Cyber Security Archives - IT Security Guru

Guest blog: The death throes of the password? Key takeaways from the One Identity Infosecurity Europe survey

Guru's — Tue, 02 Aug 2022 14:21:23 +0000

By Dan Conrad, AD Security and Management Team Lead at One Identity

Authentication is one of the hottest topics in cybersecurity right now. As biometrics, MFA, and a range of other authentication methods continue to threaten the password’s supremacy, we thought it was worth finding out what industry professionals thought about it all.

So that’s what we did. At InfoSecurity Europe 2022, One Identity surveyed more than 100 security and IT professionals to get a picture of how businesses and their employees approach passwords and authentication.

When asked what they consider the biggest security threat to their business and 56 percent of respondents said they believed it to be users sharing passwords for admin tasks. If that isn’t an argument for passwordless authentication, we’re not sure what is. This was followed by 25 percent of respondents believing that the biggest security threat was users clicking on malicious links or opening rogue attachments. Collectively, this means that 80 percent of respondents believe that human error poses the largest threat to an organization’s security.

Interestingly, while the majority (62 percent) viewed educating staff as the most important factor in preventing cyber-attacks, a rapidly growing segment (30 percent) stated that adopting a zero-trust model was more important.

Moving on to multifactor authentication, we are met with some heartening statistics. 99 percent of respondents told us that their company had adopted MFA for remote access and 97 percent said that it was mandated. This confirms what we already knew – that the password as a standalone authentication method is obsolete.

When looking into users’ connections to passwords, we see some interesting results. While just over a quarter of respondents had an emotional connection to a password (28 percent), the majority said they had a favorite password (84 percent). We can infer from this that while most people don’t reuse passwords for sentimental reasons, they likely do for practical reasons. It is concerning that IT and security professionals, people who are more aware than anyone of the dangers of reusing passwords, persist in this bad habit.

This is yet another mark against the use of traditional passwords – if those in the know aren’t following best practices, how can we expect the layman to? The reality is modern users have so many accounts that it is no longer practical to create and remember a new password for everyone they set up. We’ll chalk this one up as another point in support of modern authentication methods, which eliminate these problems.

While it’s clear that users are reusing passwords, it turns out that most respondents are at least adding complexity to their passwords depending on a system’s importance (96 percent). Perhaps unsurprisingly, 76 percent saw banking or financial services as requiring a top tier password, but only 7 percent thought that work emails were deserving of the same protection. This may be an understandable perspective but doesn’t bode well for organizations that routinely share sensitive information through email.

Finally, we make it to how IT and security professionals are storing their passwords. Here, at least, we get some more heartening statistics:

65 percent of respondents said they used passwords managers, which is generally regarded as the safest and most convenient way to keep passwords
23 percent said they wrote their login details down somewhere, which, while not ideal, is safer than using one password across multiple accounts

We did, apparently, come across some cyber-savants claiming they could remember all their login details, but if anything, this suggests that they are reusing passwords for an alarming number of accounts.

The key takeaway here is that the password is on the way out. These results serve as further proof that traditional passwords by themselves are no longer fit for purpose – even leaders in the IT security space fail to follow best practices simply because it isn’t convenient. We’ve seen that businesses are implementing and mandating alternative authentication methods en masse, and it won’t be long before this trend trickles down to the rest of society.

The post Guest blog: The death throes of the password? Key takeaways from the One Identity Infosecurity Europe survey appeared first on IT Security Guru.

The cyber intelligence landscape is evolving

The Gurus — Fri, 27 Apr 2018 11:15:28 +0000

Written by Kristofer Mansson, CEO, Silobreaker

Driven by digital innovation, business operations have undergone a fundamental transformation over the past decade. And as businesses have moved forward, the fundamentals of cybersecurity have followed behind: What are the weak points in my security strategy? Who are the main threats to my operations? Where am I at risk of compromise? As the shift to a digital marketplace has gathered speed, so has the potential for exposure and the price of failing to secure key assets. The Internet of Things (IoT) is of particular concern in this sense, as it threatens to broaden attack surfaces across the board, especially in the industrial space.

Despite an ever-evolving threat landscape, many organisations remain fundamentally reactive, responding at the point of compromise rather than leveraging real-time intelligence to profile threats as they develop. This is unsustainable. By 2020 it is expected that 25% of cyberattacks will target IoT devices, many of which will be deployed across critical industrial environments. Data breaches have also increased year on year, and the total cost of cybercrime is set to exceed £4.2 trillion per annum by 2021. The time has come for the old approach to change. The requisite experience, knowledge and solutions now exist for cyber threat intelligence to ‘change the game’. Here’s how:

Shift the mindset and expand the viewpoint

The first step is to switch from a reactive stance to a proactive approach. Playing catch-up is always a sub-optimal outcome, not least because it leaves barely any resources for planning, meaning that the next big problem is often a surprise. To build on an existing security posture it’s vital to stay up-to-date, profile potential threats and evolve processes and strategies pre-emptively. While cyber vendors are often questioned and tested on their ability to deliver ‘actionable intelligence’, the reality is that many organisations don’t have any processes in place to action intelligence. Evolving intelligence needs cannot be met by the important but insufficient practice of simply adding malicious IP-addresses and other indicators of compromise to a SIEM-system or a TIP. The need for a more holistic approach to threat intelligence, beyond the technical parameters, is widely accepted, yet the traditional IT security industry is struggling to meet demand because they have hardly any experience speaking to the “why?” behind an attack. Finding unstructured insights in social media, paste sites, forums and similar sources from both the surface web and deep/dark web requires companies to turn to different intelligence solutions that are complementary to their existing threat intelligence tools.

Use the data that’s there

Excluding certain, specialised sources, access to data has never been easier. From a security perspective this is both a good thing and a serious concern. An openly available report on a vulnerability today could be leveraged to create the exploit of choice tomorrow, while a single, misplaced password or private key can lead to a devastating breach and huge losses. There is, however, also great potential for spotting emergent threats and transcending the catch-up game that consumes the time of analysts and researchers. The key is to recognise that intelligence is as likely to come from soft data as it is from structured threat information. Making the most of open sources involves processing the data, understanding its relevance to a certain use-case, and then acting on those findings before others do.

Support human analysis with automation

A 2018 SANS survey on the use of cyber threat intelligence noted that, as expected, most organisations are using a wide variety of external data sources, including public feeds, information sharing groups and security vendor reporting. More and more organisations are also recognising that broad attacker trends (76%) and information on vulnerability exploitation (79%) are essential for maintaining situational awareness. However, much of the analysis and intelligence ‘fusion’ taking place is still done manually, with a shortage of skills acting as a major impediment to properly utilising cyber threat intelligence. IOC feeds aren’t enough anymore; if problem is context, the solution is people, and automation, because collecting, processing and reporting on the amount of data in question is simply not human-scalable. Especially when it needs to be done at pace. Furthermore, not all organisations are looking for the same kind of intelligence. In our modern, interconnected world, cybersecurity concerns blend seamlessly into reputational risk and physical security. With no one-size-fits all solution, customisability is king and analysts need a tool that allows them to decide what kind of intelligence will enhance and protect their businesses.

This is what we mean by “changing the game”; altering an existing approach, based on appropriate investment in available technology and utilisation of existing resources. Intelligence platforms do the heavy lifting required to process, slice and visualise massive quantities of data in short order, allowing analysts to create contextually relevant and timely intelligence on a case-by-case basis. The truth is that cyber threats cannot be eliminated – but they can be mitigated, provided that the information is out there, and someone is looking.

The post The cyber intelligence landscape is evolving appeared first on IT Security Guru.

UK Govt Launches £20 million Initiative to get kids into Cyber

The Gurus — Mon, 20 Nov 2017 16:41:55 +0000

The UK Govt has today launched a £20 million program , to get schoolchildren interested in cyber security; the program is aimed at kids between 15-18.
Read Full Story
ORIGINAL SOURCE: BBC

The post UK Govt Launches £20 million Initiative to get kids into Cyber appeared first on IT Security Guru.

Predictive Analytics: Fad or the Future of Cyber Security?

The Gurus — Thu, 19 Oct 2017 10:13:27 +0000

They’re called superforecaster. A subset of human study volunteers who have an uncanny ability to predict the future better than the general populous. Who are these individuals?
According to The Washington Post, the superforecaster term was coined by University of Pennsylvania professor Philip Tetlock. His 20-year study — explained in detail in “Expert Political Judgment: How Good Is It? How Can We Know?” — found that the average person couldn’t predict the future. But the superforecasters could.
Were they geniuses? Clairvoyant? Not at all. While all were intelligent and educated, the superforecasters were only separated by a thirst for knowledge and the willingness to work hard to understand and analyse. Call it a blend of patience, probability and persistence.
So, what does this have to do about cyber security? Sought by meteorologists, market analysts, political leaders and military strategists, the ability to accurately predict actions or behaviours directly correlates to not only more successful outcomes, but also more efficient analysis of past events.
Predicting cyberattacks, data breaches
As global warfare and cybercrime move to the digital battlefield, it’s only natural for cyber security vendors to research and invest in predictive technology.
If you attended RSA or Black Hat this year, you certainly noticed nearly every vendor and speaker talked about machine-learning, artificial intelligence (AI) or predictive analytics. In fact, they were the buzzworthy terms at every convention this year.
This innovation, however, comes with cautions. And some reality checks. While most experts cited agree that AI-based solutions can cut down response times and help us learn from attack data, new challenges arise around data volume, raw processing power and threat actor parries, as well as the challenge of actually using the correct algorithm for the specific problem set.
AI in real-world applications
Predictive cyber security isn’t theory or science fiction. In fact, A10 Networks is collaborating with partner Cylance to better analyse encrypted traffic to address a variety of cyber threat vectors.
By taking a mathematical approach to malware identification utilising patent-pending, machine-learning techniques instead of reactive signatures and sandboxes, CylancePROTECT helps neutralise the threat of new malware, viruses, bots and unknown future variants.
Future A10 Networks systems will incorporate telemetry data from customer machines. The data streaming from these machines will be leveraged in conjunction with data from Cylance to more accurately and intelligently identify and predict incoming attacks. This unique approach — using event data and tying it to real-world attacks — will be a first in the industry.
“In order to keep up with modern attackers, security technologies need to evolve alongside them — without relying on human intervention,” says Cylance in a recent white paper. “That’s where math and machine learning have the advantage. If we can objectively classify ‘good’ files from ‘bad’ based on mathematical risk factors, then we can teach a machine to make the appropriate decisions on these files in real time.”
It should come as no surprise that humans are the weakest link to even the best-planned cyber security defences. While software and hardware can absolutely be manipulated, they have no pride, empathy or apathy to exploit. And it’s for this reason AI and other machine-learning innovations are critical in defending the most vulnerable security gap.
Threat actors will evolve, respond
Proven throughout history, attackers will evolve their skills and strategies to defeat new technology. This time will be no different.
Over the last two years, companies such as CrowdStrike, FlashPoint, Verizon and even the NSA have noted that attackers are using a combination of attack vectors to gain access to hardened systems.
Techniques such as combining a DDoS attack with a simultaneous spear-phishing campaign, with embedded malware using encrypted tunneling, are now commonplace. Attacker tactics are more sophisticated. Thus, those in defensive positions must be, too.
Olivier Tavakoli, the CTO of cyber security vendor Vectra Networks — which is also an A10 Networks partner — explains that nation-states, hackers and organised cybercrime groups will develop new vectors to defeat predictive capabilities.
“After several years spent trying to perfect predictive analytics, attackers will counter with feints and pattern randomisation,” Tavakoli says.
This is only natural. But it doesn’t mean that AI and predictive technology can’t help sway the momentum in the near term. He says that there is a place for advanced predictive solutions. We just need to be able to accurately recognise them for what they are and govern expectations accordingly.
By Mike Hemes, Regional Director, A10 Networks

The post Predictive Analytics: Fad or the Future of Cyber Security? appeared first on IT Security Guru.

Blockchain could have solved Dutch egg supply chain worries

The Gurus — Mon, 21 Aug 2017 09:58:22 +0000

As many as 15 European countries have been affected by the Dutch egg contamination, as well as others around the world. The Food Standard Authority (FSA)’s investigation is currently working hard to remove all contaminated products from UK supermarkets. Initially thought to have affected 21,000 eggs, this figure has now ballooned to over 700,000.
View Full Story
ORIGINAL SOURCE: Information Age

The post Blockchain could have solved Dutch egg supply chain worries appeared first on IT Security Guru.

Attacking critical infrastructure – the evolution of kinetic warfare

The Gurus — Fri, 11 Aug 2017 09:25:59 +0000

I said earlier in 2017 I believed it was quite possible that in 2017 a major cyberattack will occur in either the United States, the United Kingdom, or another friendly country that will require a response equivalent to a kinetic attack. In other words, a cyberattack will occur that will be looked on as an act of war. To date, despite the fact that cyberattacks can easily surpass kinetic attacks in both scope, magnitude and damage (both in the short and long term) we have not addressed such cyberattacks, planned for them, or developed long and short-term response policies.
I still believe this to be the case, the world has not got any safer following a host of geopolitical events, ranging from missile launches by North Korea through to Russian interference in elections such as this year’s French presidential election. This continues to mean cyber is being used as a weapon by nation states especially.
Indeed, we’ve seen an uptick in recent months of attacks focusing on various critical infrastructure around the globe. These attacks have targeted financial organisations, election infrastructure, and various utilities including oil and gas companies, payment systems, electric grids and governments.
The UK in a report this year from the UK’s General Communications Headquarters (GCHQ), and the national Cyber Security Centre (NCSC) stated that hackers are targeting the UK’s energy sector. Similar concerns have been raised by countries from around the world, notably in the United States there have been concerns around attacks on nuclear power stations.
The security breach of the future
I still expect that the “mega security breach of the future” will be a combination of an attack with catastrophic intent in addition to a less obvious, passive attack. This attack will focus on our overwhelming reliance on data. Most of the value we place in business relies on the trust we place on the data that we receive and manipulate through various streams.
If an attack were sophisticated enough to pair a catastrophic attack that shuts off power or the telecommunications grid with a passive attack that destroys the integrity and utilisation of data, the cyberattack could impact the entire Western world.
Imagine the lights went out, mobile phones failed and when the power came back on, our bank accounts, medical records and online e-store account information could not be trusted. There would be chaos. The WannaCry and Petya attacks – which were not even particularly sophisticated – gave some insight into the devastation that could be caused.
In the UK the NHS had to cancel operations and medical professionals had to resort to handwritten notes. Petya broke the monitoring systems at the Chernobyl nuclear power plant. This disaster scenario is not only in the minds of movie directors, it is very real; and governments and organisations around the world are working all day, every day to prevent serious attacks from succeeding, albeit some get through.
The good news is that increased awareness about the potential for these attacks is motivating organisations to take a hard look at their security postures and implement both educational mechanisms for employees and next-generation security solutions that can alert on, and prevent, advanced attacks.
So how should we focus on protecting critical infrastructure?
There are areas that don’t get the amount of attention and concern over cyber-attacks that they require. Our transportation system is one such example. An aeroplane is essentially a large industrial machine, more complex with each generation. An aeroplane has become a corporate business centre, incorporating connectivity, communication and access to the internet.
If a single hacker were able to breach the security of an aeroplane and take control of it for even five minutes, perhaps sending it into a sharp nosedive to prove his or her point, the aviation industry would immediately ground entire fleets until they could assure that no other plane could be similarly compromised. Imagine a week or more with no planes travelling anywhere.
With so many serious threats around, this means that organisations must continue to be vigilant and investments in up-to-date and state of the art defence is absolutely essential. Furthermore, training of dedicated and professional staff is also key as human intelligence plays a significant role in preventing the doomsday scenario of a cyber act of war. We should all be cautious and prepared as it is quite likely a major cyber-attack will affect a Western nation quite possibly in the remainder of this year, or at some point in 2018.

The post Attacking critical infrastructure – the evolution of kinetic warfare appeared first on IT Security Guru.

Biological malware: Scientists use DNA to hack a computer

The Gurus — Fri, 11 Aug 2017 09:04:09 +0000

Scientists at the University of Washington in Seattle, have successfully been able to code a malware program into a DNA sample and use it to hack into a computer that was studying it. By doing this, they have exposed a weakness in systems that could lead to hackers taking control of computers in research centres, universities and laboratories, reports MIT technology review. Researchers are calling this the first “DNA-based exploit of a computer system.”
View Full Story
ORIGINAL SOURCE: IB Times

The post Biological malware: Scientists use DNA to hack a computer appeared first on IT Security Guru.

Kaspersky Lab patches up relationship with Microsoft as antitrust complaint dropped

The Gurus — Fri, 11 Aug 2017 09:02:35 +0000

Russian cybersecurity firm Kaspersky Lab has dropped an antitrust legal complaint against Microsoft after the US technology giant agreed to give anti-virus vendors greater control over how their software will be compatible with future versions of its Windows OS. In June 2017, Kaspersky Lab filed legal cases against Microsoft in both the European Commission and the German Federal Cartel Office, alleging that it was taking advantage of its own “dominant position in the computer operating system market to promote its own software”.
View Full Story
ORIGINAL SOURCE: IB Times

The post Kaspersky Lab patches up relationship with Microsoft as antitrust complaint dropped appeared first on IT Security Guru.

TalkTalk fined £100k for exposing personal sensitive info

The Gurus — Fri, 11 Aug 2017 09:00:00 +0000

Blighty’s Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre. The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. Typically, the scammers pretended they were providing support for technical problems. They quoted customers’ addresses and TalkTalk account numbers.
View Full Story
ORIGINAL SOURCE: The Register

The post TalkTalk fined £100k for exposing personal sensitive info appeared first on IT Security Guru.

A ghost story – The haunting presence of an ex-employee

The Gurus — Wed, 09 Aug 2017 09:42:33 +0000

From recruiting the most talented employees, to ensuring accounts are in order and providing staff with the latest technological innovations, businesses across the globe work tirelessly every day to strive for success. Lurking behind every policy, best practice and guideline, however, is a world that often gets neglected. What happens when someone leaves the company? Of course, in an ideal world, businesses recruit a capable replacement, tie up any loose ends on a project they were previously working on, and of course, throw a leaving party to ensure both the employee and business can part ways on the best of terms. Sadly, we do not live in an ideal world and, on occasion, an employee’s departure isn’t quite so clean cut and can cause issues months after they have left the company. This begs the question, are organisations doing everything in their power to make sure a soon-to-be ex (employee) does not walk out the door with access to everything the business holds dear?
Former employees are not always your friends
We have all seen the hugely damaging actions that former employees can inflict upon businesses. One such example is a huge data breach experienced by OFCOM^[1], when they discovered that a former employee had downloaded and shared over six years’ worth of data with their new employer, which happened to be a major broadcaster. Luckily for OFCOM, the broadcaster in question chose not to exploit the data and alerted OFCOM to the stolen information. Shockingly, the latest research from OneLogin shows that despite the threat of former employees, more than half (58 per cent) still have access to the corporate network once they have left an organisation and almost a quarter of businesses (24 per cent) experience data breaches due to the action of ex-employees. The OFCOM data breach could have been catastrophic if it had have been used by a competitor, not to mention the potential damage to brand reputation. Similarly, businesses must also consider that when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018, UK firms could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher^[2], enough to leave an organisation with financial difficulties. Of course, there are scenarios where organisations have not been as lucky as OFCOM.
In fact, Marriott Hotels experienced the full force of a disgruntled former employee in 2016. According to court documents^[3], a former Marriott employee was fired from the company in August 2016, and was told not to access the company’s internal systems. However, despite this warning, the former employee accessed Marriott’s reservation system from the comfort of their home, slashing room rates down from $159-$499 to $12-$59. This particular breach cost Marriott $50,000. Mariott, however, isn’t the only organisation to have left themselves open to disgruntled ex-employees. In fact, 28 per cent of former employee’s accounts remain active for longer than a month.
HR & IT must collaborate and take accountability
A former employees’ word is not enough. HR and IT must work together to avoid situations such as this and it doesn’t have to be difficult or time intensive. Automated processes can be used to deprovision all access to corporate accounts within minutes of an employee’s contract being terminated to protect valuable corporate data. There are tools available to ensure that once an employee has logged off for the final time they are locked out from that moment onwards. OneLogin’s research revealed that only half of UK businesses use automated de-provisioning technology to ensure this happens. In addition, 45 per cent of businesses don’t use a Security and Information Manager (SIEM) to check for application use by former employees, leaving vital corporate data exposed to potential leaks. Businesses revoke a former employees’ means of physically getting into the office, so it is essential that their digital access is also revoked on departure.
Stick to the solution
It is crucial that businesses wake up and acknowledge that former employees exploiting corporate access is a problem and yes, it could happen to any company. It is clearly not enough to rely on the goodwill of ex-employees, however trustworthy they may appear to be. With so much at stake, are organisations really willing to leave the key to the business’ most precious assets in their hands? Quite frankly, there is no reason to.
Some employees leaving an organisation don’t have many loyalties to their previous employer, no matter how amicable their departure was, meaning security risks are highly likely. Therefore, it is imperative that deprovisioning employees’ corporate access on their last day is an absolute priority. Companies need to use the right tools to ensure this happens. These include:

Automated syncing of HR directories such as Workday, UltiPro, and Namely, which are the source of truth for employee status, and IT directories such as Active Directory and LDAP, which often control access to applications.
Automated deprovisioning of employees from applications that have an application programming interface (API) for user management. Most “birthright” applications that are widely used in companies, such as Office365 and G Suite, have these APIs.
Automatic checklist generation for IT admins, to ensure that they manually deprovision all ex-employees from all apps. Most applications don’t yet have an automated deprovisioning API and require manual intervention from IT.
Application access events sent to SIEM systems, to double-check that no ex-employees are accessing applications.

IT and HR can work collaboratively to fully deprovision all employees. If these steps are carried out correctly, a business can be safe in the knowledge that precautionary measures have been taken to protect confidential data from a departing employee.

Alvaro Hoyos, CISO at OneLogin

The post A ghost story – The haunting presence of an ex-employee appeared first on IT Security Guru.