Archive - December 18, 2018

1
Security Think Tank: Smart botnets resist attempts to cut comms
2
6 Network Security Challenges in the Year Ahead

Security Think Tank: Smart botnets resist attempts to cut comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date.

When it comes to all kinds of cyber defence, it is always less expensive to prevent attacks and infections than to deal with them once they are in place.

This is especially true in the case of botnets. What is a botnet? A botnet is an army of mini-programs; malicious softwaredesigned to infiltrate large numbers of digital devices and then use them for any number of tactics.

For example, botnets can be instructed to steal data or launch huge distributed denial of service (DDoS) attacks and all while simultaneously stealing the electricity and computing power to do it.

Most organisations aim to have at least some cyber security in place. These fundamentals can include Items such as implementing the most effective choice of anti-malware, configuring digital devices and software with as much hardened security as practical and ensuring that security patches are always applied swiftly.

However, even when an organisation invests in implementing cyber security essentials, it is still no guarantee of a fully bot-free environment.

As shown in all of the major breaches that hit the headlines, hackers are very keen on remaining unnoticed for as long as possible. The dwell time is the term given to the duration between the initial intrusion and the point of discovery.

In many cases, Yahoo, Starwood and other mega breaches included, you might have noticed that the dwell time was measured not in hours, days, weeks or even months – it was years between the initial intrusion and eventual discovery.

Determined hackers design their bots to be as stealthy as possible, to hide as best as they can and to communicate as efficiently and discreetly as possible.

When researchers find new botnet armies, they often do it by accident and say things like, “We stumbled across this data anomaly”, eventually tracing the cause back to a new botnet force.

Although botnet communications may try to hide, the thing about bots is that they generally need to communicate to work. These botnets used to work through command and control servers. That meant that disconnecting communications between bots and their botnet command and control servers was enough to “decapitate” the bot and render it unable to steal anything or accept new commands.

However, newer botnets are smarter. They still need to communicate, but now many of them can spawn dynamic, peer-to-peer networks.

Bots do still need instructions to work and they also need destinations to send anything they steal. Identify and block those communication routes and your bots will cease to offer their bot master any value.

The challenge is that not all organisations use or install the technologies that can detect and block bots.

For the few organisations that do have the budget and motivation to ramp up their anti-bot defences, there is plenty that can be done.

It starts with ramping up the security that prevents initial infection and locking down unnecessary trust permissions. Prevention is still better than detection and the expenses involved in containing and resolving the threat. There is a huge difference in the efficacy of many security products and sadly, many of those with the highest marketing budget are far from the most effective.

There are also great, real-time security technologies that can detect, alert or block botnet activity in real-time. These operate by continually analysing network traffic and local system logs.

If your organisation does not have the budget for real-time monitoring, then it is still worth inspecting devices and checking for any suspicious processes that seem to be taking up a lot of memory – especially if any users are reporting their device has slowed down. That can be an indicator of compromise, but only when the botnet is awake and active.

And if you are wondering just how much of a threat botnets are, just think about this: most of our attention as cyber security professionals is on the botnets we can detect and eliminate from our own environments, but the internet of things and sub-standard security present in many devices means the internet is riddled with enough botnets to effectively stop the internet from working.

The only thing stopping that from happening at present is that it would harm rather than profit the hackers. After all, 2019 might just be the year when the proceeds from cyber crime reaches a trillion dollars.

Source: https://www.computerweekly.com/opinion/Security-Think-Tank-Smart-botnets-resist-attempts-to-cut-comms

6 Network Security Challenges in the Year Ahead

The network security threat landscape in 2019 is expected to look much like it did in 2018. Here’s a look at six network security challenges for 2019 for businesses and individual users to keep in mind.

In many ways, the network security threat landscape in 2019 will look much like it did in 2018. From viruses to DDoS attacks, even when threats aren’t multiplying in number year over year, they’re managing to become more sophisticated and damaging. Here’s a look at six network security challenges for 2019 for businesses and individual users to keep in mind.

1. A Greater Amount of Sensitive Traffic Than Ever

In a 2018 survey, PwC reported that mobile channels were the only segment that saw growth that year among banking customers. In other words, demand for mobile-friendly banking tools is higher than ever. That means a lot of very sensitive data flowing over public and private networks.

In 2018, security experts from Kaspersky discovered what appeared to be a years-long router-hacking campaign performed by as-yet-unknown cyber-assailants. Researchers discovered digital fingerprints all over the world indicating that routers in public places had been subtly hacked to allow kernel-level access for any device connected to it.

Kernel-level access is the deepest access possible, indicating that the data being sought here was highly personal — including, potentially, banking transactions and communication records.

2. Worms and Viruses

Viruses and worms are some of the most well-known network security challenges. In 2015, Symantec estimated that as many as one million new malware threats are released into the wild every day or a total of 217 million in a calendar year.

In 2017, AV-Test released research indicating that the number of new malware threats had declined for the first time ever, down to 127 million over the year.

Viruses can lay dormant until the user performs an action that triggers it, meaning there’s not always an indication that something’s even amiss. Worms infect specific files, such as documents, and self-replicates itself once it’s inside a target system.

For individual internet users, network architects and IT specialists, anti-virus and anti-malware programs are still necessary for keeping this class of threats at bay. For IT departments especially, high-profile computer bugs are a reminder that a vast majority of attacks target unpatched software and out-of-date hardware. The number of new threats might be gradually declining, but the severity of these threats hasn’t abated.

3. Compelling Students to Enter the STEM Fields

Let’s switch focus for a moment and look at the next generation of people who will detect, fix and communicate about modern threats on the digital seas. All of the STEM fields are vital to national competitiveness but, of the top college majors ranked by a number of job prospects, computer science takes first place.

According to the National Bureau of Economic Research, skills obtained in the fields of math, science and technology are increasingly transferable to, and relevant in, a wide variety of industries and potential career paths. Part of the reason is the ubiquity of technology and the rate of data exchange across the world, which powers commerce, finance, and most other human endeavors.

Unfortunately, the NBER has also indicated that the U.S. requires many more STEM students than it currently has, in order to compete in a digital and globalized world.

The number and types of cyber threats are a huge part of the reason why, with world powers and unknown parties engaging in cyber-espionage and attempted hacking at regular intervals, against both private and public infrastructure. Making a stronger push to get kids interested in these fields will also help address unemployment and opportunity gaps in struggling communities.

4. DDoS Attacks

For companies whose business model revolves around selling digital services, or selling anything else online for that matter, DDoS attacks can be crippling, not to mention ruinously expensive due to lost revenue.

DDoS attacks have made a lot of news recently thanks to WannaCry and others, but the motivation behind them seems to be shifting. Perpetrators today are less concerned with crippling a target’s infrastructure and more interested, potentially, in using DDoS attacks as a distraction while they carry out more sophisticated penetration attempts without interference.

Either way, using the Internet of Things to overwhelm an organization’s digital infrastructure is a type of network security threat became more common in 2017 than in 2016 — up 24 percent — with no obvious signs of relenting. Early detection is the best weapon, as are Web Application Firewalls. Both solutions require either an attentive in-house IT team or effective collaboration with your service provider.

5. Cryptojacking

Cryptocurrencies are either worthless or about to take off in a big way. But despite the uncertainty over its future, the limited applications, and the slow adoption rate, “crypto-jacking” is becoming a favorite pastime of hackers.

Cryptojacking occurs when a malicious app or script on a user’s digital device mines cryptocurrency in the background without the user’s knowledge or permission. “Mining” cryptocurrency requires a fair amount of hardware power and other resources, meaning users who’ve been cryptojacked will find that their programs and devices don’t work as expected.

Worse, the sheer variety of techniques used to introduce cryptojacking scripts into counterfeit and even legitimate web and mobile applications is positively dizzying. And since they come in all shapes and forms, cryptojacking attacks could well have other underhanded intentions beyond mining cryptocurrencies, including accessing forbidden parts of the code or sensitive user information.

6. Bring Your Own Device

Let’s close with a few words of advice about BYOD — bring your own device — policies in the workplace. There are clear benefits to allowing employees to use their favorite devices at work, including higher productivity and morale. But doing so also introduces a panoply of potential security threats.

IT departments already struggle sometimes with keeping computers and devices patched and updated, and the public struggles even more. Thanks to the fragmented nature of the Android operating system, for instance, “most” Android phones and tablets in operation today are not running the latest security fixes, according to security vendor Skycure.

Your employees and your business have a lot to gain from implementing BYOD. But doing so requires a comprehensive set of rules for employees to abide by, including turning on auto-updates for OS patches, completing training on how to respond to phishing attempts and other cybersecurity threats, and delivering regular reminders about good password hygiene.

No network security threat is insurmountable, but most of them do require vigilance — and in most cases, a great IT team or a security-minded vendor.

Source: https://www.readitquik.com/articles/security-2/6-network-security-challenges-in-the-year-ahead/

Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test