The tumultuous state of global politics that defined 2017 continues to shape the motivations and schemes of a wide range of adversaries. In October, CNBC reported two Czech election websites were hacked and that, after Catalonia’s independence referendum was ruled illegal, the website for Spain’s Constitutional Court was taken down by a DDoS attack. These are just two of many examples that align with a trend Flashpoint analysts have observed in recent months: the proliferation of hacktivist activity targeting European government and political entities.

In September 2017, Flashpoint analysts observed multiple hacktivist-fuelled DDoS attacks targeting several websites belonging to ministries and individual public officials in multiple European countries. Although these campaigns have been dispersed across central Europe, some actors have tended to concentrate their activity on certain countries. For example, Flashpoint analysts observed that one Turkish nationalist group appears to be focused on targeting the websites of Belgian and Austrian political entities. This group has also indicated its intent to retaliate against any perceived anti-Turkish or anti-Muslim sentiment emanating from European political entities. In one instance, the group posted screenshots of successful DDoS attacks against Danish government institutions, which they claim to have carried out due to perceived insults by Danish politicians against Islam.

More recently in January 2018, Fancy Bears’ Hack Team—a hacktivist group that is allegedly connected to Russian state sponsored activity—released updates to its #OpOlympics campaign. Targeting both the International Olympic Committee and the Norwegian Olympic Committee, the group released hacked E-mail messages that appear to imply a conspiracy to cover up doping. This activity follows previous releases in 2017 of confidential documents from the Swedish Olympic Committee. The releases appear to be an effort to embarrass Olympic organisers and member states in retaliation for the banning of Russian athletes.

While hacktivist groups are often considered less skilled than their cybercriminal and state-sponsored counterparts, the risks they present and resulting damages they can inflict are by no means novel. Typically motivated by fundamental differences of political opinion, hacktivists have been known to disrupt, deface, or otherwise take down targeted websites, web-based services, networks, and infrastructure. Unfortunately, these types of damages became a reality for many following the recent hacktivist-fuelled DDoS attacks that correlated with major 2017 elections in the United Kingdom, Germany, Russia, Czech Republic, and France. It appears that the polarizing effect of these elections continues to contribute to the heightened risks faced by various European political entities.

Flashpoint assesses with a moderate degree of confidence that hacktivist-fuelled DDoS attacks against European political entities will continue in the coming months. While addressing hacktivist activity can be complex and challenging, organisations—not just in Europe, but worldwide—that integrate Business Risk Intelligence (BRI) into their security and risk strategies can and do mitigate these types of risks more effectively. By providing proactive visibility into rising geopolitical tensions, emerging hacktivist threats, and upcoming schemes, BRI enables organisations across all sectors to gain a decision advantage over a broad spectrum of hacktivists and other adversaries.

The post Europe’s Hacktivists Set Sights on Political Entities appeared first on IT Security Guru.

“Use of the vulnerable version of WhatsUp Gold in a manufacturing company may cause cyberincidents and even disrupt the technological process,” says Head of ICS Security at Positive Technologies Vladimir Nazarov.

“Such products might have access to a significant part of network equipment, including network devices that are located in the technological segment. That is why it is crucial to eliminate detected vulnerabilities in such software because it is of major interest for attackers.”

One of the vulnerabilities (CVE-2018-5777) in Ipswitch WhatsUp allows a remote attacker to use incorrect configuration of an TFTP server to execute arbitrary commands in the server’s operating system. An intruder can access the entire infrastructure on the server and create space for further attacks against the infrastructure.

Another vulnerability detected by the PT specialists (CVE-2018-5778) is caused by insufficient filtering of user input on certain web pages of WhatsUp Gold and allows SQL Injection. This vulnerability gives an attacker various opportunities depending on DBMS configuration, from unauthorized access to the software database through to arbitrary code execution. As a result, the attacker can access accounts that are stored in the vulnerable system’s database and used for network equipment control.

To eliminate these vulnerabilities, it is recommended to update WhatsUp Gold to the version not earlier than WhatsUp Gold 2017 Plus Service Pack 2 (v.17.1.2).

About Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community. Learn more about Positive Technologies at ptsecurity.com.

The post Positive Technologies detected vulnerabilities in a popular network control software appeared first on IT Security Guru.

Up for grabs is £10,000 in cash prizes and the opportunity to compete against the best of the USA in ‘Cambridge2Cambridge’, a transatlantic contest to be held later this year.

The 130 competitors, organised into 34 teams from 18 UK universities, will face over 20 challenges set by experts from the University of Cambridge and sponsors including Context IS and Palo Alto Networks. The two-day event, taking place at the University of Cambridge on the 16^th and 17^th March 2018, will culminate in a ceremony dinner at Trinity College, Cambridge.

Inter-ACE will simulate a number of scenarios, including working to prevent a cyber-attack on the infrastructure of a fictional city and the results of a successful tap on an undersea data cable. Competitors will develop and hone penetrative testing skills. These skills include the binary reverse engineering of malware, breaking into a web application such as an online payment system, decoding secure communications and piecing together intercepted data.

Professor Frank Stajano of the University of Cambridge, the founder of Inter-ACE, said “Protecting IT and infrastructure means understanding how it can be attacked. The head of the National Cyber Security Centre, Ciaran Martin, is absolutely right in that a major cyber-attack on the UK is a now matter of “when, not if” and we must recognise that the UK faces an urgent skills shortage.

“Inter-ACE gives future cyber security professionals the opportunity to test their skills against the best and meet others in their field and future employers. This is about engaging with the next generation of cyber security talent, and raising awareness of this vital, interesting and exciting career choice.

“It’s also about making the good work of cyber security professionals much more visible. Like other initiatives such as NCSC’s CyberFirst programme, the interesting experiences of the University students taking part in this year’s event will help to inspire those currently at school to consider a rewarding career in this field.”

Chris Ensor, Deputy Director for Skills and Growth at the NCSC, said: “The InterACE competition is a fantastic way to encourage bright young minds to hone their cyber knowledge further and meet like minded people.

“The cyber threat is growing, and so making sure that young people have the cyber security skills to help protect us has never been more important. We at the NCSC hope the entrants will be inspired – and can perhaps inspire others – into starting a thrilling career defending the UK and helping make it the safest place to live and work online.”

Established through the UK’s National Cyber Security Strategy and supported by GCHQ’s National Cyber Security Centre, the competition is sponsored by Microsoft, BT, Palo Alto and Context IS.

The 18 universities sending teams to Inter-ACE are Queen’s University Belfast, the University of Birmingham, the University of Cambridge, Cardiff University, De Montfort University, the University of Edinburgh, Edinburgh Napier University, Imperial College London, the University of Kent, Lancaster University,  Newcastle University, the University of Oxford, Royal Holloway University of London, the University of Southampton, the University of Surrey, University College London, the University of Warwick and the University of York.

The post Tomorrow’s cyber elite return to University of Cambridge for Inter-ACE cyber security challenge appeared first on IT Security Guru.

Read Full Story 

ORIGINAL SOURCE: IB Times

The post Hackers make $3m targeting Jenkins servers appeared first on IT Security Guru.

Read Full Story 

ORIGINAL SOURCE: The Times

The post Savers Lose Millions to Fraudsters appeared first on IT Security Guru.

Facial recognition and fingerprint scanning for device authentication are no longer futuristic concepts reserved for James Bond movies. In fact, biometrics seem to be gaining ground over their inferior cousin, the password, by the day. So, why do we all still have more passwords than we would care to remember? And whatever happened to the much-hyped “death of the password”?

Three burning questions that dog the authentication discussion are:

1. Why are we still using passwords when there are so many more secure options out there?
2. Will biometrics ever become the standard for authentication?
3. Assuming passwords are here, for at least a little while longer, how can I make them work for me?

Why are we still using passwords?

To understand why we are still using passwords, we need look no further than human nature. We like what we are comfortable with and resist change.

Since the very inception of networked computing, there has been a need for user authentication in order to access systems and data, and the easiest authentication to build into a system is the password. All you need is a directory and a few simple technologies to enforce the security. Consequently, the vast majority of systems use password authentication as the default — and in many cases, password authentication is the only option.

For those of us purchasing and implementing these applications, passwords have always been good enough… until they weren’t. The people that rely on these systems are comfortable with passwords. They have all kinds of tricks to help them remember their passwords (which, by the way, is often the reason passwords are the weak link in the security chain). And passwords are cheap – often password-based authentication is built into the systems that we rely on. Implementing a more secure or convenient authentication method will only add expense, management overhead, and possibly user dissatisfaction.

In addition, consider the fact that most organisations rely on older systems that default to password-based authentication. Switching to biometric enabled systems can be expensive, or require long deployment and integration cycles, and often comes across as an effort to fix something that isn’t broken. Not to mention that when multiple legacy systems are in play, those challenges are magnified many times over.

So why are we still using passwords? My opinion is, quite simply, because it’s good enough. Until there is a compelling event, technological breakthrough, or regulatory mandate forcing the issue, passwords will remain king.

Will biometrics become the new standard?

I believe that, yes, biometrics will eventually become the new standard. But only after enough password-based breaches hit enough organisations with enough negative effect that they are forced to implement stronger forms of authentication.

But I would also argue that multi-factor authentication (an approach in which biometrics is becoming a key player) is quickly becoming “a” standard, if not “the” standard. More and more organisations today are implementing the need to supplement the single factor of something you know (the password) with a second factor of either something you have (such as a smart card or OTP token), and more recently another factor could be something you are — otherwise known as biometrics.

Since second factors of the “something you have” variety are easier to implement and more easily integrated with legacy systems, I would expect continued growth in one-time passwords (OTP) and smart card authentication, while biometrics slowly gains ground.

So maybe the correct answer to this question is: multi-factor authentication will become the standard quickly, with biometrics being incorporated into a fraction of those use cases…at least for the foreseeable future.

How can I make passwords work for me?

Authentication technologies, whether they be password or biometrics, exist for one purpose – to secure access to systems and data. With the death of the password being greatly exaggerated, there is a compelling need to find ways to use them better. In other words, we need to find ways to ensure that passwords fulfill their purpose and work for your company’s security processes. Recent NIST guidelines provide cool alternatives to the strict rules we’ve been told to abide by when setting a strong password. For example, use a long phrase rather than a distorted version of your pet’s name. However, many legacy systems simply don’t provide the flexibility to implement these dramatically different password policies.  But there is hope. Here’s some ideas:

• Add multi-factor authentication. There are many options available for a two- or three- factor in authentication, and making sure that it fits with the culture of your organisation is the best way to ensure that users will be able to seamlessly gain access to their work without having it disrupt their workflow.
• Reduce the number of passwords you use — but change them frequently. Much of the trouble with hacked passwords is that they are easy to discover. This can be the result of poor practices such as never changing a password or the use of social engineering to guess them. However, a single hard-to-guess password that is changed often, and applies everywhere is an ideal remedy to their traditional weaknesses. Single sign-on and directory consolidation are fairly easy and common technologies that achieve this end.
• Take advantage of all your options. When implementing new systems, be sure that they support the standards necessary for adding multi-factor authentication to the mix and ensure that the policy you enforce for accessing those systems uses all the options available to you.

So, while the death of the password may be highly exaggerated for now, authentication is evolving, and biometrics will slowly become the new standard of the future. Set yourself up today to seamlessly and securely move into the password-less world, for when it finally arrives.

The post With the Advent of Biometrics, Are Passwords Going Away? appeared first on IT Security Guru.

Read Full Story 

ORIGINAL SOURCE: IBT

The post New HNS Botnet Uses Peer to Peer Communications to Infect 20,00+ Devices appeared first on IT Security Guru.

Bomgar’s solutions have always focused on security at the heart of their design. This ensures that every remote access connection made by our customers—whether a privileged user connecting to a critical system or device or a help desk connecting to an end-user’s system—is secure, protecting critical systems and data and helping organisations meet the GDPR requirements.

Bomgar’s solutions include:

• GDPR Pseudonymization Support – Meet GDPR initiatives through responding to Right to Erasure requests by searching for specific criteria supplied by the requestor.
• Improved Customer Agreement Enhancements – Improve security among support teams by reassuring customers they’re dealing with the intended organization, and keep your brand front and center while presenting and capturing consent.
• Enforce Policy of Least Privilege – Only give access to data to those who need it, when they need it, with granular levels of access controls that eliminate “all or nothing” access.
• Manage Privilege ‘Sprawl’ – Identify and secure all your privileged accounts centrally across your organisation, including dormant credentials, eliminate insecure practices of employees sharing or writing down passwords, and integrate your security policies.
• Secure and Protect All Privileged Accounts – Store, rotate, and manage privileged credentials within a secure enterprise password vault, and grant access based on job roles and requirements creating a reliable “privilege on demand” workflow.

“Security must be central to an organisations’ data privacy strategy to ensure they can control and protect access to the systems that hold personal data,” said Martin Willoughby, SVP, general counsel and chief privacy officer at Bomgar. “Organizations must also ensure all remote access methods are secure to protect their data as this is the number one method of compromise. Bomgar’s Secure Access solutions enable businesses to control, monitor, and manage access to critical systems and data, while ensuring that people remain productive and are not impeded in their day to day job tasks.”

For more details about how Bomgar can help your organisation meet the new GDPR standards, download this free whitepaper and register for our upcoming webinar: GDPR and Remote Access Security: What You Need to Know.

The post Bomgar Enables GDPR Compliance for Privileged Users appeared first on IT Security Guru.

The need to be GDPR-ready may be attention-grabbing right now, but turn this on its head; would you rather be compliant or protected against breaches? If you more concerned about compliance without understanding the role of security and protection, you may face the ticking of the breach notification clock – 72 hours and counting and the related penalties associated . 

Compliance does not equal protection

Fear can be a positive emotion, preventing us from straying into dangerous situations, but it can also be crippling – stopping us from pursuing the correct course of action when required. With the looming GDPR deadline, are businesses seeing compliance as a tick box only activity, or should they be seeing the new regulations as an opportunity to improve their defences against an unprecedented rise in cyberattacks?

A ‘tick box’ mentality might help achieve compliance within the requirements of GDPR, but there is much more that they can do to abide by its spirit. What does that tick in the box really mean? When can you start to celebrate? The truth of the matter is, you are only compliant for that brief moment in time.

Businesses need to demonstrate more than mere compliance: they need to show that they are sophisticated enough to deal with any breach that occurs, and have the right processes in place to minimise the damage and effectively report the extent of the breach. Stating you were compliant when a breach happened doesn’t protect your organisation or your customer data.

Beyond compliance

One of the most high-profile recent breaches – targeting Equifax – highlighted the reputational damage that delayed breach notifications can cause. Under GDPR, any delay will come with a hefty financial cost. The penalties for non-compliance with GDPR are well-known – a fine of up to 4% of revenue or €20m, whichever is the greater. An organisation can still be compliant yet suffer serious financial and reputational consequences from a breach that goes undetected. It’s therefore incumbent upon any organisation to ensure they are not only compliant, but always prepared for any breach. And the only way to build the right defences is to take the focus away from the breach and re-direct it to stopping the malware and demonstrating that you have mature processes in place to help detect, prevent and respond.

The Role of AI in GDPR

The key to defeating cyber attackers is to master huge volumes of data about threats in real time; and this simply isn’t possible without the use of AI due to the volumes of data that need to be processed. To give you an idea of the scale of the analysis, CrowdStrike collects and analyses around 67 billion events every single day. AI is used to access and contextualise all this data in under five seconds providing a real-time view of current threats, organisations need to be protected from.

The real essence of GDPR lies in the ability to demonstrate maturity from both a technical and process perspective, to be able to deal with a breach, should it occur. Harnessing technologies that use automation to operationalise data and artificial intelligence (AI) will make a big impact and also help to approach GDPR with a proactive ‘stopping malware’ mind-set.

AI can provide the ability to scale, provide visibility and therefore protect us at speed, as time can be the enemy. Used intelligently, AI enables us to see what’s happening in the world at any given moment, and to interrogate data to identify indicators of attack (predictive methods) as well as indicators of compromise. When combined with machine learning, it’s an incredibly powerful capability in the fight against hackers; constantly collecting, analysing and adapting security algorithms. Without the ability to understand if there are indicators of compromise in real-time, you will never be able to establish IT hygiene and, more importantly, have a security posture that is ready to face any future threats.

From compliance to security hygiene

Organisations also need to invest in processes to protect data and identify how that data is being accessed. Early warning systems that detect intrusions by external threat actors or insiders trying to gain unlawful access are key – but so are established guidelines for how to respond to a breach, such as isolating infected devices, remediating the estate, and working with legal and PR to formulate the right public response.

Preventative measures are also a fundamental part of the approach. With the rise in IoT, organisations should question which devices are WiFi-enabled and if they really need to be connected. Simple measures like this can ensure that they minimise the chance that they are compromised or become vectors for an attack.

We see this as ‘security hygiene’; a posture that focuses on cross-organisational measures to combat breaches, rather than a narrow focus on point security such as AV or endpoint protection.

Conclusion

Organisations should not fear the 72-hour deadline for breach notification but use this as an opportunity to review their existing processes and security. Achieving this target might mean that an organisation protects itself from huge fines mandated under GDPR, but it also provides the opportunity to make those updates to their technology and processes that may be overdue; being able to discover indicators of attack in real-time and prevent a breach. This might sound like another impossible requirement to add to the already stringent demands of the GDPR, but in fact the right tools and processes, can achieve this easily.

Don’t let fear be your motivation for achieving GDPR compliance. Instead, focus on how your business can give itself – and its customers – the best protection possible.

The post 72 hours and counting: The role of AI in GDPR appeared first on IT Security Guru.

The cybersecurity industry tends to focus its attention on what to do after a breach or a hack occurs. After all, this is the topic of discussion for the media, or an organisations’ partners and customers. “What does the victim do now?” But shouldn’t we at least be as interested, if not more so, in what the organisation should be doing before a breach ever occurs? This is how we’ve come up with the term, staying left of the breach – meaning before it takes place.

It’s pretty much commonly agreed upon within the industry that data breaches are inevitable. It won’t be long before the media outlets give us another Equifax, Three, Deloitte or Wonga (to name but a few) – and demonstrate the potential irreversible damage the breach may have on said organisation.

As the stories of these breaches emerge, we continue to see organisations remaining right of breach for far too long; that is, in pure reactive mode. Panicking and scrambling to collect information that may no longer exist – often days, weeks, or even months after the breach occurred. So, what exactly does this look like in practice?

Living right of breach

The first step to understanding the difference is learning what to expect if you choose to remain right of breach…

A sense of panic and dread

It’s only natural upon learning that your organisation has been breached that a sense of dread will begin to fall over any business leader.  There is a correct way to react, but because you’re living “right of breach”, you begin to panic and scramble for answers. What resources or assets have been compromised? And, very often you can’t find the data you need to inform legal counsel and senior executive decisions due to inadequate incident preparation. Combine the lack of planning with a lack of experience and the overwhelming requirement to report to compliance and regulatory bodies, and the result is pandemonium.

The end result is that a breach becomes wildly expensive for any organisation – not just in terms of litigation – but in terms of brand reputation, to which it can have a devastating effect for even the largest of conglomerates.

Regulations and notifications

Depending on where your organisation is based, you will be held accountable to any number of compliance requirements and regulation bodies. One such regulation that centres around breach notification is the EU’s General Data Protection Regulation (GDPR). Organisations whose business operations are predominately based within the European Union (EU) have had no choice but to pay attention to the regulation once it comes into effect in May of 2018. After all, if they choose to ignore it, they could face significant fines for noncompliance. These fines are the greater of €20 million or 4% of the organisation’s global gross revenue. The time and money spent having to comply is surely the preferable option for organisations operating within the EU.

To the left, to the left

Now that we understand a little more about the costs of being breached, let’s turn our attention to the benefits of staying in that ideal left of breach posture, and some ways to remain there.

Plan for the worst, hope for the best

If you plan for incidents to occur, if you run your organisation “left of breach”, you can budget for the costs of planning and implementing your security strategy. Yes, there are one-time start-up costs and annual upkeep or maintenance costs, but all of these will become part of budget planning, and hence, the annual financial planning process.

By taking this approach, you can detect breaches much earlier in the threat lifecycle, which removes a great deal of the costs resulting from a breach. Through early detection and remediation, you avoid the costs of notification and the legal fees for subsequent lawsuits.

More importantly, if you’re only responding to a breach many months after the fact, it can very hard to say definitively what data was compromised. Detecting and halting the breach before the attacker can access sensitive data means you won’t have to deal with notification costs.

Why early detection is the way forward

When you build your infrastructure with visibility in mind, you naturally learn a fair bit about what’s going on inside your virtual walls. You begin seeing a great deal of the activity that’s occurring on your systems, both long-running and short-lived processes. As you begin monitoring your systems, even the most basic filters for process activity will illustrate suspicious activity.

This sort of visibility, particularly when coupled with system hardening and audit configuration, inherently leads you to understand and detect suspicious activity, as well as outright breaches, much earlier in the threat lifecycle. Rather than learning from an external third party that you’ve been breached, you detect the breach before the attacker can access sensitive data.  As such, you can then state definitively that sensitive data was not accessed in your report to your compliance oversight body.

Endpoint visibility and monitoring tools allow organisations to detect the presence of malicious actors much sooner within the breach cycle. This then allows security teams to identify their entry point and respond with a planned approach before they develop a foothold within the IT infrastructure.

Getting to the left of breach

Getting left of breach means configuring your systems appropriately for your infrastructure and then utilise them for visibility.

When I say configuring your systems, ask yourself questions like:

• Why is our DNS or DHCP server running a web server and Terminal Services?
• Should both of those be accessible from the internet?
• Are our systems configured to provide only the necessary and defined services, and are those systems and services patched appropriately?

The purpose of system configuration is to reduce your potential attack surface, making it harder for cybercriminal to gain access to systems by forcing them to change the methods they use to attack your organisation.

Enabling endpoint visibility and monitoring the information collected allows your organisations to capture a complete record of an adversary’s access to your network.  The appropriate application of threat intelligence allows you to filter through the vast amount of “normal” activity within your infrastructure that is indicative of day-to-day business, and alert on activity associated with dedicated adversaries. This process then gives you the ability to quickly filter through massive amounts of data to focus on just those relevant activities. The same is true for insider threats as well as a wide range of security issues.

It comes down to the saying “An ounce of prevention is worth a pound of cure.” Of course, you can justify spending large sums of money and time by waiting for a breach to occur. Once that happens, what choice do you have? Isn’t it better to take the time, money, and energy to focus on staying “left of breach”, rather than suffering from the enormous costs (financial, legal, brand) associated with being “right of breach”? Chances are your stakeholders and investors will thank you in the long run when your organisation is breached.

The post Learning to live left of breach appeared first on IT Security Guru.