Displaying items by tag: cybersecurity
Chinese media outlets have launched a scathing attack on the United States for its role in the arrest and subsequent detainment of Huawei’s CFO in Vancouver earlier this week.
The Japanese government has announced that it will ban telecommunications equipment manufactured by Chinese vendors Huawei and ZTE amidst fears about cybersecurity.
Russia, Ukraine, and other areas have been hit by a new strain of ransomware called ‘Bad Rabbit’. The ransomware is said to bear similarities to the WannaCry and Petya outbreaks that caused chaos earlier this year. According to reports, it’s unknown how far this new malware will spread.
US officials said “multiple reports of Bad Rabbit ransomware infections” had been reported “in many countries around the world”. The US computer emergency team said it “discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored.”
Russian news agency Interfax was affected by the ransomware and also Fontanka.ru. Ilya Sachkov, head of Russian cybersecurity firm Group-IB, said, “In some companies, the work has been completely paralyzed – servers and workstations are encrypted.” Most of the victims were located in Russia, according to Kaspersky Lab, and a few cases in Turkey and Germany.
Victims of the ransomware had their computer contents encrypted. The hackers asked for a payment to release the data – in this case 0.05 bitcoins which is about $280. It was only a matter of time before a new strain of ransomware came along, said Gregg Petersen from software firm Veeam. The attack appeared to be targeted at corporate networks.
“We continue to see this lucrative business of ransomware wreak havoc, as the perfect storm of poor maintenance of updates, weak security measures, employee and user errors of judgment, and pseudonymous crypto-currencies exist,” Petersen said.
Most anti-virus programs aren’t able to detect the ransomware, according to analysis by virus checking site Virus Total. The malware was distributed via a bogus Adobe Flash update, claims security firm Eset. The malware’s code, according to a screenshot posted by researcher Kevin Beaumont, referenced pop culture characters including the names of two dragons from Game of Thrones.
To prevent further attacks, Petersen suggests that updates should be maintained, processes to support IT securities policies should be adhered to, and robust IT defenses should be put in place. Organizations should also have backup data located off the live IT network, he said, which should be “a key part of your data management strategy.”
WeDo Technologies, a worldwide leader in revenue assurance and fraud management, announced that TPx Communications, a US-based premier provider of unified communications, managed IT and network connectivity, has selected its RAID Fraud Management Solution (FMS) to protect its expanding network and its customers from fraud.
With more than 80,000 enterprise customers, which include the country’s top financial services, education, government, retail and healthcare providers, TPx prides itself on guaranteeing 5-nines connectivity and bringing the latest technology advances to its customers.
Recently, the company was the first managed services provider in the US to offer 4G/LTE managed service offerings to business customers. While TPx sees an exciting future with these new technology developments, it also sees how complexity in the networks leaves it vulnerable to fraud.
The rise of LTE networks is providing huge industry opportunities for communication service providers that help better support customers, each day, every day. There is a high level of awareness on how complex fraud prevention really is, as traffic volumes escalate and fraudsters become more sophisticated. It is essential to ensure and use the best in class tools and managed services that can support end customers’ services, in a fully protected network environment.
“WeDo is pleased that TPx has joined our roster of clients in the U.S,” said Thomas Steagall, Vice President North America and Caribbean, WeDo Technologies. “By recognizing the challenges that new digital networks and services are posing to their legacy fraud prevention solutions, TPx is taking a proactive approach to protecting themselves from potentially expensive and wide-ranging threats that may be difficult to contain, as we’ve seen from the increasing occurrence of ransomware attacks.”
WeDo Technologies provides a simpler, faster, smarter approach to managing telecom fraud.
RAID FMS enables CSPs to gain a holistic view of fraud by monitoring internal and external information from a single platform. The WeDo Technologies’ Fraud Management software system is a flexible application that runs on top of WeDo’s RAID Platform, enabling CSPs to integrate siloed data sources, as well as accommodate different strategies and operational requirements for diverse portfolios and product lines across the entire organization.
RAID can help stop losses from fraudulent activity, before they occur. By combining multiple detection methods – a hybrid rule based approach and machine learning – CSPs get greater accuracy and better predictive performance. RAID is available on-premise, as a managed service and via the Cloud. Visit RAID.Cloud for a free 60 day trial.
Large digital security breaches are a common occurrence in the corporate world today. The latest breach, experienced by consumer credit reporting agency Equifax, follows a trend of troubling hacks that have played out across the globe this year. It seems adversaries will stop at nothing to evolve their threats, move with even more speed, and find new ways to widen their operational space.
Equifax chief executive Richard Smith said his company “will make changes” after a massive security breach in July that may have exposed the data of up to 143 million people, he said in an opinion piece in USA Today on September 12. Smith said the company first learned of the breach on July 29, but didn’t go public with the information for six weeks because “we thought the intrusion was limited.”
Smith described the hack as the “most humbling moment” in the company’s 118-year history. Founded in 1899 and based in Atlanta, Georgia, it is the oldest of the three largest American credit agencies along with Experian and TransUnion. “We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again,” Smith wrote, promising to “make changes and continue to strengthen our defenses against cyber crimes.”
The company has been highly scrutinized for its handling of the data breach, which compromised the personal information of as many as 143 million Americans. Residents in the United Kingdom and Canada were also impacted. After detecting the breach, Equifax waited six weeks before it notified the public in early September. Rather than informing people whose data had been compromised, the company set up a website that wasn’t ready for days.
Yahoo experienced similar scrutiny when it dealt with massive data breaches. The company announced in September 2016 that hackers in 2014 had stolen data from more than 500 million of its users’ accounts. Yahoo then announced in December 2016 another breach dating back to 2013 in which over a billion users had their data stolen. The US Securities and Exchange Commission opened an investigation into whether Yahoo should have informed investors sooner about the breaches.
To make up for its failure to protect users’ data, Equifax, which rakes in around US$ 3.1 billion in annual revenue, offered free credit monitoring services to its customers. But the company was criticized for requiring those who enrolled for the offer to waive their right to sue the company. Soon enough, Equifax backtracked on the requirement, allowing customers to sue the company if they sent it in writing within 30 days.
Nevertheless, Equifax has been forthcoming about the wider issue of cybersecurity and the need for change. Smith acknowledged some of the company’s problems in his article, admitting that consumers and media have raised “legitimate concerns” about the services Equifax offered and the operations of its call center and website. “We accept the criticism and we are working to address a range of issues,” he said.
Smith said the company is now committed to doing everything it can to support those affected by the breach. “Our team is focused on this effort and we are engaged around the clock in responding to millions of inquiries from consumers,” he said. Equifax has warned, however, that credit card numbers of around 209,000 people have been exposed, in addition to “personal identifying information” on roughly 182,000 customers involved in credit report disputes.
Prior to Equifax’s data breach, Time Warner-owned US TV network HBO was the latest major corporation to fall victim to hackers. HBO confirmed on July 31 that a whopping 1.5 terabytes of material had been stolen – a significantly larger amount than the 200 gigabytes stolen from Sony Pictures in 2014. Similar to Equifax’s breach, HBO’s hackers obtained potentially sensitive information, including employee data and even access to internal corporate emails.
The string of corporate hacks this year, including the global “WannaCry” ransomware attack in May and the subsequent “Petya” attack in late June, represent a chilling trend taking place all over the globe, in which cyber hackers are finding more avenues to infiltrate even the most seemingly protected organizations, by findingnew ways to widen their operational space.
An ever-evolving threat
Hackers today have more tools at their disposal than ever before. They also have a keen sense of when to use each one for maximum effect. In Cisco’s Annual Cybersecurity Report 2017, it explains how the explosive growth of mobile endpoints and online traffic work in favor of cyber hackers. Adversaries have more space in which to operate, the report claims, and more choices of targets and approaches.
It may not be possible to stop all attacks, the report says, but you can minimize both the risk and the impact of threats by “constraining your adversaries’ operational space and, thus, their ability to compromise assets.” Cisco suggests that companies should simplify their collection of security tools by integrating them into an automated architecture to streamline the process of detecting and mitigating threats. That leaves companies with more time to address more complex and persistent ones.
According to Cisco’s 2017 Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, the report says, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach.
Take Yahoo for instance: Following the shocking revelation that 1.5 billion of its users accounts were hacked on two separate occasions, the company was forced to slash the price of its core internet business in the sale to US telecom giant Verizon by $350 million. Yahoo is also in the midst of lawsuits related to the way the hacks were handled. In an effort to diffuse the situation and make up for damage to its reputation, Yahoo announced that it would not award CEO Marissa Mayer a cash bonus for 2016.
The Cisco study found that nearly a quarter of the organizations that have suffered an attack lost business opportunities, and four in ten said those losses were substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue. When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent).
The report once again emphasizes the importance of companies focusing their resources on reducing their adversaries’ operational space if they want to avoid the aforementioned consequences. As a result, attackers will find it difficult to gain access to valuable enterprise resources and to conduct their activities without being detected. Automation, the report says, is essential to achieving this goal.
Automation helps companies to understand what normal activity is in the network environment, so they can focus their resources on more significant threats. Simplifying security operations, the report says, is the most effective way of eliminating adversaries’ unconstrained operational space. Unfortunately, most organizations are using more than five solutions from more than five vendors, according to the study, creating a complex web of technology, which can be a recipe for less, not more, protection.
Qualcomm has joined AT&T, Nokia, IBM, Palo Alto Networks, Symantec and Trustonic as part of the IoT Cybersecurity Alliance formed earlier this year. The purpose of the group is to collaborate and pool together collective capabilities and resources to tackle emerging security challenges in the Internet of Things (IoT).
With over 1.5 billion IoT devices shipped using its chips, Qualcomm brings to the Alliance expertise in comprehensive security solutions rooted on hardware, for a wide array of edge devices including wearables, voice and music, connected cameras, robotics and drones, home control and automation, home entertainment, and commercial and industrial IoT.
“Robust IoT security needs to be built into the silicon that powers edge devices. A solid IoT security approach requires a combination of hardware-based security features tightly integrated with the software, communication protocols, applications and the cloud,” said Seshu Madhavapeddy, vice president, product management, IoT, Qualcomm Technologies, Inc.
“We are pleased to work with other members of the IoT Cybersecurity Alliance to support the IoT ecosystem, sharing best practices that help to protect consumers and businesses adopting IoT technologies,” Seshu added.
The IoT Cybersecurity Alliance brings together leading security providers and IoT experts to research and raise awareness of best practices for securing the growing IoT ecosystem. The Alliance’s mission is to advise businesses and their customers as well as to educate the industry on the cybersecurity measures needed to help create a safer IoT ecosystem that fosters collaboration and advances technologically secure IoT innovation.
Alliance members are raising awareness around IoT security at the endpoint, network, cloud and application layer, using overarching threat analytics to study the IoT ecosystem. The Alliance advocates for an “always-on” security approach.
More than a dozen tech giants in the United States, including Verizon, Facebook, Snap, Twitter and Alphabet’s Google, have filed a 44-page brief with the Supreme Court calling for tighter restrictions on government officials having access to private and sensitive cellphone data of individuals.
The move highlights an ongoing dispute in the US over whether authorities should have to obtain a warrant before accessing data that could reveal an individual’s location via their cellphone. More and more data is being collected through digital devices, the brief said; therefore greater protection is needed for individuals under the law.
The brief stated: “That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant.”
Timothy Carter, a man convicted of robbing Radio Shack and T-Mobile stories in Ohio and Michigan in 2013, appeared before the justices last June to hear his appeal that data was used to convict him without a warrant. Using “cell site location information” obtained from Carter’s wireless carrier, federal prosecutors were able to prove his location near several of the robbery sites.
Carpenter claims that the prosecutors didn’t obtain a warrant to access information about his whereabouts, which he said amounts to an unreasonable search and seizure under the US Constitution’s Fourth Amendment. But Carpenter’s convictions were upheld by a federal appeals court last year, who determined that no warrant was needed to access the data.
The debate over how much surveillance law enforcement and intelligence agencies should have over individuals is heating up in the US, amidst concern among lawmakers that authorities are ignoring warrant requirements to obtain private information.
Carpenter’s representative, Nathan Freed Wessler with the American Civil Liberties Union, said the brief by tech giants represents a “robust defense of their customers’ privacy rights in the digital age.” Carpenter’s case will be brought before the court some time after its new term begins in October, Reuters said.
Mr. Wessler highlighted the importance of Verizon’s role in the brief, given that, as the largest carrier in the United States, it receives thousands of requests for cellphone location records from authorities every year and just about always complies.
Civil liberties lawyers argue that in order to pursue an arrest, authorities need “probable cause” and therefore a warrant, to avoid searches that are unconstitutional.
People should be able to use technologies without running the risk of having their personal data taken without permission, the tech giants explain in their brief to the Supreme Court.
Kaspersky Lab researchers have detected new malware designed to steal the credentials of online banking customers. Earlier versions of the new malware, called NukeBot, were known to the security industry as TinyNuke, but lacked the features necessary to launch attacks. The latest versions however, are fully operable, and contain code to target the users of specific banks.
Although the appearance of a malware family in the wild is not unusual, the fact that criminals have a ready-to-attack version of the Trojan, means that soon they may initiate a wide-scale malicious campaign, to infect multiple users, Kaspersky claims. As an early warning to its customers and other users, Kaspersky Lab has published a brief analysis of the malware.
NukeBot is a “banking Trojan”. Upon infection it “injects” malicious code into the webpage of an online banking service displayed in a victim’s browser and then steals user data, spoofs their credentials, and more. According to Kaspersky Lab researchers, there are already a number of compiled samples of this Trojan in the wild – shared on underground hacking forums. Most of these are rough, barely operational malware drafts; however, the company’s experts have managed to identify some that pose a real threat.
Around 5% of all samples found by Kaspersky Lab were NukeBot’s new ‘combat versions’, which have improved source codes and attacking capacities. Among other things these versions contain injections – specific pieces of code, which mimic parts of user interface of real online banking services. Based on the analysis of injections, Kaspersky Lab experts believe the main targets of the new version of NukeBot are users of several French and US banks.
In addition, Kaspersky Lab researchers managed to detect several NukeBot modifications that didn’t have web injection functionality, and were designed to steal mail client and browser passwords. This means that developers of new versions may aim to widen the functionality of this malware family.
“While criminals behind recent versions of this malware currently are not actively distributing NukeBot, this may, and likely will, change very soon. We’ve already seen this before with some other malware families: after a short testing period of a ready-to-attack malware, criminals start distributing it widely through infected websites, spam and phishing,” said Sergey Yunakovsky, security expert at Kaspersky Lab.
“So far we have seen NukeBot versions which are ready to attack the customers of at least six banks located in France and the US, however this list of targets looks like only the beginning,” Sergey added. “The goal of our brief research is to warn the banking community and online banking customers about a potentially emerging threat. We urge interested parties to use the results of our research in order to protect themselves from this threat in advance.”
Gulf Air recently revealed a cybersecurity step-change as part of an ongoing campaign to safeguard its operations and deliver industry-leading customer service. The national carrier of the Kingdom of Bahrain has reinforced its network perimeter to pre-empt and combat Distributed Denial-of-Service (DDoS) attacks, improve data centre and application-level security and further enhance data and access protection measures.
A key component of Gulf Air’s DDoS strategy is the deployment of the F5 DDoS Hybrid Defender. Gulf Air was keen to select a solution with an industry-leading, multi-layered defense mechanism against both blended network attacks and sophisticated application attacks.
The DDoS Hybrid Defender’s features include full SSL decryption, anti-bot capabilities, and advanced detection methods. This ensures high line rate capabilities without impacting legitimate traffic. Crucially, the solution is compatible with Gulf Air’s current perimeter security controls to minimize maintenance efforts.
“Combating DDoS attacks requires a purpose-built system-level architecture that detects and mitigates increasingly sophisticated, complex and deceptive attacks,” said Dr. Jassim Haji, Director of Information Technology, Gulf Air.
“The solution delivers instantaneous controls and security measures against complex threats, exploits, saturation attacks, with an in-depth security mechanism that inspects application-layer events. It offers protection at all layers, protecting protocols – including those employing SSL and TLS encryption – as well as stopping DDoS bursts, randomized HTTP floods, cache bypass, and other attacks that can disrupt Gulf Air’s critical applications.”
Gulf Air’s new DDoS capabilities fit into a wider digital transformation vision that was recently underscored by becoming the world’s first airline to achieve seven IT ISO certifications. In 2012, it became the first business in Bahrain to introduce private cloud computing.
Technology is at the forefront of Gulf Air’s recent resurgence which has been driven by a number of major cost saving initiatives. The airline is thriving by deploying state of the art technological solutions according to the latest trends that swipe the aviation industry, and has been awarded in several international and regional forums.
Other Application Delivery Controller (ADC) solutions in use include F5 BIG-IP Local Traffic Manager (to simplify, automate, and customize application delivery) and F5 BIG-IP Access Policy Manager (a flexible, high-performance access and security solution that provides unified global access to applications and the network). In addition, F5 BIG-IP Link Controller manages and reroutes connections based on link type and quality, ensuring a better user experience and reducing downtime.
As well as improving overall operational efficiency and slashing total cost of ownership (TCO), F5’s solutions will scale to handle Gulf Air’s future growth trajectory, enabling the airline to tap into the benefits of emerging technologies such as Software-Defined Networking (SDN) and Software-Defined Storage (SDS).
Gulf Air currently runs over 200 applications online supported by F5 technology, including email services, reservation systems and enterprise resource planning (ERP) and Electronic Flight Bag, eEnablement setup for newly introduced aircrafts.
“We made a strategic decision to partner with F5 because they are consistently ranked as one of the top leaders in enterprise security,” said Dr. Haji. “F5 has also successfully provisioned crucial services to our users and customers in an efficient and secure manner for the past eight years. We are now proud to announce that we can protect the Gulf Air network from possible threats that are initiated from legitimate secure traffic based on behavior, rather than relying on traditional security measures.”
Russia’s interior ministry recently said nine individuals has been detained who are alleged to be part of a cybercrime organization accused of stealing some $17 million from bank accounts.
A nationwide search was implemented to find the 50-strong hacker group in Russia. An operation was launched by the FSB security agency last year, to track down the hackers that pilfered more than one billion rubles ($16.8 million) since 2013, according to a statement.
“Nine individuals suspected of participating in hacking attacks were detained on January 25,” said ministry spokesperson Irina Volk. One of the individuals was reportedly placed under arrest. In total, 27 member and organizers are being investigated, with 19 of them now under arrest, said the ministry.
According to reports, the latest arrests are connected to a case against legendary hacking collective ‘Lurk’ that was targeted by law enforcement agencies last year. Russian cybersecurity firm Kaspersky said the group was reportedly suspected of stealing some three billion rubles from commercial organizations including banks.
Russian hacking is in the global spotlight following the country’s alleged involvement in cyber-attacks targeting the US presidential election campaign. However, experts say the vast majority of cybercrime is not politically motivated but financial.
What’s more, the FSB itself is currently involved in a scandal that has seen at least two of its cybersecurity experts arrested for treason linked to the United States, according to a lawyer involved in the case. The treason case saw the arrest of Ruslan Stoyanov – the head of Kaspersky’s cybersecurity unit that probed ‘Lurk’.