprint for other hackers that want to target critical infrastructure, helping them succeed in future attackers.
\nThe Ukraine hack highlighted the importance of training employees about cybersecurity and placing additional access controls on industrial control systems beyond firewalls.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d759de4ea0&e=20056c7556<\/p>\n
Latest Security Study Worry: How Many Times Will You Be Breached?
\nThose are among the findings of the latest research from Neustar, Inc., from its third global DDoS Attacks and Protection Report titled The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks.
\nThe April 2016 report follows a survey of over 1,000 IT professionals across six continents, and reveals that few organizations globally are being spared DDoS attacks.
\nThe research results show that although revenue loss caused by a DDoS related outage is usually the main concern of targeted organizations, 57% of all breaches involved some sort of theft including intellectual property and customer data as well as financial information.
\n\u201cMore troubling, following the initial breach, 45% of organizations reported the installation of a virus or malware – a sign that attackers are interested in causing ongoing harm,\u201d the report explains.
\nAmong the key findings of the study:
\n\u2022 73% (7 in 10) of global brands and organizations were attacked
\n\u2022 82% of organizations experiencing a DDoS attack were then attacked repeatedly, with 45% reporting they were attacked 6 or more times
\n\u2022 57% of organizations reported theft after attack, including loss of customer data, finances or intellectual property
\n\u2022 50% of organizations would lose at least $100,000 per hour in a peak-time DDoS related outage (33% would lose more than $250,000 per hour), and 42% needed at least three hours to detect that they were under DDoS attack
\n\u2022 76% of organizations are investing more than last year in response to the DDoS threat
\n\u2022 71% of financial services firms attacked experienced some form of theft and 38% found viruses or malware activation after an attack
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ad25f1e1d7&e=20056c7556<\/p>\n
The hospital of the future
\nPredicting the future is rarely easy in any industry, but for those involved in planning the hospitals of tomorrow, it throws up the question of how these institutions can continue to be forward thinking while best serving the needs of their most important clients, the patients.
\nTeaming with technology giant Cisco Systems Inc. and contractor EllisDon Corp., Halton Healthcare Service\u2019s $2.7-billion facility is the first digital hospital in Oakville and one of the first new hospitals to be built in the area in the past 30 years.
\nThe technological enhancements include greater tracking of patient information, such as wirelessly updating patient records automatically, using wireless technology in lieu of noisy paging to ensure a quiet environment for patients, and the option for patients to register at kiosks and workstations at the entrance.
\nThis will have the dual effect of speeding up the process and collecting data at the same time.
\nImproved security in the hospital was also a prime consideration.
\nThat was of particular concern in the maternity ward.
\nTechnology forms an increasingly dominant part of hospitals, with Altaf Stationwala, president and chief executive officer of Mackenzie Health, estimating that while it formed 10 per cent of projects 15 or 20 years ago, today that figure is closer to 30 or 40 per cent.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9c0648bf43&e=20056c7556<\/p>\n
Researchers Find Electronic Medical Records Often Targeted by Hackers
\nData ransom attacks are today\u2019s technological version of kidnapping.
\nIt\u2019s anonymous, more cost-effective and more appealing to criminal enterprises than taking physical hostages.
\nAnd it\u2019s the reason health care institutions today are taking steps to ensure security.
\nAs part of an ongoing conversation, health care professionals and government agencies will meet on May 1-11 in Washington D.C. to discuss health data as part of the Health Datapalooza event presented by Health Data Consortium.
\nAny HIPAA breach of more than 500 patients must be reported to the media, and the Department of Health and Human Services keeps a record of these cases online.
\nSince 2009, more than 1500 cases have been recorded.
\nFor cases affecting less than 500 patients, only a letter sent to affected persons is required.
\nTo ensure HIPAA compliance, HHS is conducting audits healthcare companies, but often carelessness is the root cause of a breach.
\nA frequent problem are laptops and thumb drives with private medical information left in an employee\u2019s car.
\nPayouts to criminal enterprises are relatively inexpensive.
\nThe black market values each patient\u2019s record at $50 or $60, Morse found.
\nAccording to a Ponemon Institute Survey, hackers only earn about $28,000 annually, but Morse notes that this wage could equate to a lot more with hackers coming from developing countries.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0b3c2cbc62&e=20056c7556<\/p>\n
New SolarWinds Research Study Reveals Progress Against Security Risks
\nEmbedded within a new research study published today by Austin, Texas-based software maker SolarWinds Worldwide LLC is both good news and bad news about the state of IT security today.
\nAnd the good news, essentially, is that there\u2019s finally more than bad news to report.
\nDespite the ever-increasing volume and sophistication of security threats, 40 percent of respondents to the new study said their organization is somewhat less vulnerable to attack this year than last, and another 10 percent said they\u2019re much less vulnerable.
\nAlso striking, Turner notes, is how quickly study participants said they detect security incidents.
\nFully 63 percent, for example, said their company typically identifies the presence of malware on their network within minutes, while 59 percent and 48 percent said they spot phishing attacks and cross-site scripting assaults respectively just as rapidly.
\nOn the other hand, he continues, the new research also underscores just how treacherous the security landscape remains.
\nFully 22 percent of surveyed companies experienced a data breach in 2015, and an additional seven percent suffered more than one.
\nResearch participants credit several factors for that trend, including increased adoption of intrusion detection and prevention systems and patch management software, both of which were cited by 32 percent of respondents, and expanded use of data encryption, cited by 27 percent.
\nCompanies that don\u2019t feel safer this year than last should use today\u2019s study to isolate and then close the gaps between their own security practices and those of leading-edge companies, Turner continues.
\nThe new research study makes clear that doing so can result in meaningful improvements.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a352a7de8f&e=20056c7556<\/p>\n
Securing DNS for secure NFV
\nNetwork Functions Virtualisation (NFV) is increasingly being championed for its transformative potential for communication service providers (CSPs).
\nReplacing dedicated network appliances, such as firewalls and routers, with software running on off-the-shelf, commercial servers provides CSPs with clear benefits when delivering network services.
\nMany operators still use commodity or open source software, for instance, to protect their virtualised environments, which can potentially introduce risks they may be unaware of.
\nThat\u2019s why a more intelligent approach to NFV security is so sorely needed.
\nDNS security must be built into NFV architecture, rather than approached as an add-on.
\nIntegrating DNS-specific protection will help to reduce any gaps in coverage that bolt-on solutions may overlook, and which can then be exploited by cyber criminals.
\nBy tracking provisioned VMs, analysing their IP addresses, and monitoring all DNS traffic, virtualised infrastructure should be able to detect suspicious behaviour as it happens.
\nIt should also, when necessary, be able to quarantine infected VMs to prevent infection from spreading across the network.
\nFinally, in order to address the potential security and performance problems that configuration issues can lead to, it\u2019s important that NFV environments also include network discovery and automation tools which can determine correctly \u2013 and incorrectly \u2013 configured network functions, to identify potential issues before they arise.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=780f9b55f8&e=20056c7556<\/p>\n
Why automation is the key to the future of cyber security
\nThe numbers don\u2019t lie.
\nCyber criminals are becoming savvier and their attacks are increasing faster than companies can keep up.
\nFurthermore, it\u2019s becoming increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe.
\nTo address this glaring need, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a tool for greater defense.
\nSo what\u2019s holding companies back.
\nWell, for starters, there are a number of concerns around incorporating automation into cyber security:
\nLoss of Control \u2013 In many instances, the biggest hurdle to automation is simply a perceived loss of control.
\nLack of Trust \u2013 It\u2019s easy for a highly-skilled human worker to feel as though they are more capable of managing incident response than a machine could.
\nFear of Change \u2013 Perhaps the biggest misconception of automation is the idea that its adoption spells the certain demise of the human workforce.
\nUniform Strength \u2013 No military leader would march onto the battlefield with an army that is significantly smaller in size, strength or skill than its enemy.
\nIncreased Efficiency \u2013 Adding automation into the IR process helps to streamline workflows and create a much more uniform and efficient environment.
\nFewer Errors \u2013 Many of the most noteworthy cyber breaches in recent years have come at the hands of well-intentioned yet highly overworked humans.
\nBetter Decision Making \u2013 One of the biggest challenges IT leaders face is the monumental task of making critical business decisions on the fly.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1cfa882b50&e=20056c7556<\/p>\n
Localized “designer” malware campaigns all the rage, says Sophos
\nIn a press release and blog post published today, Sophos reported that cybercriminals are becoming ever more proficient at using localized language and vernacular in phishing emails and ransomware notes.
\nOlder, more amateurish spam communications like the classic Nigerian prince scheme are easy to catch, but more recent efforts feature dramatically improved grammar. \u201cThat means you’re more likely to accidentally fall for the ones that aren’t stupid,\u201d Chester Wisniewski, senior security adviser at Sophos, told SCMagazine.com.
\nMalicious campaigns are also more accurately spoofing legitimate brands endemic to a particular country or culture.
\nAccording to the research, postal companies, tax and law enforcement agencies and utility firms are among the most commonly spoofed local entities in these phishing campaigns, which attempt to trick recipients with convincing emails that feature official-looking logos and content such as bills and account balances, shipping notices, refunds and speeding tickets.
\nThe improved localization of campaigns is attributable to increasing specialization within the malware industry, said Wisniewski, with different cybercriminals developing specific expertise in coding, content and distribution. \u201cWith that specialization, malware is getting more tailored,\u201d he noted.
\nFurther Sophos analysis over the first three months of 2016 found that the countries with the highest percent of endpoints exposed to a malware attacks were Algeria (30.7 percent), Bolivia (20.3 percent), Pakistan (19.9 percent), China (18.5 percent) and India (16.9 percent).
\nNations with the lowest” threat exposure rates” were France (5.2 percent), followed by Canada (4.6 percent), Australia (4.10 percent), the U.S. ( three percent) and the U.K. (2.8 percent).
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=441734b68c&e=20056c7556<\/p>\n
India, Pakistan biggest victims of malware: Microsoft
\nSAN FRANCISCO: Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal attract the highest rates of attempted malware attacks, according to Microsoft Corp.
\nCountries that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a new study, based on sensors in systems running Microsoft anti-malware software.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0dfa30c78a&e=20056c7556<\/p>\n
DHS urges \u2018whitelisting\u2019 programs to protect industrial controlers
\nThe Department of Homeland Security is recommending that stakeholders involved in protecting critical infrastructure from cyber attacks should apply \u201capplication whitelisting\u201d to protect remote controlled networks.
\n\u201cWhile not a cure-all, properly configured [application whitelisting] should be an integral component of a defense-in-depth solution,\u201d the report, produced by DHS and National Security Agency security experts, says
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c2afd42554&e=20056c7556<\/p>\n
Protect your computer: Data breaches in the state are on the rise [New York City]
\nOnline data breaches continue to escalate.
\nAttorney General Eric Schneiderman announced Wednesday that his office had been notified of 459 breaches from the start of the year through May 2\u2014a 40% jump over the same period last year.
\nCompanies are required to report compromises of customer data to the attorney general’s office as part of the New York State Information Security Breach & Notification Act of 2005.
\nThe state is on track to have well over 1,000 notices of data breaches for the year\u2014a record number\u2014compared with 809 in 2015.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=afe69e2785&e=20056c7556<\/p>\n
Ransomware attacks hit all-time record high in April
\nRansomware attacks in April comprised the largest number of such threats on record in the United States, with a 158.87% spike in ransomware attacks from March to April 2016.
\nAccording to a report released by Enigma Software, which produces anti-malware and anti-spyware programs for the PC, the data comes from an analysis of more than 65 million malware infections detected by its software in the US since April 2013.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=acbd82eb46&e=20056c7556<\/p>\n
Hotel sector faces cybercrime surge as data breaches start to bite
\nCheck into a hotel and you might be signing up for more than you bargained for.
\nThat is the message emerging from a wave of data breach documented in a new analysis by security firm Panda Security that looks at recent attacks on hotels and the way they are showing signs of spreading beyond the big chains.
\nIn the UK, reports of hotel breaches date back at least five years with Britain\u2019s Travelodge an early victim.
\nThe company admitted suffering a mystery leak after customers reported receiving suspicious emails to addresses used to make room bookings.
\nAt the time it was seen as an unusual incident; subsequent events show that optimism to be a bit complacent.
\nThe reason hotel networks are tough to defend has to do with the trend to target all businesses with social engineering and malware concocted specifically to beat individual defences.
\nThis tactic is now being aimed at smaller hotels, a sign that the sector is about to come under much broader and more calculating attack.
\nComputerworld UK has learned of a recent and undocumented incident aimed at a customer of Panda Security, a small luxury hotel in Spain which was on the receiving end of a phishing ruse based on opening an attachment for what looked like a legitimate room booking form.
\nEerily, the booking form was identical to the one used by the victim hotel.
\nPanda Security believes that MO was to execute some new malware of a kind that would have slipped past antivirus software using signature detection with the intention of moving sideways to the hotel\u2019s credit card database or POS systems.
\nThere is nothing unusual about this but the fact that attackers are now taking the time to target the vast number of small establishments serves as a warning not only to other hotels but their customers too.
\nHotels face an approaching storm that few have grasped the significance of.
\nMeanwhile, for hotel customers, almost all of whom buy rooms based solely on location matched to price, it\u2019s almost as stark.
\nThe hotel you plan to check into next week on that business trip probably has excellent physical locks but none on the data you hand over.
\nJust remember that.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=af5af94881&e=20056c7556<\/p>\n
Why MX Records Matter in the Fight Against BEC and Spear Phishing
\nFrom whaling schemes designed to steal millions of dollars from a company in a single transaction, to malware attacks that can cripple systems until a ransom is paid, criminal attacks using carefully created and carefully targeted emails are on the<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * How To Succeed At Third-Party Cyber Risk Management: 10 Steps * How will cybersecurity look like in 2020? Five threat scenarios * CISOs need to pay attention to IoT security spending…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2488","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2488"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2488\/revisions"}],"predecessor-version":[{"id":4975,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2488\/revisions\/4975"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}