Category - Block DDoS

1
How traffic scrubbing can guard against DDoS attacks
2
Cyberattacks now cost businesses an average of $1.1M
3
Security Think Tank: Smart botnets resist attempts to cut comms
4
U.S. Tech Giant Cloudflare Provides Cybersecurity For At Least 7 Terror Groups
5
2018 In Review: Healthcare Under Attack
6
In the DNI reported on DDoS-attack on the site of the national police
7
60 Cybersecurity Predictions For 2019
8
The Nigerian Cyber Warfare Command: Waging War In Cyberspace
9
Telcos struggling to mitigate the threats of cyber attacks
10
SIDN, NBIP warn small businesses of increased risk of DDoS attacks

How traffic scrubbing can guard against DDoS attacks

Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed

What was possibly the world’s biggest distributed denial of service (DDoS) attack in February 2018 was stopped in its tracks after 20 minutes because there was a DDoS protection service in place.

The attack on GitHub, a popular online code management service used by millions of developers, experienced incoming traffic of 1.3Tbps, bombarded by packets at a rate of 126.9 million per second. Within 10 minutes of the attack, GitHub had sounded the alarm and routed its traffic to its DDoS mitigation service Akamai Prolexic, which sorted out and blocked the malicious traffic.

GitHub is not alone, as DDoS attacks have grown in intensity and become more sophisticated. Since 2017, businesses in the Asia-Pacific (APAC) region started to experience DDoS attacks at almost the same rate as North American businesses, which have traditionally been the most targeted, said Shahnawaz Backer, security specialist for APAC at F5 Networks, based on F5’s data.

And ASEAN organisations are not standing still. The DDoS market in ASEAN has seen significant growth, accounting for 20% of the APAC market, according to Frost & Sullivan.

A growing number of enterprises are investing in DDoS solutions, especially cloud-based DDoS mitigation services, with a shift away from a service-provider-centric market.

A DDoS attack is one of the most complex threats that businesses can face. The goal of the individual hacker, organised criminals or state actors is to overwhelm a company’s network, website or network component, such as a router. To begin with, organisations have to determine whether a spike in traffic is legitimate or is an attack.

“Without a solid understanding of baselines and historic traffic trends, organisations are unlikely to detect an attack until it is too late,” said Sherrel Roche, senior market analyst at IDC’s Asia-Pacific business and IT services research group.

Landbank, the largest government-owned bank in the Philippines, has taken the step of implementing F5’s BIG-IP local traffic manager to understand its application traffic and performance better, as well as to gain full visibility into customer data as it enters and leaves an application. This enables the security team to inspect, manage and report fraudulent transactions as soon they are spotted.

Complementing that is an on-premise application level layer 7 DDoS mitigation service to ensure mission-critical applications are protected against application-specific attacks.

It can be relatively simple to launch a DDoS attack with readily available DDoS-for-hire services, and even people with little or no technical skills can launch a damaging attack.

One such attack, which generated over 170Gbps of traffic, was organised over chatrooms on the Steam game distribution platform and IRC (internet relay chat), with many participating members using downloaded tools. These included a YouTube tutorial by a 12-year-old developer, said Fernando Serto, head of security technology and strategy at Akamai Technologies APAC.
Part of the challenge of DDoS is the complexity of these attacks. Not only are there several categories of attack method, but each category has a host of different attacks. The same target can also be attacked using several different attack vectors.

On top of that, some attacks can be hard to detect. One notable attack involved overwhelming the target’s DNS (domain name system) server through a series of bursts that lasted several minutes, instead of a sustained attack.

“This led to defender fatigue as these bursts of traffic were coming in over a long period of time, and detection, let alone mitigation, of these types of attacks becomes very difficult,” said Serto.

DDoS attacks are unlike other cyber attacks, where patches and locally installed security appliances can block an attack altogether. The defence calculus for denial of service is different because no organisation can prevent or block all DDoS attacks on its own, said Gartner senior analyst Rajpreet Kaur.

So the decision to invest in DDoS protection is also not an easy one. DDoS mitigation is an expensive investment, which organisations do not easily choose unless they or their competitors have suffered an attack.

“While multinational and global firms will invest, the cost may deter smaller, local firms,” said Kaur.

Also, IT infrastructure is getting more complex as enterprises move their applications and infrastructure to the cloud, requiring DDoS solutions to cater to different environments, said Frost & Sullivan network security senior industry analyst Vu Anh Tien.

Scrubbing clean

What GitHub relied on to counter the massive attack in February 2018 was scrubbing services, a common DDoS mitigation technique. Using this method, the traffic destined for a particular IP address range is redirected to datacentres, where the attack traffic is “scrubbed” or cleaned. Only clean traffic is then forwarded to the target destination.

Most DDoS scrubbing providers have three to seven scrubbing centres, typically distributed globally, said Gartner’s Kaur. Each centre consists of DDoS mitigation equipment and large amounts of bandwidth, which can be over 350Gbps, that feeds traffic to it. When customers are under attack, they “push the button” to redirect all traffic to the closest scrubbing centre to be cleaned.

Enterprise customers make use of scrubbing centres in two ways – one is to route traffic via the scrubbing centres around the clock, while others prefer to route traffic on demand when an attack occurs.

Given the complexity of security attacks and IT infrastructures, organisations are increasingly adopting hybrid models of protection, in order to protect against the broadest set of potential attack vectors. They often turn to an on-premise system that is the first line of defence, with the scrubbing centre stepping in when the on-premise technology is overwhelmed, said Backer.

IDC’s Roche added: “For bad traffic to be diverted to a scrubbing centre in a seamless action to reduce any downtime, organisations need to have seamless integration between cloud and on-premise solutions, implemented in front of an infrastructure’s network to help mitigate an attack before it reaches core network assets and data.”

Source: https://www.computerweekly.com/news/252456702/How-traffic-scrubbing-can-guard-against-DDoS-attacks

Cyberattacks now cost businesses an average of $1.1M

Malware and bots, phishing, and DDoS attacks are some of the top threats companies face, according to Radware.

The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018—up 52% from the year before, according to a Tuesday report from Radware. For companies with a formal cost calculation process, that estimate rises to $1.7 million, the report found, with the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%).

The report surveyed 790 IT executives worldwide across industries. These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%).

Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked, according to the report.

The most common types of attacks on enterprises are malware and bots (76%), socially engineered threats like phishing (65%), DDoS attacks (53%), web application attacks (42%), ransomware (38%), and cryptominers (20%).

Hackers are also increasing their usage of emerging attack vectors to bring down networks and data centers, the report found: IT leaders reporting HTTPS Floods rose from 28% in 2017 to 34% in 2018, while reports of DNS grew from 33% to 38%. Burst attacks rose from 42% to 49%, and reports of bot attacks grew from 69% to 76%.

“While threat actors only have to be successful once, organizations must be successful in their attack mitigation 100% of the time,” Anna Convery-Pelletier, chief marketing officer for Radware, said in a press release. “A cyberattack resulting in service disruption or a breach can have devastating business impacts. In either case, you are left with an erosion of trust between a brand and its constituency.”

To combat security threats in 2019, CXOs can follow these tips, and focus on training employees.

The big takeaways for tech leaders:

  • The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018, up 52% from the year before. — Radware, 2019
  • Top goals of cyberattacks are perceived to be service disruption (45%), data theft (35%), unknown reasons (11%), and espionage (3%). — Radware, 2019

Source: https://www.techrepublic.com/article/cyberattacks-now-cost-businesses-an-average-of-1-1m/

Security Think Tank: Smart botnets resist attempts to cut comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date.

When it comes to all kinds of cyber defence, it is always less expensive to prevent attacks and infections than to deal with them once they are in place.

This is especially true in the case of botnets. What is a botnet? A botnet is an army of mini-programs; malicious softwaredesigned to infiltrate large numbers of digital devices and then use them for any number of tactics.

For example, botnets can be instructed to steal data or launch huge distributed denial of service (DDoS) attacks and all while simultaneously stealing the electricity and computing power to do it.

Most organisations aim to have at least some cyber security in place. These fundamentals can include Items such as implementing the most effective choice of anti-malware, configuring digital devices and software with as much hardened security as practical and ensuring that security patches are always applied swiftly.

However, even when an organisation invests in implementing cyber security essentials, it is still no guarantee of a fully bot-free environment.

As shown in all of the major breaches that hit the headlines, hackers are very keen on remaining unnoticed for as long as possible. The dwell time is the term given to the duration between the initial intrusion and the point of discovery.

In many cases, Yahoo, Starwood and other mega breaches included, you might have noticed that the dwell time was measured not in hours, days, weeks or even months – it was years between the initial intrusion and eventual discovery.

Determined hackers design their bots to be as stealthy as possible, to hide as best as they can and to communicate as efficiently and discreetly as possible.

When researchers find new botnet armies, they often do it by accident and say things like, “We stumbled across this data anomaly”, eventually tracing the cause back to a new botnet force.

Although botnet communications may try to hide, the thing about bots is that they generally need to communicate to work. These botnets used to work through command and control servers. That meant that disconnecting communications between bots and their botnet command and control servers was enough to “decapitate” the bot and render it unable to steal anything or accept new commands.

However, newer botnets are smarter. They still need to communicate, but now many of them can spawn dynamic, peer-to-peer networks.

Bots do still need instructions to work and they also need destinations to send anything they steal. Identify and block those communication routes and your bots will cease to offer their bot master any value.

The challenge is that not all organisations use or install the technologies that can detect and block bots.

For the few organisations that do have the budget and motivation to ramp up their anti-bot defences, there is plenty that can be done.

It starts with ramping up the security that prevents initial infection and locking down unnecessary trust permissions. Prevention is still better than detection and the expenses involved in containing and resolving the threat. There is a huge difference in the efficacy of many security products and sadly, many of those with the highest marketing budget are far from the most effective.

There are also great, real-time security technologies that can detect, alert or block botnet activity in real-time. These operate by continually analysing network traffic and local system logs.

If your organisation does not have the budget for real-time monitoring, then it is still worth inspecting devices and checking for any suspicious processes that seem to be taking up a lot of memory – especially if any users are reporting their device has slowed down. That can be an indicator of compromise, but only when the botnet is awake and active.

And if you are wondering just how much of a threat botnets are, just think about this: most of our attention as cyber security professionals is on the botnets we can detect and eliminate from our own environments, but the internet of things and sub-standard security present in many devices means the internet is riddled with enough botnets to effectively stop the internet from working.

The only thing stopping that from happening at present is that it would harm rather than profit the hackers. After all, 2019 might just be the year when the proceeds from cyber crime reaches a trillion dollars.

Source: https://www.computerweekly.com/opinion/Security-Think-Tank-Smart-botnets-resist-attempts-to-cut-comms

U.S. Tech Giant Cloudflare Provides Cybersecurity For At Least 7 Terror Groups

American tech firm Cloudflare is providing cybersecurity services to at least seven designated foreign terrorist organizations and militant groups, HuffPost has learned.

The San Francisco-based web giant is one of the world’s largest content delivery networks and boasts of serving more traffic than Twitter, Amazon, Apple, Instagram, Bing and Wikipedia combined. Founded in 2009, it claims to power nearly 10 percent of Internet requests globally and has been widelycriticized for refusing to regulate access to its services.

Among Cloudflare’s millions of customers are several groups that are on the State Department’s list of foreign terrorist organizations, including al-Shabab, the Popular Front for the Liberation of Palestine, al-Quds Brigades, the Kurdistan Workers’ Party (PKK), al-Aqsa Martyrs Brigade and Hamas — as well as the Taliban, which, like the other groups, is sanctioned by the Treasury Department’s Office of Foreign Assets Control (OFAC). These organizations own and operate active websites that are protected by Cloudflare, according to fournational security and counterextremism experts who reviewed the sites at HuffPost’s request.

In the United States, it’s a crime to knowingly provide tangible or intangible “material support” — including communications equipment — to a designated foreign terrorist organization or to provideservice to an OFAC-sanctioned entity without special permission. Cloudflare, which is not authorized by the OFAC to do business with such organizations, has been informed on multiple occasions, dating back to at least 2012, that it is shielding terrorist groups behind its network, and it continues to do so.

The Electronic Frontier Foundation and other free speech advocates have long been critical of material support laws. The foundation described them as tools the government has used to “chill First Amendment protected activities” such as providing “expert advice and assistance” ― including training for peacefully resolving conflicts ― to designated foreign terrorist organizations. Many of the designated groups, the EFF has argued, also provide humanitarian assistance to their constituents.

But so far, free speech advocates’ arguments haven’t carried the day — which means that Cloudflare still could be breaking the law.

‘We Try To Be Neutral’

“We try to be neutral and not insert ourselves too much as the arbiter of what’s allowed to be online,” said Cloudflare’s general counsel, Doug Kramer. However, he added, “we are very aware of our obligations under the sanctions laws. We think about this hard, and we’ve got a policy in place to stay in compliance with those laws.” He declined to comment directly on the list of websites HuffPost provided to Cloudflare, citing privacy concerns.

Cloudflare secures and optimizes websites; it is not a domain host. Although Cloudflare doesn’t host websites, its services are essential to the survival of controversial pages, which would otherwise be vulnerable to vigilante hacker campaigns known as distributed denial-of-service attacks. As the tech firm puts it, “The size and scale of the attacks that can now easily be launched online make it such that if you don’t have a network like Cloudflare in front of your content, and you upset anyone, you will be knocked offline.”

Some of the terrorist sites that HuffPost identified on its server have been used to spread anti-state propaganda, claims of responsibility for terrorist attacks, false information and messages glorifying violence against Americans and civilians. But none of that really matters: Even if al-Shabab were posting cat videos, it would still be a crime to provide material support to the group.

“This is not a content-based issue,” said Benjamin Wittes, the editor in chief of Lawfare and a senior fellow at the Brookings Institution. “[Cloudflare] can be as pure-free-speech people as they want — they have an arguable position that it’s not their job to decide what speech is worthy and what speech is not — but there is a law, a criminal statute, that says that you are not allowed to give services to designated foreign terrorist organizations. Full stop.”

Intermediary websites are shielded from liability for illicit third-party content on their platforms, thanks to the U.S. Communications Decency Act (meaning, for example, that Twitter cannot be held legally accountable for a libelous tweet). This immunity is irrelevant with regard to the material support statute of the USA Patriot Act, which pertains strictly to the provision of a service or resource, not to any offending content, explained Wittes. In this case, Cloudflare’s accountability would not be a question of whether it should be monitoring its users or their content but, in part, whether the company is aware that it is serving terrorist organizations.

“If and when you know or reasonably should know, then you’re in legal jeopardy if you continue to provide services,” said University of Texas law professor Bobby Chesney.

In its terms of use, Cloudflare reserves the right to terminate services “for any reason or no reason at all.” Yet the firm has refused to shut down even its most reprehensible customers, with very few exceptions. Its CEO, former lawyer Matthew Prince, has made it clear that he believes in total content neutrality and that Cloudflare should play no role in determining who’s allowed online. His company is reportedly preparing for an initial public offering that would value it at more than $3.5 billion.

There is a law — a criminal statute — that says that you are not allowed to give services to designated foreign terrorist organizations. Full stop.Benjamin Wittes, senior fellow at the Brookings Institution

Cloudflare’s services range in price from completely free to north of $3,000 per month for advanced cybersecurity. (Kramer declined to say if the sanctioned entities HuffPost identified are paying customers. Material support law applies to both free and paid services.) Its reverse proxy service reroutes visitors away from websites’ IP addresses, concealing their domain hosts and giving them a sense of anonymity. This feature has made Cloudflare especially appealing to neo-Nazis, white supremacists, pedophiles, conspiracy theorists — and terrorists.

Screen Shot 2018-12-14 at 15.18.33

Cloudflare Knows

Cloudflare has knowingly serviced terrorist-affiliated websites for years. In 2012, Reuters confronted Cloudflare about websites behind its network that were affiliated with al-Quds Brigades and Hamas. Prince argued that Cloudflare’s services did not constitute material support of terrorism. “We’re not sending money, or helping people arm themselves,” he said at the time. “We’re not selling bullets. We’re selling flak jackets.”

That analogy bears little relevance. “Material support,” as defined in 18 U.S.C. § 2339B, refers to “any property, tangible or intangible, or service,” excluding medicine and religious materials. Contrary to Prince’s suggestion, it applies to more than money and weapons. A New York man who provided satellite television services to Hezbollah was sentenced in 2009 to 69 months in prison for material support of terrorism. And although the definition is broad, “it really covers anything of value,” Chesney said. “It’s meant to be like a full-fledged embargo.”

In 2013, after journalist James Cook learned Cloudflare was securing a website affiliated with al Qaeda, he wrote an article arguing that the web giant was turning “a blind eye to terrorism.” Prince published his responses to Cook’s questions about serving terrorist groups in a Q&A-style blog post titled “Cloudflare and Free Speech.”

Cook asked what safeguards Cloudflare had in place to ensure it was not supporting illegal terrorist activity; Prince listed none. Cook inquired whether Cloudflare would investigate the website he had identified; Prince suggested it would not. The site is still online and is still secured by Cloudflare.

“A website is speech. It is not a bomb,” Prince wrote in his post. “We do not believe that ‘investigating’ the speech that flows through our network is appropriate. In fact, we think doing so would be creepy.”

Creepy or not, if a company receives a tip that it has customers who are sanctioned terrorists or has reason to believe that could be the case, it should absolutely investigate so as not to risk breaking the law, experts said. (Kramer noted Prince’s remarks are “from six years ago” and said Cloudflare does take such tips seriously.)

“This is a criminal statute that we’re talking about, so companies bear a risk by putting their heads in the sand,” said Georgetown Law professor Mary McCord, a former head of the Justice Department’s national security division. “A company has got to spend money, resources [and have] lawyers to make sure it’s not running afoul of the law. The risk it takes if it doesn’t is a criminal prosecution.”

President Donald Trump’s administration also urges due diligence. “We encourage service providers to follow the lead of the big social media companies, whose terms of service and community standards expressly enable them to voluntarily address terrorist content on their platforms, while exploring ways to more expeditiously tackle such content,” a White House official told HuffPost.

The international hacktivist group Anonymous accused Cloudflare of serving dozens of ISIS-affiliated websites in 2015, which Prince shrugged off as “armchair analysis” by “15-year-old kids in Guy Fawkes masks.” In media interviews, he maintained that serving a terrorist entity is not akin to an endorsement and said only a few of the sites on Anonymous’ list belonged to ISIS. Prince hinted that government authorities had ordered Cloudflare to keep certain controversial pages online. The FBI, Justice Department, State Department, Treasury Department and White House declined to comment on that assertion.

Last year, Cloudflare disclosed that the FBI subpoenaed the company to hand over information about one of its customers for national security purposes. The FBI, which also uses Cloudflare’s services, rescinded the subpoena and withdrew its request for information after Cloudflare threatened to sue. Neither Cloudflare nor the FBI would comment on this matter.

Over the past two years, the Counter Extremism Project, a nonpartisan international policy organization, has sent Cloudflare four detailed letters identifying a total of seven terrorist-operated websites on its server. HuffPost has viewed these letters, which explicitly address concerns about material support of terrorism, and Kramer acknowledged that Cloudflare received them.

“We’ve never received a response from [Cloudflare],” said Joshua Fisher-Birch, a content review specialist at the Counter Extremism Project. Five of the seven flagged websites remain online behind Cloudflare today, more than a year after they were brought to the firm’s attention.

“I think they’re doubling down on free speech absolutism at all costs,” he added. “In this case, that means they’re going to allow terrorist and extremist organizations to use their services and to possibly spread propaganda, try to recruit or even finance on their websites.”

HUFFPOST

In August 2017, Cloudflare cut off services to the Daily Stormer, a website that had allegedly been involved in a neo-Nazi rally that month in Charlottesville, Virginia, where a counterprotester was killed.

‘Assholes’ vs. Terrorists

Kramer said he was not able to comment in detail on specific cases in which outside actors such as journalists and Anonymous informed Cloudflare about possible terrorist organizations using its services, but he noted that Cloudflare works with government agencies to comply with its legal obligations.

“Our policy is that if we receive new information that raises a flag or a concern about a potentially sanctioned party, then we’ll follow up to figure out whether or not that’s something that we need to take action on,” he said. “Part of the challenge is really to determine which of those are legitimate inquiries and which of those … are trying to manipulate the complaint process to take down people with whom they disagree.”

Cloudflare was flooded with such complaints in August 2017, when activists pleaded with the firm to terminate its services for the Daily Stormer, a prominent neo-Nazi website that was harassing the family of a woman who had recently been killed in violence surrounding a neo-Nazi rally in Charlottesville, Virginia.

Prince initially refused to drop the Daily Stormer, but as public outrage intensified, he reluctantly pulled the plug. “The people behind the Daily Stormer are assholes and I’d had enough,” he later said in an email to his team. The rationale behind that decision raised questions among Cloudflare’s staff, according to Wired.

“There were a lot of people who were like, ‘I came to this company because I wanted to help build a better internet … but there are some really awful things currently on the web, and it’s because of us that they’re up there,’” one employee said. Another wondered why Cloudflare would consider shutting down Nazis but not terrorists.

Source: https://www.huffingtonpost.ca/entry/cloudflare-cybersecurity-terrorist-groups_us_5c127778e4b0835fe3277f2f

2018 In Review: Healthcare Under Attack

Radware’s ERT and Threat Research Center monitored an immense number of events over the last year, giving us a chance to review and analyze attack patterns to gain further insight into today’s trends and changes in the attack landscape. Here are some insights into what we have observed over the last year.

Healthcare Under Attack

Over the last decade there has been a dramatic digital transformation within healthcare; more facilities are relying on electronic forms and online processes to help improve and streamline the patient experience. As a result, the medical industry has new responsibilities and priorities to ensure client data is kept secure and available–which unfortunately aren’t always kept up with.

This year, the healthcare industry dominated news with an ever-growing list of breaches and attacks. Aetna, CarePlus, Partners Healthcare, BJC Healthcare, St. Peter’s Surgery and Endoscopy Center, ATI Physical Therapy, Inogen, UnityPoint Health, Nuance Communication, LifeBridge Health, Aultman Health Foundation, Med Associates and more recently Nashville Metro Public Health, UMC Physicians, and LabCorp Diagnostics have all disclosed or settled major breaches.

Generally speaking, the risk of falling prey to data breaches is high, due to password sharing, outdated and unpatched software, or exposed and vulnerable servers. When you look at medical facilities in particular, other risks begin to appear, like those surrounding the number of hospital employees who have full or partial access to your health records during your stay there. The possibilities for a malicious insider or abuse of access is also very high, as is the risk of third party breaches. For example, it was recently disclosed that NHS patient records may have been exposed when passwords were stolen from Embrace Learning, a training business used by healthcare workers to learn about data protection.

Profiting From Medical Data

These recent cyber-attacks targeting the healthcare industry underscore the growing threat to hospitals, medical institutions and insurance companies around the world. So, what’s driving the trend? Profit. Personal data, specifically healthcare records, are in demand and quite valuable on today’s black market, often fetching more money per record than your financial records, and are a crucial part of today’s Fullz packages sold by cyber criminals.

Not only are criminals exfiltrating patient data and selling it for a profit, but others have opted to encrypt medical records with ransomware or hold the data hostage until their extortion demand is met. Often hospitals are quick to pay an extortionist because backups are non-existent, or it may take too long to restore services. Because of this, cyber-criminals have a focus on this industry.

Most of the attacks targeting the medical industry are ransomware attacks, often delivered via phishing campaigns. There have also been cases where ransomware and malware have been delivered via drive-by downloads and comprised third party vendors. We have also seen criminals use SQL injections to steal data from medical applications as well as flooding those networks with DDoS attacks. More recently, we have seen large scale scanning and exploitation of internet connected devicesfor the purpose of crypto mining, some of which have been located inside medical networks. In addition to causing outages and encrypting data, these attacks have resulted in canceling elective cases, diverting incoming patients and rescheduling surgeries.

For-profit hackers will target and launch a number of different attacks against medical networks designed to obtain and steal your personal information from vulnerable or exposed databases. They are looking for a complete or partial set of information such as name, date of birth, Social Security numbers, diagnosis or treatment information, Medicare or Medicaid identification number, medical record number, billing/claims information, health insurance information, disability code, birth or marriage certificate information, Employer Identification Number, driver’s license numbers, passport information, banking or financial account numbers, and usernames and passwords so they can resell that information for a profit.

Sometimes the data obtained by the criminal is incomplete, but that data can be leveraged as a stepping stone to gather additional information. Criminals can use partial information to create a spear-phishing kit designed to gain your trust by citing a piece of personal information as bait. And they’ll move very quickly once they gain access to PHI or payment information. Criminals will normally sell the information obtained, even if incomplete, in bulk or in packages on private forums to other criminals who have the ability to complete the Fullz package or quickly cash the accounts out. Stolen data will also find its way to public auctions and marketplaces on the dark net, where sellers try to get the highest price possible for data or gain attention and notoriety for the hack.

Don’t let healthcare data slip through the cracks; be prepared.

Source: https://securityboulevard.com/2018/12/2018-in-review-healthcare-under-attack/

In the DNI reported on DDoS-attack on the site of the national police

The website of the people’s militia department of the self-proclaimed Donetsk people’s republic was subjected to DDoS attacks, said the head of the people’s militia press service, Daniel Bezsonov.

According to him, this happened after the agency announced that Kiev was preparing a large-scale offensive in the Donbass.

“It has been established that the attack was carried out from the Ukrainian and Baltic IP addresses,” Betsonov quoted the Donetsk News Agency.

 In October 2016, the DPR announced that hackers from Ukraine had hacked and blocked the database of the self-proclaimed Donetsk People’s Republic pension fund, as a result of which payments to DPR residents were suspended.

Source: http://www.tellerreport.com/news/–in-the-dni-reported-on-ddos-attack-on-the-site-of-the-national-police-.BkyHtk6JE.html

60 Cybersecurity Predictions For 2019

I’ve always been a loner, avoiding crowds as much as possible, but last Friday I found myself in the company of 500 million people. The breach of the personal accounts of Marriott and Starwood customers forced us to join the 34% of U.S. consumers who experienced a compromise of their personal information over the last year. Viewed another way, there were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 countries in the 12 months ending in March 2018.

How many data breaches we will see in 2019 and how big are they going to be?

No one has a crystal ball this accurate and it’s difficult to make predictions, especially about the future. Still, I made a brilliant, contrarian, and very accurate prediction last year, stating unequivocally that “there will be more spectacular data breaches” in 2018.

Just like last year, this year’s 60 predictions reveal the state-of-mind of key participants in the cybersecurity industry (on the defense team, of course) and cover all that’s hot today. Topics include the use and misuse of data; artificial intelligence (AI) and machine learning as a double-edge sword helping both attackers and defenders; whether we are going to finally “get over privacy” or see our data finally being treated as a private and protected asset; how the cloud changes everything and how connected and moving devices add numerous security risks; the emerging global cyber war conducted by terrorists, criminals, and countries; and the changing skills and landscape of cybersecurity.

It’s the data, stupid

“While data has created an explosion of opportunities for the enterprise, the ability to collaborate on sensitive data and take full advance of artificial intelligence opportunities to generate insights is currently inhibited by privacy risks, compliance and regulation controls. The security challenge of ‘data in use’ will be overcome by applying the most universal truth of all-time—mathematics—to facilitate data collaboration without the need for trust from either side. For example, ‘zero-knowledge proof’ allows proof of a claim without revealing any other information beyond what is claimed. Software that is beyond trust and based on math will propel this trend forward”—Nadav Zafrir, CEO,Team8

“IT security in 2019 is no longer going to simply be about protecting sensitive data and keeping hackers out of our systems. In this day and age of big data and artificial intelligence—where cooperation on data can lead to enormous business opportunities and scientific and medical breakthroughs—security is also going have to focus on enabling organizations to leverage, collaborate on and monetize their data without being exposed to privacy breaches, giving up their intellectual property or having their data misused. Cybersecurity alone is not going to be enough to secure our most sensitive data or our privacy. Data must be protected and enforced by technology itself, not just by cyber or regulation. The very technology compromising our privacy must itself be leveraged to bring real privacy to this data-driven age”—Rina Shainski, Co-founder and Chairwoman, Duality Technologies

AI is a dual-use technology

AI-driven chatbots will go rogue. In 2019, cyber criminals and black hat hackers will create malicious chatbots that try to socially engineer victims into clicking links, downloading files or sharing private information. A hijacked chatbot could misdirect victims to nefarious links rather than legitimate ones. Attackers could also leverage web application flaws in legitimate websites to insert a malicious chatbot into a site that doesn’t have one. In short, next year attackers will start to experiment with malicious chatbots to socially engineer victims. They will start with basic text-based bots, but in the future, they could use human speech bots to socially engineer victims over the phone or other voice connections”—Corey Nachreiner, CTO, WatchGuard Technologies

“While next-gen technology like Artificial Intelligence (AI) and Machine Learning (ML) are transforming many enterprises for the better, they’ve also given rise to a new breed of ‘smart’ attacks. The ability to scale and carry out attacks is extremely enticing to cybercriminals, including use of intelligent malware. The rise in next-gen threats means that security professionals must be extra vigilant with detection and training against these threats, while also adopting new methods of automated prevention methods”—John Samuel, Senior Vice President and Global Chief Information Officer, CGS

“Cyber defenders have been researching and working on their machine learning/AI/deep Learning for a long time. We expect over the next 5 years that these technologies will also empower adversaries to create more powerful and elusive attacks through a new generation of tools, tactics and procedures. While AI/ML-savvy offensive cybercriminals are in their infancy, this is like any other business. They will invest in whatever provides them the greatest return. Unlike defenders, those on the offense are willing to collaborate and share innovation freely, which could increase rapid development and innovation”—David Capuano, CMO and VP Sales, BluVector

“Automation is the name of the game in security and machine learning is here to help. AI is all about automating expert systems, and security is all about experts answering some form of the question: ‘Does this matter? Does this alert matter? Is this vulnerability risky?’ Machine learning will help filter out the noise, so that the limited number of practitioners out there can use their time most efficiently”—Michael Roytman, chief data scientist, Kenna Security

“Recent updates to exploit kits, specifically natural language and artificial intelligence capabilities, has made the automation of highly convincing and unique social engineering emails a very simple process. Meaning, an attacker can upload a file with one million email addresses and can automate the creation of effective and unique phishing messages to send out to victims”—Brian Hussey, VP of Cyber Threat Detection and Response, Trustwave SpiderLabs

When it comes to using AI in cybersecurity, be wary. AI offers companies huge potential, but it is a largely untapped area. If you do plan to implement it, do a proof of concept to make sure that it integrates into your company’s environment, ensuring that you’re getting the maximum value”—Joan Pepin, CISO and VP of Operations, Auth0

“The focus on artificial intelligence in cybersecurity has led to an arms war, with vendors ratcheting up claims about the number of models or features to sensational levels. In 2019, the focus will shift from quantity to quality of features. Both vendors and their users will recognize that fewer, more precise features, can improve threat detection rates, while ensuring virtually zero false positives”—Adrien Gendre, North American CEO, Vade Secure

As AI-enabled apps continue to proliferate, companies will face a rise in accidental vulnerabilities. Expect to hear about more breaches that aren’t a result of a hack, but can be mapped back to developers leaving large data pools (which power AI-enabled applications) accidentally unprotected. Companies need to be vigilant when working with large data pools, especially customer data, that feed AI in services like Amazon, Facebook and Google, and always double check their configurations”—Alex Smith, Director of Security Products,Intermedia

“With fraud attack rates expected to continue to increase in 2019, costing e-commerce retailers billions of dollars, AI is poised to play a huge role in stopping bad actors in real-time before they strike. Artificial intelligence and machine learning, enhanced by human research, have the ability to protect online merchants from abuse at both the account level and the point of transaction.  AI-driven solutions are becoming a necessity because they instantly prevent fraud, enabling retailers to scale and keep up with the e-commerce giants without sacrificing the consumer experience. Finally, fraud prevention models that use AI can be personalized based on a nuanced understanding of each merchant’s specific pain points and historical data”—Michael Reitblat, Co-Founder and CEO, Forter

The emerging global cyber war

Terrorist-related groups will attack population centers with crimeware-as-a-service. While terrorist-related groups have been tormenting organizations and individuals for years, we anticipate more potentially destructive attacks in 2019. Instead of breaking systems with ransomware, adversaries will leverage new tools to conduct harmful assaults on targeted subjects and organizations. From attacks on data integrity that essentially kill computers to the point of mandatory hardware replacements, to leveraging new technology for physical assaults such as the recent drone attack in Venezuela, attack surfaces are growing and enemies will take advantage. To combat this, organizations must take inventory of their attack landscape to identify and mitigate potential threats before they are exploited. Malcolm Harkins, Chief Security and Trust Officer, Cylance

“We expect nation-state threats to increase significantly in 2019, particularly targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are constantly looking to gain access to the critical infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems (national security, public health, emergency communications, and more)”—Mike McKee, CEO, ObserveIT

“The nature of cyberwarfare is changing. Russia has led the way in the use of targeted cyber actions as part of larger objectives, and now other nation states are looking to follow the same playbook. While a direct cyberwar is not on the horizon, there will continue to be smaller proxy cyber wars as part of regional conflicts where larger nation state actors provide material support to these smaller conflicts. These regional conflicts will be testing grounds for new tactics, techniques and procedures as larger nation states determine how cyber warfare integrates into their larger military objectives. Nation states will also start experimenting more this year in adding ‘disinformation’ campaigns as part of their cyber warfare efforts. These kinds of attacks will make true attribution more difficult”—Sean McNee, Senior Data Scientist, DomainTools

“As the cyber threat landscape intensifies, adversaries will continue to discover new avenues for attacks. Although satellites aren’t the most common attack surface, it is important for industry professionals to acknowledge the capabilities that threat actors hold over them. Security concerns continue to grow within the satellite industry, with execs even forming a government-backed clearinghouse to share information on cyber threats to space assets. From military satellites to GPS technology and even communication satellites, adversaries are able to conduct targeted attacks to gain access to these crucial systems—some of which are highly classified networks. As these threat actors refine their skills, we anticipate major attacks on satellite systems as a new form of nation-state warfare”—John Cassidy, CEO and Co-Founder, King & Union

The year of protected privacy, finally?

Managing privacy will be the new normal, like securing data or paying taxes. Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes”—Chris Babel, CEO, TrustArc

Consumers will start to reclaim control and monetize their data. Ownership of customer data will transition away from businesses and back toward customers themselves, and new services will emerge that empower customers to even monetize their own personal data and rent it back to companies. Data is the fuel that powers AI, and customers will realize they have the power to drive their own AI-based experiences by reclaiming data control”—Dr. Rob Walker, vice president, decision management and analytics, Pegasystems

“GDPR was a great first step, but global regulation and governance still remain a complex web. The United States will continue to fall further and further behind in competency and international relations as our federal compliance efforts simply aren’t moving fast enough to meet worldwide requirements. Countries where privacy is prioritized and seamlessly integrated will see the most optimal growth”—Tomas Honzak, Chief Information Security Officer, GoodData

“Data protection legislation will continue to influence societal expectations on security, which will trickle down to companies and their supply chains.  Consumers have always felt protective of their data, but with new legislation redefining the data landscape, consumers have grown more confident in demanding their data be treated with respect, that its uses are kept visible and clear, and that it is used only as they agreed. The pressure these new societal expectations will exert cannot be overstated, both on public-facing companies and through them all the way down their supply chains. Make no mistake, security and data handling are seen now by all successful companies to be as critical to business and contracts as confidentiality and liability limits have always been”—Geoff Forsyth, CTO, PCI Pal

There will be a lot more focus on privacy and security of connected cars. The information from the connected car is arguably more sensitive than our credit card information – where do we go, when do we go there, when are we home, where do we shop and work, where do our kids go to school and what locations do we go to at what time. There will be breaches of this personal information and bad things that happen as a result. There will be more of the takeover scenarios where an external (bad) actor can take over the technology. This too will result in backlash and involvement of political and legal entities to begin to make laws and precedents. What can law enforcement access and discover to use for investigation purposes?”—Todd Walter, chief technologist, Teradata

“As privacy concerns grow, there will be an increasing interest in privacy-preserving machine-learning techniques that are able train accurate models without compromising privacy”—Prasad Chalasani, Chief Scientist, MediaMath

The global regulatory environment will become more challenging as regulators and governments worldwide continue to strive to implement better data privacy protection as was done with GDPR. While this is a great progress, we’re going to see these governments counter to gain more access to information”—Phil Dunkelberger, CEO, Nok Nok Labs

“As governments implement new data privacy regulations, enterprises will increasingly adopt a ‘Privacy First’ approach to data management. However, the challenges these enterprises will face as they seek to integrate data privacy best practices into their existing applications, as well as new mobile, IoT and other applications, will be significant. Enterprises will need AI-powered, automated, outcome-driven data management solutions to address these challenges if they hope to implement strong data privacy policies without sacrificing productivity or agility”—Don Foster, senior director of worldwide solutions marketing, Commvault

“In 2019, the US government will NOT adopt any new digital privacy policies despite the recent congressional hearings with Twitter, Facebook, Google, etc.”—Kevin Lee, Trust and Safety Architect, Sift Science

The Cloud changes everything and everything is connected… and vulnerable

“Your smart fridge will start scamming you. IoT-connected appliances such as refrigerators and washing machines already produce unattended payments that the user cannot personally verify. Fraudsters see this vulnerability now and will begin to take advantage of it”—Uri Rivner, Chief Cyber Officer, BioCatch

“In 2019, the two main targets for cyber-attackers will be the cloud and user devices. Operating systems on user devices provide more functionality than ever before, making them more vulnerable and an easy target for attackers. At the same time, users will expect more flexibility and the ability to work with any OS, any application, and on any device. As organizations look provide security, privacy, and productivity, they will have to shift to a new, ‘zero trust’ device architecture”—Tal Zamir, CEO, Hysolate

“IoT, in its current state, is not secure. There are secure devices out there, but they are the exception rather than the rule. Perhaps more concerning is that there are no revolutions in IoT security on the horizon. IoT will continue to be vulnerable in 2019”—Erez Yalon, Head of Security Research, Checkmarx

“A marked shift from network security towards identity-based application security will take place next year. The cloud causes traditional control planes to become obsolete. From firewalls and IPS’s to host-based security tools, current technologies cannot be implemented in an effective and constructive manner. Application identities, in a similar process that user identity underwent in the last couple of years, will conquer the main stage”—Ran Ilany, CEO, Portshift

“With Waymo, Cruise, Uber and other autonomous vehicle industry players rushing to the market and expanding previously limited pilots to wider scale public deployments, we predict that a self-driving car used ‘in production’ will be hacked. The immediate implications are unlikely to be life-threatening, however, they will only strengthen concerns about a potential nightmare scenario like car ransomware”—Nir Gaist, CTO and co-founder, Nyotron

Teams will shift to prioritizing cloud-delivered security solutions over traditional appliance-based point products. In addition, teams will shift to simplifying security architectures by prioritizing solutions that provide consolidated feature sets that would have traditionally required numerous separate point products. This will be driven by a vastly expanded attack surface and necessary operational efficiency for understaffed teams”—Gene Stevens, CTO & Co-Founder, ProtectWise

“From Windows to IoTs, Apple and Microsoft have invested colossal amounts in information security to make it very difficult for attackers to enter. In addition, due the accelerated growth in the number of IoT vendors and a severe lack of regulation, significant investments are now being made in developing breakthrough attack capabilities in this field”—Eilon Lotem, CTO, SAM Seamless Network

IoT-enabled device innovation will continue to outpace the security built into those devices and Federal government regulation will continue to inadequately define the laws and fines required to affect change. State-level regulations will be enacted to improve the situation, but will likely fall short in impact, and in many cases, only result in a false sense of consumer confidence with respect to the security of these devices”—Carolyn Crandall, Chief Deception Officer, Attivo Networks.

Cyber breaches will have increased impacts on corporate stock prices, especially in the technology and cyber security sector. The rate at which we’re seeing attacks, and the breadth of the impact is alarming but as of yet haven’t had a large impact on stock prices. However, this will soon change as organizations complete their digital transformation and move to the cloud. Once this happens, a breach is going to have a larger impact on their revenue and as a result a detrimental effect on stock price. Another impact of companies moving operations and revenue to the cloud is we’re going to see more criminal and state organizations going after cybersecurity companies to infiltrate code in their distribution base or take them offline to get to the corporations themselves”—Stan Lowe, Global CISO, Zscaler

“Consumers and legislators alike are increasingly aware of the cyber risks facing the automotive industry as vehicles become increasingly connected.Due to the growing number of susceptible entry points in today’s connected cars, it is only a matter of time before the automotive industry experiences further significant cyber-related product recalls. Moving into 2019, it is imperative that OEM and Tier 1 suppliers ensure robust cyber security protections over the course of the vehicle lifespan. A multi-layered, end-to-end security solution that enables over the air system update capabilities will become the norm. Now is the time for automakers to be proactive and take the wheel in deploying effective solutions for automotive cyber security”—Yoni Heilbronn, CMO, Argus Cyber Security

“Cloud and DevOps transformations will rapidly gain pace in 2019, increasing the risk at the web application layer for enterprises. The reason for this increase is simple: the application layer used to be mostly static assets like marketing websites, but flash forward to today, it is now often the primary way an enterprise interacts with their customers (via full featured web applications or APIs that back mobile apps). This massive shift in functionality comes an equally massive shift in risk. The number one lesson for CISOs is that the transformation to cloud and DevOps will be successful if you can shift your security program from being a blocker to an enabler and focus on making your application and DevOps teams security self-sufficient”—Zane Lackey, Co-Founder and CSO, Signal Sciences

Endpoint security will be redefined by detection and response features (EDR), plus managed detection and response (MDR) services. Endpoint prevention (EPP) has been king of the hill for years, now more than 80% of these solutions fall behind on requirements to provide a combined prevention, detection, investigation, response, system management, and security hygiene as a solution set via a single agent for Windows, macOS and Linux systems. Less than 20% of organizations have the resources and skills for mature EDR solutions which will drive the need for MDR services to the majority of companies, even more so for 24/7 coverage”—Tom Clare, Senior Product Manager, Fidelis Cybersecurity

“With IoT growth posing huge unknown risks to enterprises with the introduction of 5G, businesses will increasingly need to invest in both technology and employee training in order to prepare for the next generation threat landscape. What’s more is that 5G will not only give rise to new threats, but it will also provide cyber criminals with new opportunities to carry out attacks that we have seen grow in popularity over the years with greater force and impact. With this in mind, even an organization that ‘does everything right’ to combat threats posed by 5G could still be impacted just as easily as those that are less security savvy”—James Willett, Vice President of Technology, Neustar

“As IoT innovation continues to blossom, more and more IoT devices will continue to get involved in DDoS attacks in 2019. Routers and cameras are the major types of IoT devices involved in DDoS attacks, with routers making up 69.7% of IoT devices exploited to launch DDoS attacks, and 24.7% of cameras in 2017. This is because a great number of routers and web cameras have been introduced into production and living environments, with no sufficient security measures enforced. We have every reason to believe that attacks leveraging the IoT will become more diverse in the future”—Guy Rosefelt, Director of Product management for Threat Intelligence & Web Security, NSFOCUS

“With the number of IoT technologies in the workplace beginning to outnumber conventional IT assets, there is an ever-increasing probability that these devices will be used as entry point by malicious actors to further compromise corporations for data breaches. Expect in 2019 to see this come to reality and several breaches will be directly tied to installed IoT technology”—Deral Heiland, IoT Research Lead, Rapid7

Industrial control systems are the wild-west of cybersecurity at the moment. These systems control factories, buildings, utilities, etc.  Most systems have little-to-no protection, and best practices are still being adopted very slowly. They also represent extremely high-value targets, especially from a strategic point of view.  A few new companies have entered the landscape, but it is still an extremely young industry”—Bryan Becker, application security researcher, WhiteHat Security

“At a time where nearly every device is connected to the internet, vendors should be taking security seriously. Too many of these products, toys, and phone apps that connect to the cloud in an insecure or unencrypted fashion and are at risk. Security issues have been plaguing the IoT market from the very beginning and it will only continue to exacerbate in 2019. IoT manufacturers will continue to race to introduce new products before their competitors bypassing secure coding practices resulting in products that add risk to corporate environments”—Karl Sigler, Threat Intelligence Manager, Trustwave SpiderLabs

“It’s important to consider the role of certificates in a world of connected devices. Nations (and more U.S. states) will follow California’s lead and enact legislation requiring security for IoT networks. This is particularly important for the healthcare, transportation, energy, and manufacturing sectors, which face the highest risk. The legislation stops short of prescribing strong forms of authentication—but thankfully, consortium groups such as the Open Connectivity Foundation and AeroMACS have championed the use of strong certificate-based authentication in their best practice standards for IoT—Damon Kachur, Vice President of IoT, Sectigo

“It may not seem like a big deal for an attacker to compromise your smart-lights, but those can connect to your smart home management device (e.g., Google Home, Amazon Echo), and from there propagate throughout both your physical and notional personal networks. And those networks can be tied to even larger ones that could result in high-profile DDoS attacks. Every added device is an added attack surface, and we’re in for a very rude awakening in the near future”—Ken Underhill, Master Instructor, and Joe Perry, Director of Research, Cybrary

Cybersecurity skill set transformation

“As IT organizations embrace public cloud environments, the threat of cyber-attacks and malicious attempts is a growing phenomenon. However, a gap still exists between the industry’s needs and what can be achieved with the available workforce. As cloud increasingly becomes a part of every IT environment, 2019 will be a key year for re-skilling the workforce, educating new talent and making the right moves to face the cyber challenge”—Avishai Sharlin, General Manager, Amdocs Technology

The role of CISO will become intertwined with CTO. Security will need to integrate into the operations of a business if it is to become an enabler rather than a blocker of innovation. The same can be said for the blurred lines between the roles of the CISO and CTO. We have seen time and again the c-suite take the brunt of the fallout following high-profile security breaches – where the buck used to stop long before the CEO, the fallout from a security breach increasingly takes senior management along with the security and teaching teams. As a result, the distinction between the traditional roles of the CISO and CTO will become yet more gray next year”—Ivan Novikov, CEO, Wallarm

“Security is increasingly starting at the developer level, a trend that will only grow next year. As an industry, we’ve realized that security should lie at the heart of any digital transformation initiative and should never be an afterthought but built-in by design. The code should be secure, as well as the design and processes. DevSecOps should be applied for applications as well as the cloud, infrastructure and work with partners. Organizations will look to create more security ambassadors at the developer level next year who can advocate for employee awareness around the individual’s role in overall security”—Brent Schroeder, CTO Americas, SUSE

“In 2018, cybersecurity was more widely accepted as a board level topic and senior executives became more aware about its impact on achieving business goals and brand protection. Looking toward 2019, boards will want to see objective measurement and validation of program effectiveness, and will continue to bring on independent cybersecurity advisors or add team members with experience in cybersecurity, putting more pressure on CISOs. As a result, the effectiveness of cybersecurity programs will rely more and more on CISOs and their ability to partner with the board and communicate security needs to them. CISOs that can communicate a clear strategy and a measurable plan will have increased support, as well as funding for key initiatives”—Andrew Howard, CTO, Kudelski Security

“It’s no surprise that we are currently in a massive deficit of qualified cybersecurity talent. In 2019, we will see a more modern approach to recruiting and retention in the cybersecurity workforce to fill this void and create more diversity. We will see an uptick in apprenticeship programs, more diverse training, recruiting practices and federal funding to help bridge the enormous talent and diversity gap the industry has today“—Jason Albuquerque, CISO, Carousel Industries

The ever-evolving cybersecurity landscape

“The security industry tends to look at future trends as monumental shifts in attack methodologies, security technologies, or predictions. In reality, shifts in attack methodologies, security technologies, and observations tend to be incremental. Spending 20% of your time enhancing controls on the security essentials can easily yield 80% of your security improvements. The remaining time should be spent on exploring more advanced technologies that can help fill some of the more niche gaps in your security program. In the coming year, shifts in attacks will be incremental if the same old attacks continue to work as they have in the past”—Jason Rebholz, Senior Director at Gigamon

In 2019, we will see advances in mobile biometric sensors. The industry has dipped its toe in the water in regards to fingerprint sensors being placed underneath phone screens as a solution to eliminate the “home button,” expect to see these screen sensors cannonball into becoming the norm. We may even see Samsung extend their capability with Iris beyond phone unlock and Samsung apps. There will be a battle as to which biometric is best, face or fingerprint, with focus on usability rather than performance rates, ultimately this will come down to user preference as to which is more convenient for individuals and fits better with their use cases”—John Callahan, CTO, Veridium

The demand for affordable, managed security service providers will increase dramatically in 2019 due to a rise in attacks on small and medium sized businesses as a result of successful monetization of ransomware, crimeware and extortion by criminal organizations. With the shortage of available security professionals in the workforce, one of the only places SMB’s will be able to turn to in 2019 are MSSPs”—Sharon Reynolds, Chief Information Security Officer, Omnitracs

”In 2019, healthcare organizations will be the number one target for attackers. The evolution of attacks has made it much harder to secure the industry, creating and growing an entire ecosystem that lends itself to multiple forms of fraud that the attacker can profit off of. For example, in healthcare, when protected health information (PHI) is stolen, attackers are able to steal identities, gaining access to medical information, which the attacker either uses or sells to then obtain prescriptions to be traded or sold illegally”—Bob Adams, cybersecurity specialist, Mimecast

“New, high-profile breaches will push the security industry to finally solve the username/password problem. The ineffective username/password conundrum has plagued consumers and businesses for years. There are many solutions out there—asymmetric cryptography, biometrics, blockchain, hardware solutions, etc.—but so far, the security industry has not been able to settle on a standard to fix the problem. In 2019, we will see a more concerted effort to replace the password solution all together”—Marcin Kleczynski, Founder and CEO,Malwarebytes

“In 2019 we will see an evolution in the two-factor authentication (2FA) process that directly addresses some of the most discussed fraud attacks. It’s a documented fact that the use of 2FA to stop unauthorized account access has exponentially decreased account takeover fraud around the globe, but as fraudsters have evolved, so too must the techniques used to combat them. The increasing prevalence of SIM swap fraud and porting fraud (where attackers take over an end-user phone number so they can intercept one-time passcodes) has led to more collaboration between online businesses and mobile network operators, who can tell those businesses (in real-time) when a SIM swap or porting change has occurred. What we will see as 2019 unfolds is the use of that data to augment 2FA, which will ultimately ensure the continued growing adoption of this important security step by both businesses and their users”—Stacy Stubblefield, Co-Founder and Chief Innovation Officer, TeleSign

“Year-end cyber predictions often focus on specific threat categories and whether or not to expect an increase or decrease in their activity. 2019, however, promises a more fundamental shift in the cyberthreat landscape, for example the impact of social media as an exploding vector for malicious activities and the implications for businesses protecting their assets. Cybersecurity is not an IT problem, it is far wider than just ‘computers’ and the threats ahead in 2019 will make this painfully obvious”—Raj Samani, Chief Scientist and McAfee Fellow, McAfee

“Fraud attacks continue to rise, and we can expect to see them increase in volume up to 2-3X in the coming year. In addition to an increase number of attacks, we anticipate cyber criminals will leverage new tactics to fool retailers and consumers. We will continue to see them utilizing compromised data obtained from data breaches, but beyond that we can anticipate the use of account take over efforts like attacking small and medium-sized online merchants that don’t have proper eCommerce fraud risk technologies, and attacking online merchants with high speed velocity, identity takeover, and brute force high volume attempts”—Steven Gray, Head of Payments, Tax and Fraud, Radial

In 2019, there will be continued consolidation of companies in the security sector, especially for those that have developed technologies that relate to Digital Identities (DIs), including the on-boarding of individuals behind the DIs, the authentication of the individuals behind the DIs (MFA), and the continual management of privileges and access (IAM)”—Todd Shollenbarger, Chief Global Strategist, Veridium

“Small organizations are finally realizing that they need to be as prepared as large organizations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organization. Additionally, we will see small businesses’ approach to cybersecurity impacting larger organizations through the supply chain vector. Hackers will take advantage of smaller organizations, which often fuel larger business’ supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger ‘targeted’ companies”—Brian NeSmith, CEO and co-founder, Arctic Wolf Networks

“Because security has not been built into established industries like utilities, these sectors are an easy target across the globe and a prime mark for attackers looking to engage in cyber warfare. While their vulnerability has been well-documented, I believe the industry won’t take the threat seriously until something significant occurs—but by then, it will be too late. As we head into 2019, expect this threat to intensify until it finally boils over and results in action. By 2023, Threat X predicts there will be a major attack on a US utility that will finally force the industry to address these vulnerabilities”—Bret Settle, CEO, Threat X

“Risk management is going to become an extremely critical topic for both the public and private sector next year.  As a nation, we are facing complex geopolitical issues and state-sponsored attacks targeting our businesses and government on an enormous scale. Large financial institutions and Silicon Valley companies have already experienced billions of dollars in losses due to decisions being made without effective Enterprise Risk Management. Data is both an asset and a liability and next year we are going to see the regulatory environment become even more complex around data governance, which will see Enterprise Risk Management become a huge priority for the c-suite and board”—David Pigott, Chief Compliance Officer, Neustar

Source: https://www.forbes.com/sites/gilpress/2018/12/03/60-cybersecurity-predictions-for-2019/#57c3994b4352

The Nigerian Cyber Warfare Command: Waging War In Cyberspace

As the threat of state-sponsored cyber-attacks increases, multiple nations are putting together ‘cyber-armies’ able to fight back. The US Cyber Command was created in 2009 with the aim of defending the country’s infrastructure from attack. North Korea also has a cyber warfare unit and in the UK, it was recently revealed that the nation is increasing its ability to wage war in cyberspace with the creation of a new offensive force of up to 2,000 people.

Another country upping its game is Nigeria, which has itself suffered from numerous incidents of cyber-terrorism after jihadist militants Boko Haram migrated to the internet. The nation claims Boko Haram is leveraging social media for recruitment and was responsible for defacing the Defence Headquarters website. The group is also blamed for a hack on the Independent National Electoral Commission (INEC) website on a presidential election day.

In 2016, the Nigerian Army announced plans to take the war against insurgency to the nation’s cyber space. The result is the Nigerian Army Cyber Warfare Command: 150 IT trained officers and men drawn from the corps and services in the Nigerian Army. Their aim: to monitor, defend and assault in cyberspace through distributed denial of service (DDoS) attacks on criminals, nation states and terrorists.

So what led to the setup of the Command? “There have been a lot of issues with Boko Haram and also general cybersecurity problems,” says Eric Vanderburg, vice president of cybersecurity at TCDI, who is also an author and speaker on information security. “Crime is widespread in Africa, but their economy is one of the largest.”

The Nigerian army says it has acquired state of the art technical equipment and experts from IBM are currently configuring its newly procured servers. With the capacity to protect the country’s critical infrastructure, the command will also monitor the Nigerian Army’s networks and advise field commanders on how to use the computer-based weapons systems.

But there will be challenges as the country tries to tackle years of crime taking place in cyberspace. For example, Nigeria is simply training existing officers who might have no previous knowledge or experience in cybersecurity.

“They are all former army and military personnel,” says Vanderburg. “But they really need – even if only for leadership – someone to provide that guidance and specific knowledge on some of the key areas to the new recruits to train them through a programme. I just don’t see how it could be effective without bringing in some experienced people.”

If there isn’t much action, Nigeria’s Command could be more about appearances. “I think it is posturing,” Vanderburg says. “They have resisted some of the cooperation from the US – we had the US-Africa Command, for example.”

In addition: “They have previously said they have eradicated the Boko Haram threat but it’s really still there beneath the surface,” Vanderburg points out. “I think that’s going to be a lot of what happens here: they will do something with the cyber command, maybe fix some small issue and declare the cyber problem fixed.”

Nigeria also wants to show criminals and other nations it is doing something about cybercrime in a country known for its scams and phishing emails. “I think there is going to be an increasing focus on Africa: with how many cyber-attacks are coming out of it and international pressure to solve the problem,” Vanderburg says.

Internationally, Vanderburg stresses the need for a group in each country as well as cooperation between nations. “Each country should have something that helps coordinate local resources in response to cyber threats, but those groups need to work together on an international scale to now identify the problem. If, for example, an event impacts five countries, each of those could then have local units able to respond it.”

Source:https://www.forbes.com/sites/kateoflahertyuk/2018/11/26/the-nigerian-cyber-warfare-command-waging-war-in-cyberspace/#142d9f342fba

Telcos struggling to mitigate the threats of cyber attacks

EfficientIP’s 2018 DNS Threat Report has revealed telecom organisations took an average of 18 hours to mitigate each cyber attack.

The telecommunications sector ranks as one of the worst businesses sectors in its handling of cyber threats.

According to the report from EfficientIP, 43% of telco organisations suffered from DNS-based malware over the past 12 months. It was also highlighted that 81% took three days or more to apply a critical security patch after notification.

Time and money
DNS attacks cost telco organisations, like any other, significant time and money.

In general, telcos are taking too long to mitigate an attack; requiring an average of three employees to collectively spend over 17 hours per attack.

Due to how time-intensive the mitigation process can be, the report found that the average cost per DNS attack is rising for the telecommunications sector. Last year, a single DNS attack cost a telco organisation $622,100. This year the research shows telcos lose an average of $886,560 from each DNS attack, an increase of 42% in just 12 months.
Commenting on the reason behind these attacks, David Williamson, CEO of EfficientIP says: “Telco organisations attract complex, sophisticated cyber attacks as they hold sensitive customer data, and are also critical for providing unified communication services to businesses With a large part of their customer base operating online, strong network security has become a business necessity for the entire telco sector in general. Ensuring consistency and reliability in service is a crucial step towards providing elevated customer satisfaction.”

Reputational damage
The ramifications on telcos’ brands, while undergoing cyber attacks, is damaging.

Brand reputation was likely to suffer due to service issues:

• 45% had to close down specific affected processes and connections.
• 38% suffered cloud service downtime.
• 33% reported a compromised website.
• 31% endured in-house application downtime.
• 30% reported sensitive customer information stolen.

Recommendations for telcos
Working with some of the world’s largest telecommunication brands such as Orange and Vodafone to protect their networks, EfficientIP recommends five best practices:

• Rethink and simplify DNS architectures by replacing intermediary security layers with an adapted DNS security solution. As well as reducing administration and maintenance costs, this helps guarantee availability of service.

• Augment your threat visibility using real-time, context-aware DNS transaction analytics for behavioral threat detection. Businesses can detect all threat types, and prevent data theft to help meet regulatory compliance such as GDPR and US CLOUD Act.

• Apply adaptive countermeasures relevant to threats. The result is ensured business continuity, even when the attack source is unidentifiable, and practically eliminates risks of blocking legitimate users.

• Decentralise DNS architecture to cope with heavy growth of traffic. In addition to enhancing user experience, placing purpose-built, high performance DNS servers in points of presence significantly improves security against DDoS attacks.

• Incorporate DNS into a global network security solution to recognize unusual or malicious activity and inform the broader security ecosystem. This allows holistic network security to address growing network risks and protect against the lateral movement of threats.

Source: https://www.information-age.com/telcos-cyber-attacks-123476699/

SIDN, NBIP warn small businesses of increased risk of DDoS attacks

Small and medium-sized businesses are much more at risk of DDoS attacks than many think, according to research by the Dutch domain registrar SIGN and the internet providers group NBIP. The two groups conducted research on the .nl websites affected by such attacks and the organisations affected. In total, 237 DDoS attacks were identified in the year to June 2018.

Web shops selling consumer goods such as clothes, cosmetics and garden equipment have a bigger chance of being hit by DDoS attacks, the research found. On average the resulting damage costs EUR 1.8 million.

A common cause is the use of shared hosting. To save costs, small online sellers often share a server with other websites. They are then affected if another site on the server is hit by an attack. The chance of collateral damage is 35 times higher in such a case.

The public sector and larger banks remain the most likely target of direct attacks. The study estimates the direct damage cost EUR 59.6 million, while collateral effects cost another EUR 10 million.

The damages are based on the 237 attacks identified and estimates for the consequences if the attacks succeeded. If no protective measures are taken, the total cost to society from DDoS attacks is estimated at EUR 1 billion per year.

Source: https://www.telecompaper.com/news/sidn-nbip-warn-small-businesses-of-increased-risk-of-ddos-attacks–1269808

Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test