Archive - 2018

Governments should use buying, regulatory power to fight botnets: Expert
New year, new defence: Cybersecurity help and predictions for 2018
Banking on security in an environment of threats
Stay vigilant ? cyber threats not over yet
UK businesses fear DDoS attacks hijacking their devices
CISO Challenges in 2018

Governments should use buying, regulatory power to fight botnets: Expert

Draft U.S. government recommendations on ways to reduce the threat of automated botnets launching denial of service attacks and spreading malware are too weak, says a cyber security expert.

The report from the departments of Homeland Security and Commerce issued last week, ?definitely did not go far enough,? John Pescatore, director of emerging security trends at the SANS Institute, said in an interview.

While praising the report?s urging that manufacturers and end users follow best practices in cyber hygiene, much of it came down to ?let?s do the same thing we?ve been doing, but more ? more information sharing, government standards,? Pescatore complained.












Instead, he said the U.S. ? and all governments around the world ? should use their existing buying and regulatory power to force organizations to better use current technology and force makers of Internet of Things devices to tighten their security.

For example, Pescatore said, the report suggests Washington develop profiles for denial of service protection, then go to the private sector and say it should be providing denial of protection services. ?We (already) have denial of service protection services out there,? Pescatore said. ?If the government were simply to say every government Web site that touches data or provides information to the public must use denial of service protection services, that would help drive the entire market to ensure they use those types of services.

?And if it said everyone who does business with the (U.S.) government over the Internet must also be using denial of service protection services that also would help. Instead what this report did is say, ?OK, once we can write documents that would have a government definition of denial of service protection services, then we can talk about doing something.??

As for IoT manufacturers, Pescatore said there?s no reason for more study. Most governments already have regulatory agencies covering a wide range of products from food to medical devices to transportation that have safety mandates. They should issue cyber security regulations as well, tailored for those industries.

Instead, he said, the report suggests an ecosystem-wide solution is needed. But ?making a self-driving car as secure as a medical implant is impossible.?

Pescatore isn?t the first to say regulators have to do more to control IoT devices. U.S. digital security expert Bruce Schneier said much the same thing at last November?s SecTor conference in Toronto. It was also hotly debated at the RSA Conference.


New year, new defence: Cybersecurity help and predictions for 2018

Organisations will adopt AI and other emerging technologies to help fight this year’s growing cyber threats.

With 2017 seeing an enormous number of data breaches, businesses should be looking at their cybersecurity processes and planning how to effectively monitor their network security in the year to come. With massive developments in monitoring and AI providing unmissable cybersecurity opportunities, here are five predictions of what we expect to see in 2018.

1. Organisations will increasingly adopt AI-based systems to help with Cybersecurity

In 2018, we?ll see companies using AI-based tools to benchmark their networks to ensure that companies know exactly what systems should ?normally? look like, allowing abnormalities to be identified faster before cyber incidents become full-blown attacks.

Despite hackers constantly evolving their attack methods to target new vulnerability points and bypass existing defence systems, AI-based tools can use real-time analytical models to search for anomalies. While analysts still need to decide whether these anomalies require urgent action or not, AI can help make them more productive.

We can also expect to see AI being used more to evaluate and prioritise security alerts. This will automate the more routine procedures that analysts have to undertake, and may even reduce threat related ?false positives? alerts in networks. Many companies are relying on rule-sets provided by third-party providers to deal with false positives, and they often don?t have the ability to tune and change the rules. This means that they either suffer the false positives and ignore them, or turn off that rule if the false positives are too prevalent ? neither of which is an effective strategy.

AI-based systems can help by filtering out the noise of false positives, making it easier for analysts to identify, and focus on, the real threats.

2. Companies will handle breach communication much better than they did in 2017

PayPal is a great example of this. The company should be commended for implementing good hygiene practices that resulted in identifying and announcing the breach at TIO on 4th December, and for showing leadership in claiming responsibility for dealing with the outcome. We?re set to see a big difference between those companies that try and sweep breaches under the carpet, and those that are set up with the right processes to investigate breaches and respond appropriately. Those who attempt to hide breaches ? we?re looking at you Uber – will be treated with contempt by customers and the media, as indicated by surveys that indicate as many as 85% of respondents wouldn?t do business with firms that had suffered a data breach.

Of course, on 25th May, 2018, the General Data Protection Regulation (GDPR) will come into effect, which means companies will have to notify the Information Commissioner?s Office (ICO) of a breach within 72 hours, or a fine of up to 4% of global revenue.

Sensible organisations will look to implement stronger protection using application whitelisting, encryption and other techniques and improve their detection capability. They should also look to collect and store more definitive evidence about what takes place on their networks ? in the form of more verbose log data, NetFlow history and full packet capture. Without this, organisations will find it impossible to investigate a breach quickly enough to satisfy regulatory obligations.

3. Retailers will be far more risk averse during holidays

Companies have begun to accept that optimised monitoring needs to take place all year-round, and Christmas will be no exception. However, companies will become more risk adverse, and whether it?s a bank or a retailer, as the holiday period approaches, often there?s a ?blackout? period during which network and security teams are not allowed to make updates and changes to their networks other than urgent patches.

Threat actors may step their activity during the holiday period because there is a higher chance of evading identification and more to gain. This year, Shopify revealed that at the peak of Black Friday, online shoppers were making 2,800 orders per minute, worth approximately US$1million. Had Shopify experienced an outage of just five minutes during this busy period, it would have cost them US$5million in revenue. Protecting against outages ? such as might result from a Distributed Denial Of Service (DDOS) attack ? is critical at these times. Additionally, this volume of online activity makes it easy for hackers to hide their movements while everyone?s focus is on making sure systems stay up and handle the load.

4. New housekeeping and the end of BYOD

Basic house-keeping will play a big role in cybersecurity in 2018. We?ll see a lot more staff training, and more focus on patching and standardisation so that companies avoid attacks like the widespread ransomware outbreaks we saw this year.

We?re also likely to see more companies moving away from BYOD. The reality is that BYOD has simply proven too hard to regulate and the risk it poses too difficult to protect against. In sensitive networks, with a lot at stake, this risk is not acceptable any longer.

5. Increasing use of strong encryption, and attacks over encrypted connections.

We already know that encryption of network traffic is being used more frequently by attackers as way to hide evidence of their activity. Analysts and their detection tools can?t see into the payload of encrypted traffic.

Unless, of course, they have the encryption keys. If operators force all SSL connections to pass through a proxy, they can decrypt the traffic and see inside the payload. This allows the proxy to provide a clear-text version of the traffic to security tools for analysis, or to full packet capture appliances like the EndaceProbe Network Recorder.

?We should expect to see the adoption of SSL proxy appliances increasing in 2018 ? great news for companies like Ixia, Gigamon, Bluecoat, Juniper and others that make these appliances.


So, will 2018 be just as unpredictable when it comes to cybersecurity, data breaches and network infiltration? Chances are, most likely it will. However, with the right plans, practices and network monitoring in place, companies can at least prepare themselves for the worst, and prevent any possible breaches from being anywhere near as extensive as those that took place in 2017.


Banking on security in an environment of threats

The global financial crisis of 2008 was a piercing wake-up call for the financial industries of the world. It brought several regulatory and legislative changes in its wake, all aimed at preventing the recurrence of such an event. But the years since then have seen a different kind of threat emerging. The warning sirens are more frequent than before and more insistent.

Banks and financial institutions seek to stay relevant and competitive with providing convenient, personalized services to their customers. For this, they collect and analyze huge volumes of sensitive customer data. All this information is stored and accessed online. And this makes them prone to cyber attacks. Cybercriminals exploit vulnerabilities in digital systems to perpetrate attacks of different natures and complexities. Incidences of such attacks have been increasing over the years, and unless we take great care, cyber attacks could easily be the cause of the next global financial crisis.

Only recently, US credit reporting bureau Equifax suffered a huge data breach, resulting in significant loss of data, which included the personal details of over 145 million people across the US, UK, and Canada. This event triggered a rethink of data protection laws in the US. Earlier in 2017, the Llyods Banking Group was hit by a major DDoS (Distributed Denial of Service) attack over the course of 48 hours, as cybercriminals attempted to block access to 20 million UK accounts. Later in the year, several South Korean Banks were threatened with a DDoS attack if they did not pay a $315,000 bitcoin ransom.

Equally worrying, and just as dangerous, are attacks that gradually siphon off data over an extended period of time. Such attacks are generally perpetrated through malware, such as the TrickBot Trojan, which made an appearance in Latin America and targeted banks in over 40 countries.

Recent trends like P2P (peer-to-peer) banking, directives like PSD2 (Revised Payment Service Directive), and initiatives like the Open API Standards for banking in the UK, while they all have their positives, have also inadvertently made the threat landscape riskier by providing more channels through which hackers can target systems. National and global authorities have introduced regulations to ensure that the financial industry takes the cybersecurity aspect of their business very, very seriously.

Under the EU General Data Protection Regulation, which will be enforced from May 25, 2018, organizations that are breached could attract a penalty of up to 20 million Euros or 4 percent of their annual global turnover, whichever is higher. India is in the process of instituting a Computer Emergency Response Team in Financial Sector (CERT-Fin), which will work closely with all financial-sector regulators and stakeholders on issues of cybersecurity.

Cyber threats are evolving as fast as the counter-measures being adopted to combat them. It is therefore essential for banks and financial institutions to be armed with agile cybersecurity strategies that identify potential threats, prevent attacks, and enable fast recovery. The banking industry should continue to invest significantly in cybersecurity ? as they traditionally have ? because their business is heavily dependent on customer trust.

As the open banking phenomenon grows, and different sets of data become digitally interconnected, the industry needs to protect customer data more fiercely than ever. A security breach can damage not just the company?s revenues, but also its reputation. A?recent consumer study revealed that 50 percent respondents would consider switching banks if they suffered a cyber attack, while 47 percent said they would ?lose complete trust? in their bank if such an event occurred.

The BFSI industry needs to look at adaptive, round-the-clock methods of detection, defense, and counter-attacks against cyber threats. Help is readily available in the form of third-party security service providers, who have the requisite expertise to offer comprehensive, assured protection. It is also an encouraging sign that investments in security operation centers (SOCs) are on the rise.

The 2008 financial crisis taught the financial industry that it needed to adopt a more responsible approach towards risk management. The years since have delivered a recurring lesson ? the pertinence of keeping abreast of the latest in security threats and solutions and investing in security applications that can adapt to the current and future changes in one of our most important and vulnerable industries. Let?s act as we learn.


Stay vigilant ? cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more ?innovative? hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

?Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,? he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

?They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,? he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were ?awakened? by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab?(picture)?was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim?s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

?Company should subscribe cloud traffic scrubbing services such as ?Cloudflare?, as well as having alternative Internet line on standby (as back up, should the attack happen),? Fong said.

He said the incident should be treated as a learning curve to the public and industry.

?We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,? he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

?The public are now starting to question the data custodians? accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,? he noted.


UK businesses fear DDoS attacks hijacking their devices

Businesses are afraid wireless devices could be hacked and used as DDoS weapons, report finds.

Businesses are afraid their wireless devices can be hacked and used at weapons in DDoS attacks.

A new report from the Neustar International Security Council (NISC) found that many businesses are becoming increasingly concerned with the current international security landscape, with system compromises seen as the biggest threat, following by ransomware and financial data theft.

But unlike with other similar reports, this time businesses aren?t just sitting idly on this information ? they?re actually taking action.

What they usually do is keep a close eye on outgoing traffic, installing buffer servers that help them keep malware out, replace vulnerable access points, and make sure all members of staff are on the same page when it comes to safety guidelines and rules.

Almost half of businesses polled (43 per cent) hire specialist companies to help them with DDoS mitigation.

?As the cybersecurity landscape continues to evolve, and with businesses unsure about where the next attack will come from and what form it will take, there are clear challenges focusing their prevention and protection efforts,” said Rodney Joffe, head of NISC and Neustar senior vice president and fellow.

“But DDoS has long been seen as a severe threat to companies, reaping tremendous impacts and steadily increasing in incidence. The sheer volume of traffic caused by DDoS attacks make them hard, but not impossible, to mitigate and for businesses to have the best chance of success in fighting against them, they need to make them a priority?.


CISO Challenges in 2018

To stay ahead of threats, CISOs will need to enter 2018 in steep learning mode. Their priorities will include integrating artificial intelligence, protecting against increasingly advanced Distributed Denial-of-Service (DDoS) attacks, pressuring IoT vendors to build enterprise-class devices and deciding what blockchain technology may mean to them.

When it comes to leveraging IoT devices for DDoS attacks, the bad guys tipped their hand in 2016 with the Dyn DDoS attack, said Eric Cowperthwaite, managing principal at Citadel Services, a security and risk management consulting company. ?There?s way more of that coming?way more,? he said. Broadly speaking, enterprises lack good plans to deal with these types of attacks, he said.

The Dyn attack illustrates two separate issues that CISOs must address. One is the order of magnitude: While the attack is the same type of threat businesses often face, the leveraging of IoT devices amplified the amount of malicious network traffic used in DDoS attacks.

The second challenge isn?t just the operational stability problems such an attack can cause, Cowperthwaite said; it?s also the damage to the company?s reputation when it becomes known that its inadequately secured IoT network enabled the attack.

CISOs need to pressure vendors to add instrumentation to IoT devices entering the enterprise, so that commercial devices are at least hardened from attack and defendable. ?If CISOs don?t apply pressure on those vendors, who will?? he asked.

CISOs must be able to monitor their networks so that it?s possible to tell when trusted?or supposedly trusted?devices are behaving appropriately. ?If it?s not acting correctly, you should take it off the network,? Cowperthwaite said.

Also high on the CISO?s priority list should be figuring out how to use artificial intelligence to automate event management. ?If we don?t figure out how to use AI to deal with the masses of data that we have, we?ll never get ahead,? Cowperthwaite warned. He suggested automating basic security so people aren?t looking at first-level event data. ?Why aren?t we taking all that event log data and running it through an AI that will look for anomalies before we do anything else??

CISOs also can take a page from Agile to tackle other persistent cybersecurity challenges, and move away from security-event firefighting and into more of a business advisory role.

Finally, while blockchain technology may or may not be your friend, it most likely will be more than a passing acquaintance by year?s end. CISOs need to learn about distributed trust systems as well as the technologies and tools that help ensure transaction integrity, irrefutability and nonrepudiation. CISOs then can consider business risk when it?s time to establish governance for the new players on the block.


Copyright © 2013. Created by Meks. Powered by WordPress.