Displaying items by tag: cyber security
Go Ignite, an alliance of the world’s leading telcos including Orange, Deutsche Telekom, Singtel and Telefonica, announced the winners on Sept. 11 of the second global search for startups that offer the most innovative solutions for three key technologies including Consumer Experience Artificial Intelligence, Connected Homes, and Internet of Things (IoT) Cyber Security.
Consumer Experience AI refers to the use of new technology to provide personalized or new forms of customer support. Connected Homes are solutions that use software and/or hardware to automate and remotely control home appliances with ease, while IoT Security leverages new technologies to keep smart vehicles, homes and cities safe.
The winners include Sparkcognition and NanoLock Security for IoT Cyber Security; Cujo and Vayyar Imaging for Connected Homes, and SafeToNet for Consumer Experience AI. The startups will have the opportunity to form business partnerships with the four telcos and tap into the alliance partners’ collective mobile subscriber base of over 1.2 billion mobile phone subscribers across five continents.
Axel Menneking, managing director of Deutsche Telekom’s hub:raum, said the telco alliance received “numerous applications from strong teams.” The five winners, he said, were able to “convince us with their ideas on artificial intelligence and security issues. The topics range from helping to protect children from bullying, protect critical infrastructure, and secure management platforms. I'm sure these teams will be doing good pilots with us and the other three telecom companies.”
The winners are attending a two-day workshop in Madrid to help them refine their solutions and sharpen their business strategies. In addition, each start-up will receive support including access to mentoring and expertise, co-working space and invitations to community events and networking opportunities.
“For us and our partners we have a firm belief that working collectively and in an open manner with the start-up community is critical to accelerate our innovation in these three key areas,” said Bertrand Rojat, Deputy Director of Orange’s Technocentre. “These are exciting times and we are delighted to be working with these ‘scale-ups’ to jointly deliver something truly remarkable to our customers.”
Go Ignite is an alliance aimed at connecting the start-up ecosystems across Asia, Africa, Europe, Latin America and the Middle East. The Go Ignite global call for start-ups encourages teams world-wide to enter their projects into any one of the categories identified by the alliance to be of strategic interest.
“This marks the continuation of our strong support in working with startups and other telcos to find and grow the next disruptive idea,” said Mrs. Ana Segurado, Global General Director, Telefónica Open Future. “It´s open innovation initiatives built with partners such as Go Ignite that truly creates the right framework to develop the business of the startups.”
‘Petya’ is the second global ransomware attack to occur in just two months following the infamous WannaCry attack in May 2017. Companies around the world have been crippled by the latest Petya attack, which first appeared on June 28. The Ukraine government was severely hit, as were banks and electricity grids, and other companies in France, Denmark and the State of Pennsylvania.
The Petya attack comes just months after the WannaCry attack that took place over the weekend of May 12, causing data to be encrypted with a claim for payment. WannaCry was a malicious program that affected smartphones and computers, encrypting and locking data so that it could not be accessed until payment was made. The attack hit the UK’s NHS, Spanish telecoms giant Telefónica, and other businesses and institutions around the world.
This time, victims of the latest Petya attack were left unable to unlock their computers even if they paid the ransom to the hackers. Their computers displayed a message demanding a $300 bitcoin ransom. Those who paid were asked to send confirmation of payment to an email address, according to a report by The Guardian, but that email address was been shut down by email providers.
German email provider Posteo said in a blog post: “We do not tolerate any misuse of our platform.” This means that there was no longer a way for those with infected computers to pay the ransom to potentially obtain a decryption key to unlock their computer and save their information.
The Petya virus began circulating on June 28 and quickly spread around the world, mainly infecting businesses and government agencies and departments in Ukraine and Russia at first. The malware itself appears to be a straightforward ransomware program, according to Becky Pinkard, vice president of Service Delivery and Intelligence Operations at security firm Digital Shadows.
“Once infected, the virus encrypts each computer to a private key, rendering it unusable until the system is decrypted,” she said. “The program then instructs the user to pay the $300 ransom to a static Bitcoin address, and then email the bitcoin wallet and personal ID to the email address, which is now blocked.”
There is some confusion over the origins and nature of Petya, with some reports suggesting there are similarities to WannaCry and that it utilizes the EternalBlue SMBv1 worm functionality, Pinkard adds. “More work is needed to investigate the way the virus propagates,” she said. “In the meantime, businesses are urged to ensure their software is up-to-date and all files backed up.”
The Guardian said after the attack was first reported in Ukraine, the radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. The nation suffered from attacks on the government, banks, state power and utility, and Kiev’s airports and metro system.
Other major firms to feel the brunt of the Petya attack include food giant Mondelez, legal firm DLA Piper, Danish shipping and transport company AP Moller-Maersk, and Heritage Valley Health System, which runs hospitals and healthcare facilities in Pittsburgh, Pennsylvania. Maersk had all of its business units affected, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers.
In addition, public relations firm WPP said the computer systems at several of its subsidiary companies had been affected by Petya. The company said it was “assessing the situation and taking appropriate measures” to counter the attack. In an internal memo to staff, one WPP branch claimed it was the target of “a massive global malware attack, affecting all Windows servers, PCs and laptops.”
According to some security experts, the Petya attack showed signs of being an “updated variant” of a virus known as Petya or Petwrap, a ransomware that locks computer files and forces users to pay a designated ransom to regain access to the computer. However, analysts at Kaspersky Labs claim the latest attack is “a new ransomware that has not been seen before.”
In a statement Kaspersky Labs said the company’s analysts are “investigating the new wave of ransomware attacks targeting organizations around the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported, but a new ransomware that has not been seen before. That is why we have named it NotPetya.”
Organizations in Russia and Ukraine were “most affected” by the attack, Kaspersky claims, and hits were also registered in Poland, Italy, Germany, the UK, the US, and several other countries. “This appears to be a complex attack which involves several attack vectors,” the statement adds. “We can confirm that a modified EternalBlue exploit is used for propagation at least within the corporate network.”
The EternalBlue exploit is a tool originally discovered by the US National Security Agency (NSA) which kept the virus on file as a potential tool to use for surveillance or other issues. It was compromised when a group of hackers, known as Shadow Brokers, in April 2017 released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability. The virus could only affect Windows computers run by Microsoft.
Microsoft lashed out at the NSA and other spy agencies for stockpiling vulnerabilities instead of reporting them to computer companies to be fixed. The danger of stockpiling digital weapons has prompted calls for a “Digital Geneva Conventions” to govern their use.
Microsoft released a software update in March 2017 that would protect users against the vulnerability for operating systems such as Windows XP and Windows Server 2003, but it soon became apparent that many people didn't bother to update their computers, thus exposing computers to the WannaCry attack.
Symantec cyber security experts said they had confirmed that the ransomware used in the Petya attack was using the same EternalBlue exploit as WannaCry. In order for Petya to spread within companies that installed the patch to protect themselves against WannaCry, it appears to have other ways of spreading quickly within an organization, by targeting the network’s administrator tools.
Who’s to blame?
Ukraine has suffered from a range of hacking attempts on state websites in late 2016 and the Petya attack is yet another blow for Ukraine. Prime Minister Volodymyr Groysman said the attack was “unprecedented” but said vital systems were not affected. “The attack will be repelled and the perpetrators will be tracked down,” he said.
The nation’s main airport was temporarily closed following the attack as well as the metro system. The central bank claimed the attack was the result of an “unknown virus”. In a statement it said: “As a result of these cyber-attacks, these banks are having difficulties with client services and carrying out banking operations.”
Russia has been blamed for previous cyber-attacks against Ukraine in the past, including an attack on the nation’s power grid at the end of 2015 that rendered part of western Ukraine temporarily without electricity. However, Russia firmly denied any involvement.
Preventive measures alone can’t keep up with the fast-evolving nature of ransomware attacks and as the Petya attack highlights, there are many ways for an infection to enter an organization, says Steven Malone, director of security product management at Mimecast, an international company specializing in cloud-based email management for Microsoft.
“It’s vital you regularly backup critical data and ensure that ransomware cannot spread to backup files,” he says. “Ransomware can take time to encrypt large volumes of files, particularly across a network share. It is imperative to ensure your back-up window is long enough to go back before any infection begins.”
The new Petya outbreak once again highlights the disruptive power of ransomware like never before. The fight against cyber-attacks has seen protection spending rapidly increase around the world, with the global cyber security market estimated to be worth some $120 billion this year.
Cisco and IBM Security have announced they are working together to address the growing global threat of cybercrime. In a new collaboration, Cisco and IBM Security will work closely together across products, services and threat intelligence for the benefit of customers.
Cisco security solutions will integrate with IBM’s QRadar to protect organizations across networks, endpoints and cloud. Customers will also benefit from the scale of IBM Global Services support of Cisco products in their Managed Security Service Provider (MSSP) offerings.
The collaboration also establishes a new relationship between the IBM X-Force and Cisco Talos security research teams, who will begin collaborating on threat intelligence research and coordinating on major cybersecurity incidents.
One of the core issues impacting security teams is the proliferation of security tools that do not communicate or integrate. A recent Cisco survey of 3,000 chief security officers found that 65 percent of their organizations use between six and 50 different security products. Managing such complexity is challenging over-stretched security teams and can lead to potential gaps in security.
The Cisco and IBM Security relationship is focused on helping organizations reduce the time required to detect and mitigate threats, offering organizations integrated tools to help them automate a threat response with greater speed and accuracy.
“In cybersecurity, taking a data-driven approach is the only way to stay ahead of the threats impacting your business,” said Bill Heinrich, Chief Information Security Director, BNSF Railway. “Cisco and IBM working together greatly increases our team’s ability to focus on stopping threats versus making disconnected systems work with each other. This more open and collaborative approach is an important step for the industry and our ability to defend ourselves against cybercrime.”
Integrating threat defenses across networks and cloud
The cost of data breaches to enterprises continues to rise. In 2016, the Ponemon Institute found for companies surveyed the cost was at its highest ever at $4 million - up 29 percent over the past three years.
A slow response can also impact the cost of a breach –incidents that took longer than 30 days to contain cost $1 million more than those contained within 30 days. These rising costs make visibility into threats, and blocking them quickly, central to an integrated threat defense approach.
The combination of Cisco’s best-of-breed security offerings and its architectural approach, integrated with IBM’s Cognitive Security Operations Platform, will help customers secure their organizations more effectively from the network to the endpoint to the cloud.
As part of the collaboration, Cisco will build new applications for IBM’s QRadar security analytics platform. The first two new applications will be designed to help security teams understand and respond to advanced threats and will be available on the IBM Security App Exchange.
These will enhance user experience, and help clients identify and remediate incidents more effectively when working with Cisco’s Next-Generation Firewall (NGFW), Next-Generation Intrusion Protection System (NGIPS) and Advanced Malware Protection (AMP) and Threat Grid.
In addition, IBM’s Resilient Incident Response Platform (IRP) will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid's threat intelligence, or detonate suspected malware with its sandbox technology. This enables security teams to gain valuable incident data in the moment of response.
“Cisco’s architectural approach to security allows organizations to see a threat once, and stop it everywhere. By combining Cisco’s comprehensive security portfolio with IBM Security’s operations and response platform, Cisco and IBM bring best-of-breed products and solutions across the network, endpoint and cloud, paired with advanced analytics and orchestration capabilities,” said David Ulevitch, SVP and general manager, Cisco Security.
Threat intelligence and managed services
IBM X-Force and Cisco Talos research teams will collaborate on security research aimed at addressing the most challenging cybersecurity problems facing mutual customers by connecting their leading experts. For joint customers, IBM will deliver an integration between X-Force Exchange and Cisco’s Threat Grid. This integration greatly expands the historical and real-time threat intelligence that security analysts can correlate for deeper insights.
For example, Cisco and IBM recently shared threat intelligence as part of the recent WannaCry ransomware attacks. The teams coordinated their response and researchers exchanged insights into how the malware was spreading. They continue to collaborate on the investigation to ensure joint customers, and the industry have the most relevant information.
Through this expanded collaboration, IBM’s Managed Security Services team, which manages security for over 3,700 customers globally, will work with Cisco to deliver new services aimed at further reducing complexity. One of the first offerings is designed for the growing hybrid cloud market. As enterprise customers migrate security infrastructure to public and private cloud providers, IBM Security will provide Managed Security Services in support of Cisco security platforms in leading public cloud services.
In order to help tackle the serious threats posed to network security, ETSI, officially recognized by the European Union as a European Standards Organization, will stage a comprehensive week-long event devoted to this increasingly crucial subject.
Many respected cybersecurity experts from around the world will be participating in the 2017 ETSI Security Week, which will take place from 12-16 June at the organization’s headquarters in Sophia Antipolis, southern France. This is the third year in succession that ETSI has staged the Security Week.
This year’s event will see representatives from a broad range of sectors involved in the presentations and panel discussions. Among these will be BNP Paribas, Bosch, Deutsche Telecom, Ericsson, Ernst & Young, Gemalto, Huawei, Intel, ISO, NEC, Nokia Bell Labs, NTT Docomo, and Thales. The agenda will cover the numerous preventative measures that need to be taken and detail sophisticated mechanisms which must be put in place to protect valuable data from cybercrime and industrial espionage.
Much of the activity will focus on addressing issues that are being raised by the latest technological advances - such as the expected massive increase in the number of connected devices and how security procedures will be impacted by the roll-out of 5G mobile technology.
A particular focus will be given to the new types of threats made possible by the virtualization of network functions with the adoption of NFV, and the means to mitigate them. Attention will then turn to the pivotal role that standardization is going to have in supporting international legislative guidelines and interoperability. There will also be an opportunity to share experiences one year after the eIDAS regulation has entered force.
“Building on the success of the previous two gatherings, in 2015 and 2016, the core objective of the ETSI Security Week will be to provide a platform for detailed dialogue on how best to safeguard the telecom and data communication networks of the future from security breaches. The event underlines the proactive stance being taken by ETSI in this area and how our vision of a standards-based structural framework will help encourage collaboration and alleviate the financial impact that cyberattacks have on the digital economy,” states Charles Brookson, chairman of ETSI TC CYBER.
“It offers an ideal opportunity for attendees to converse with leading authorities in cybersecurity, exchange ideas and gain real insight into the challenges that lie ahead – and their potential solutions.”
Facebook-owned application WhatsApp introduced end-to-end encrypted messaging last year, and while it was received well by the general public, security implications have made it a difficult ride for the company. In January, a report revealed vulnerabilities in the messaging service that could allow Facebook and others to intercept and read WhatsApp messages. Experts are now calling into question the security of encrypted messaging services.
WhatsApp introduced full encryption for its services in March 2016 as a means of ensuring that only the sender and the receiver could view messages being sent via the app. The new privacy feature applied to everything that is uploaded within a WhatsApp chat, including photos, videos and group messages. WhatsApp says end-to-end encryption prevents content and calls from “falling into the wrong hands.”
"Every day we see stories about sensitive records being improperly accessed or stolen," the company said in a blog post at the time. "And if nothing is done, more of people's digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities.”
Written in WhatsApp’s ‘Security’ section on the app it reads: “Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them.”
That all sounded great until security researcher Tobias Boelter discovered a WhatsApp security loophole which he reported to Facebook in April 2016. Boelter discovered a vulnerability that could potentially allow the company to read messages sent via WhatsApp and also provide government agencies a “backdoor” to access messages of people who believe their messages to be secure. Facebook said it was aware of the issue and that it wasn’t pursuing a solution because it was “expected behavior”.
The loophole has been described by security experts as an acceptable “tradeoff” that allows WhatsApp to be easy to use on a daily basis. The risk to majority of users is said to be “remote” since the vulnerability only allows for targeted surveillance of individuals or groups of individuals at specific times, as opposed to a large scale mass surveillance of WhatsApp users worldwide.
The vulnerability centers on the generation of unique security keys in WhatsApp’s end-to-end encryption, using the acclaimed Signal Protocol, developed by software organization Open Whisper Systems which maintains an encrypted communications application called Signal. These security keys are traded and verified between users to guarantee communications are secure and cannot be intercepted by someone in the middle. However, Boelter discovered it’s not that simple…
WhatsApp, he claims, is able to force the generation of new encryption keys for offline users, which the user and sender of the message would be unaware of, and make the sender re-encrypt messages with new keys and send them again for any messages that have not been flagged as delivered.
This change in encryption is unknown to the recipient, and the message sender is only made aware if they have opted-in to encryption warning in WhatsApp settings, but this is only after the message has been delivered. This process of re-encrypting and re-broadcasting previously undelivered messages could potentially allow WhatsApp to intercept and download messages that were intended to be sent privately.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” says Boelter.
The vulnerability is not necessarily an issue related to the Signal Protocol, because Open Whisper Systems’ messaging app, Signal, does not share the vulnerability. If a message recipient using Signal changes the security key while offline, for example, the sent message will not be delivered and the sender will receive notification of the change in security keys without the message being automatically sent. This differs to WhatsApp, which automatically resends an undelivered message with a new key without warning the user.
The loophole has been verified by other security experts, such as Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organization for Human Rights, who says, “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”
WhatsApp responded in a statement insisting it “does not give governments a ‘backdoor’ into its system and would fight any government request to create a backdoor.” The controversy adds to a growing list of privacy issues for WhatsApp ever since it was acquired by Facebook in 2014 for $22 billion.
After the recent March 22 Westminster attack in London, the British Government said it wants its security services to have access to all encrypted messaging applications such as WhatsApp, as it was revealed that the app was used by the attacker to send an encrypted message before the incident.
Home Secretary Amber Rudd told Sky News it was “completely unacceptable” that the police and security services were not able to access the encrypted WhatsApp service to see the message that was sent by the attacker. Rudd said: “You can’t have a situation where you have terrorists talking to each other – where this terrorist sent a WhatsApp message – and it can’t be accessed.”
The UK recently passed the Investigatory Powers Act which allows the government to intercept bulk data of users held by private companies, even without suspicion of criminal activity. According to a Guardian report, private companies can be forced to “maintain technical capabilities” that facilitate data collection through hacking and interception. Companies can also be made to remove “electronic protection” from data.
Some experts suggest WhatsApp’s exposed vulnerability could be a “gold mine for security agencies” and facilitate government interception of private citizens. Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy, says: “It’s a huge threat to freedom of speech, for it to be able to look at what you’re saying if it wants to.”
WhatsApp first came under fire for security reasons in August last year after updating its terms-of-service to begin sharing user phone numbers, profile data, status message and online status with Facebook for advertising purposes.
WhatsApp defended itself from the accusations, referring to an option for users to opt-out of the sharing portion of the terms-of-service. But that didn’t protect WhatsApp and Facebook from a Federal Trade Commission consent order, claimed EPIC, which requires companies to offer ‘opt-in’ consent to users before asking them to agree to new terms.
WhatsApp provided an opt-in option in a way, but it wasn’t clear enough how to access it. For instance, a user had to click “read” to view the terms-of-service agreement before the opt-in checkbox appears on screen.
Facebook and WhatsApp subsequently ended the sharing of user data in November last year after pressure from the European Union’s independent data protection authority Article 29 Working Party in October. The European Commission filed charges against Facebook for providing “misleading” information during the period before it acquired WhatsApp, following its data sharing change.
Securing the Internet of Things will drive New Kuwait 2035's national digital transformation, said one of the world's leading cyber security experts on the sidelines of his talk at KIACS Cyber Security in Kuwait.
New Kuwait 2035 outlines an ambitious agenda for driving diversified economic growth. Experts agree that nationwide digital transformation will serve as the foundation for public and private sector organizations to operate in real-time and deliver new business models.
"In Kuwait, public-private partnerships are vital for leveraging best practices in IT to secure the Internet of Things, and drive New Kuwait 2035's diversified economic goals. Using the latest tools, such as artificial intelligence and blockchain, security can be built into systems and processes to run live, and to secure edge infrastructure," said Justin Somaini, Chief Security Officer, SAP, who participated in the panel 'Futurecasting Cyber Security and Innovations in ICS".
As Kuwait's organizations embrace the Internet of Things, employees and customers need to use software and services from anywhere, any device, any time, with confidence and trust. Cyber security is vital, along with hyper-connectivity, super-computing, a smarter world, and the cloud.
"While digital transformation is intensifying security risks, machine learning and deep learning are fueling cyber security analytics that can automatically detect and respond to a cyber-attack before it can jeopardize information, systems -- and businesses. Kuwait's government, healthcare, and energy sectors have the strongest potential for rapidly adopting these kinds of emerging cyber security solutions to protect sensitive data," added Justin Somaini.
Today, everything is online. The internet is where people go to book flights, go shopping, complete banking transactions, socialize, and so much more. It has provided a world of profound convenience and happiness for people. The only downside is that we’ve become too comfortable with uploading sensitive information which has created a field day for data theft and identity hackers. For instance, Yahoo announced in September 2016 that a massive hack on its network in 2014 saw 500 million of its user’s data breached. Yahoo then announced in December 2016 another breach of more than one billion user accounts that occurred in August 2013, separate and distinct from the previous hack.
"Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry," California-based Yahoo said in a release after the announcement of its 500 million user breach. "Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account.”
What’s so troubling about Yahoo’s recent announcement is that the company’s chief information security officer, Bob Lord, said the company hasn’t been able to determine how the data from the one billion accounts was stolen. Lord wrote in a post: “We have not been able to identify the intrusion associated with this theft. The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
The Yahoo incident highlights the vulnerability facing even the largest and seemingly most secure organizations around the world. Yahoo was reportedly alerted to the massive breach of accounts by law enforcement and is said to have examined the data with the assistance of outside forensic experts. The hacked data does not appear to include payment details or plaintext passwords, but it’s been reported that the hashing algorithm MD5 is no longer considered to be secured which is bad news for account holders.
The MD5 algorithm is a widely used hash function. The algorithm was designed to be used as a cryptographic hash function, but it has been found to suffer from “extensive vulnerabilities”. Some sources say the security of the MD5 has been “severely compromised” with its weaknesses having been exploited in the field.
The Yahoo hack shows just how seemingly innocuous bits of data obtained by cyber-attacks can be leveraged for profit and even potentially for espionage and information warfare. Yahoo’s breach is reportedly the largest on record.
John Dickson, from the security consultancy firm Denim Group, says while the Yahoo data breached by the cybercriminals is “a bunch of junk,” it still provides the opportunity to create a searchable database with information such as birth dates and phone numbers. For hackers seeking to make profit or commit industrial or state espionage, the personal data provides a world of opportunity.
Just look at the recent US presidential election hack for proof. One of the hacks was the Gmail account of Clinton campaign chairman John Podesta. Media reports said Podesta was tricked into revealing his password when he received a fake email. These kinds of attacks, according to security analysts, are often well-planned, and executed by gathering personal information from individuals, such as birth dates, passwords, etc – the very same information that was hacked from Yahoo’s users.
“If you’re trying to research and get information about a target, you’re going to use everything you can find,” says Dickson, who once was an officer at the Air Force Information Warfare Center. But what was the target of the Yahoo attack? Some believe that the Yahoo hack wasn’t necessarily financially focused. For instance, the Yahoo hackers did not collect credit card or social security numbers, which has led some analysts to the conclusion that there might’ve been motives other than money.
To make things worse, Yahoo is under intense scrutiny after admitting recently that some of its employees were aware of the theft of 500 million users’ data as early as 2014 – years before the company publicly acknowledged what had happened. In response to the breach, Yahoo reported that 23 consumer class action lawsuits have been filed in response to the breach. It is too early for the company to estimate monetary damages, but reports suggest that the hack has led to a loss of about $1 million so far.
Yahoo went into more detail about the hack in a filing in which it wrote, “In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the company could not substantiate the hacker’s claim. Following this investigation, the company intensified an ongoing broader review of the company’s network and data security, including a review of prior access to the company’s network by a state-sponsored actor that the company had identified in late 2014.”
News of Yahoo’s breach has been tough for American telecom operator Verizon to swallow. Verizon officially agreed to purchase Yahoo Inc's core internet business for $4.8 billion in July 2016. Purchasing Yahoo's operations was expected to boost Verizon's AOL internet business, which it bought in 2015 for $4.4 billion, by giving it access to Yahoo's advertising technology tools as well as other assets such as search, mail and messenger.
But when news broke that Yahoo’s user information had been breached, Verizon reportedly asked for a $1 billion discount, which wasn’t disclosed until after the September sale even though Yahoo CEO Marissa Mayer allegedly learned of the breach in July. In a filing by Yahoo, it said it has formed an independent committee to review “the scope of knowledge within the company in 2014 and thereafter regarding this access, the Security Incident, the extent to which certain users’ account information had been accessed.”
The controversy surrounding Yahoo’s data breach plays directly into the paranoia inflicting the United States right now over cybersecurity concerns in the US election campaign and the potential impact of hacked email accounts from people close to Democratic presidential candidate Hillary Clinton. On October 7, 2016, the U.S. government formally accused Russia of trying to “interfere” with the American presidential election, and promised to respond at an undisclosed time and place.
Could data be weaponized as a new tool used by governments to execute specific foreign policy agendas? James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think-tank, said in a blog post, “Espionage and geopolitical manipulation can now be easily achieved through cyber and information warfare from any adversary.”
Scott added: "Now, at least China, Iran, Russia, and Venezuela have funded political propaganda campaigns that digitally weaponized information by spreading disinformation and polarizing content throughout Western nations.” Scott further noted that the breaches affecting Clinton and the Democratic National Committee were "dangerous because they provide a context-less release of information to the public that breeds distrust and resentment."
There are fears among experts that attackers could mix real data with manipulated information to distort facts, creating further confusion and mistrust. Security firm InfoArmor came forward in September to say its analysis of the first Yahoo breach indicated that “professional” hackers had stolen the data, and had later sold it to a “state entity”. The firm said that the breach “opens the door to significant opportunities for cyber espionage and targeted attacks to occur.”
With data breaches becoming more common around the world, leaders are stepping up to protect their nations from cyber-attacks. Outgoing US President Barack Obama recently called for a broad review to be conducted into the Russian hacking scandal. Meanwhile, Russian President, Vladimir Putin has approved a broad-ranging cybersecurity plan which is specifically aimed at bolstering the country’s defenses against cyber-attacks from abroad, while it will also be utilized for cracking down on perceived foreign influence.
Indonesia has seen a flood of fake news spread across social media lately. The Southeast Asian nation officially announced on January 5 its intention to set up an agency that will combat the spread of fake news. One of the fake news stories recently spread through Indonesia, was a claim that China was waging biological warfare against the nation using contaminated chili seeds. Indonesia’s new cyber agency will seek to protect state institutions from hackers as well, according to presidential spokesman, Johan Budi.
The move to create the new agency in Indonesia was necessary, said Chief Security Minister Wiranto, in order to combat the flood of fake news on social media that was “slanderous, fake, misleading” and spreading “hate”. He said, “Freedom [of speech] is a right in democracy but there is also an obligation to obey the law.”
The new agency’s task will be to monitor news circulating online, particularly on social media, according to officials. The security ministry will oversee the operation, working alongside other government agencies.
The move to create the new agency came after Indonesia’s President Joko Widodo declared in a cabinet meeting in December 2016 his intention to combat the spread of fake news at a time when many Indonesians are getting online for the first time. There are reportedly over 130 million out of 255 million inhabitants now estimated to be online in Indonesia.
The most high-profile fake news story spread in Indonesia to date was a false claim that China was seeking to wage biological warfare against Indonesia, after a story was spread in December stating that four Chinese citizens were arrested for using imported chili seeds infected with bacteria on a farm south of Jakarta.
The fake news story forced the Chinese embassy in Jakarta to issue a statement insisting that the reports were “misleading and have caused great concerns”. Another fake news story involving China said that millions of Chinese workers had entered Indonesia to replace local ones. It comes as anti-Chinese sentiment is running high with Jakarta's ethnic Chinese governor standing trial for alleged blasphemy.
Indonesian internet expert Nukman Luthfie hopes that the new Indonesian agency will not breach people's privacy, but said it was too early to tell. "It would be really unfortunate if it was going to be used to monitor public discussions because that's people's right," he said.
The landscape of cybersecurity is always evolving, says David Francis, Huawei's European Cyber Security Officer. In an interview, Francis expressed the need for wider acceptance of the role each of us has to play in combating cybercrime.
He said a major pivot point in cybersecurity was in 2003 - a time which became known as the industrialization of cybercrime. Before that point, there were "small communities" doing what they called "digital marketing" but were actually releasing spam, Francis explains. It all changed when the Sobig Worm virus on the 18th August 2003 transformed cybercrime into an industry.
The Sobig Worm was a computer virus that infected millions of internet-connected, Microsoft Windows computers. The worm was released in variations, including Sobig.A and Sobig.B, released in January and May 2003, which were followed that year by Sobig.C, Sobig.D, Sobig.E and Sobig.F. The worm was most widespread in its Sobig.F variant as a Trojan horse virus that appeared as an electronic email. The virus "caused an estimated $50 million of damage in the United States alone," CNN reported in 2003.
"That was when these groups figured out how to make profit from cybercrime. It was the point where virus groups monetized the virus industry," said Francis. Until then, Francis had always been involved in network security, since about 1980. Prior to joining Huawei, he worked at Symantec as VP of Operations. In his current role as Huawei's European CSO, Francis is responsible for cybersecurity strategy for the Huawei Western European Region, plus the support of non-European territories that require ad hoc support or assistance.
Looking back, Francis said before the 2003 Sobig virus, attacks were for all sorts of reasons, but no one was making money from it. That was the point when virus groups figured out that if they could infect a machine, they could sell it to spammers, because the business model for the spammers was similar to the business model for those on the other side. They bought servers and bandwidth, space, storage and datacenters, etc. Their cost model for sending spam was similar to the cost model for the people defending against spam and viruses.
"After Sobig, the cost model changed massively because now the machines are almost free," Francis explained. "This led to the creation of the botnets," a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam. "That's when you started to get the industrialization of virus writers. Now, as the connected world has become even more connected, there is no segregation between what were traditional telecoms networks, and ICT networks. It's simply the connected world."
Changing people's mindset
Francis recently spoke at a Cyber Security Conference hosted by du, one of the UAE's leading telecom operators. The reasons Francis attends these forums is because he believes there is still a tendency to talk about ICT and cloud being a separate thing for people to worry about. There is a "common misconception that different groups of people should take care of cybersecurity," said Francis, and that you don't need to worry about it yourself.
"I call that failure. If we continue with that mindset, we are going to fail massively," he said. "It needs to stop being treated separately or things are never going to get better. One of my frustrations with the education system is that there is a tendency for universities to offer software development courses and then offer a separate cyber course. This needs to stop. If you are training bad software engineers, the problem is not going to get better."
If this trend continues, Francis explained, all we are doing is building a new industry called 'cyber-consultancy'. The result is an army of consultants earning big fees, but the problems are not being addressed because software engineers are not learning how to code safely. "We need to change the approach and we need to understand that cyber is no different to anything else," said Francis. Everyone needs to be trained to code properly - cyber needs to be built in from the start, not a separate part of the education.
"I think the name 'cyber' is a disadvantage because some people hear it and get scared by it," said Francis. "They hear the word and think it's something that needs to be pushed off for the IT team to deal with. This mindset needs to change. Huawei's founder, Mr. Ren Zhengfei, made a great statement about the fact that cyber is not about growth - it's about survival. If you can't conduct business in a secure manner, you can't conduct business full stop. It's about putting security ahead of short-term commercial interests, because if you don't, then you will have no long-term commercial interests."
Francis used an effective analogy to explain how lack of cybersecurity education for everyday citizens is contributing to a wider issue of increased risk. Growing up in East London during the 60s and 70s, Francis witnessed a tumultuous period for the auto industry in the UK. The issue was quality, he said. The approach that the British auto industry took was to station its best engineers at the end of the production line to check every car that came off. This concept proved to be ultimately inefficient and didn't solve the core issue.
The Japanese had a fundamentally different approach. Rather than having their best engineers checking cars after being built, the Japanese had their best engineers build the cars. They figured out that "if you're making cars out of second hand rusty tanks from the Korean War, the cars are going to end up rusty," Francis explained. "They made sure that the components - the bits going into the factory - were quality, and therefore, the cars coming out at the end will be higher quality. The Japanese won because of their ingenuity, and the UK car industry went into decline because they treated quality different to something as doing their day job."
The Japanese showed - as we need to do today - that lack of addressing the core issue is part of the problem we face today with cybersecurity. It shouldn't be "an extra part of peoples' role at work". It's everyone's job to make sure that their phone doesn't get hacked and that their personal material is kept safe. Security isn't somebody else's problem, Francis explained; it's your problem. "All of us need to participate, and understand our role, that we can have a positive impact on the security of all of our futures."
Focusing on Europe, and the issues of data sharing that have repeatedly been brought up by the European Commission, Francis said it once again comes down to education for the consumer. Data leakage has become a widespread issue today because the reality is that most data is given away for free by users who don't care or simply don't understand the risks. It's another example of the need for education, and the need for people to share in the responsibility of cybersecurity.
"One of the things the European Commission has got right is the right to be forgotten," said Francis. "When I was a kid, I could make mistakes and they were soon forgotten about. Today, I've got three children, and I worry that if my children make the same mistakes I made when I was younger, it could haunt them forever." The European Commission is driving people to consider what privacy really means in this digital age, says Francis.
IT security company, Cylance, which claims to be revolutionizing cyber security through the use of artificial intelligence to proactively prevent advanced persistent threats and malware, has expanded its international operations with the opening of an office in Singapore, and the appointment of three security industry veterans.
The move follows the US-based company’s entry into the Australian and Japanese markets. Cylance has also signed three new reseller partners in Singapore, including PTC System, PCS Security and Cohesion Network Technologies. It says these partnerships are the next step to expedite the growth and adoption of Cylance’s proactive and preventive artificial intelligence technology across the APAC region.
Mr Andy Solterbeck, Vice President of Cylance APAC said: “The commitment to expanding throughout the Asia-Pacific region follows a year of success and growth after our initial launch into Australia. We have seen rapid market adoption throughout the Australia/New Zealand region following the success of our tailored approach, evaluating the requirements for each country and then determining the best strategy for engaging that market. … This launch displays the first step in our commitment to the region and will be followed with an aggressive expansion.”
Mr Ban Leong Ang, will serve as the regional sales director for Cylance and will be responsible for the business expansion into Singapore. He previously held a position as country director at Oracle Singapore, where he was responsible for the systems line of business. Prior to that he was the Regional Director of McAfee Southeast Asia, where he grew the business more than 200 percent over five years before leading the government vertical for McAfee’s Asia Pacific and Japan division.
Mr Kelvin Wee has been appointed as a sales engineer for South East Asia and will leverage over 18 years of IT security experience. He joins Cylance from Hewlett Packard Enterprise, where he was the regional product management director for the ArcSight Solution suite, leading the long-term strategy as well as the technical partnerships in both Asia Pacific and Japan.
Mr Brian Tan has joined Cylance as a sales engineer for South East Asia, bringing to the role more than 15 years of professional experience in networking and security from his previous position at Cisco, where he dealt with various technologies including firewall, IPS, advanced malware on the network and endpoint and DNS security.
Cylance claims its approach to antivirus to be radically different to standard techniques in that its software runs in stand-alone mode: it does not require frequent updates with new virus and malware signatures in order to function. Instead it relies on an algorithm that has been designed and ‘trained’ to differentiate between normal and abnormal files.
Because the Cylance software is an algorithm performing mathematical calculations, it has a much smaller footprint than traditional antivirus software. It is claimed to use very little CPU and very little memory.