infosec Archives - IT Security Guru

EU Commission Puts Pressure on Social Media Giants

The Gurus — Fri, 29 Sep 2017 10:10:41 +0000

The EU Commission has put pressure on social media giants to crack down on illegal content.
Read full Story
ORIGINAL SOURCE: InfoSecurity Magazine

The post EU Commission Puts Pressure on Social Media Giants appeared first on IT Security Guru.

Are Bored Employees the Biggest Security Risk?

The Gurus — Thu, 28 Sep 2017 10:10:55 +0000

In an Infosec survey, Centrify have revealed that distractions and boredom are the main causes of human error in IT.
Read Full Story
ORIGINAL SOURCE: Information Age

The post Are Bored Employees the Biggest Security Risk? appeared first on IT Security Guru.

Attacking critical infrastructure – the evolution of kinetic warfare

The Gurus — Fri, 11 Aug 2017 09:25:59 +0000

I said earlier in 2017 I believed it was quite possible that in 2017 a major cyberattack will occur in either the United States, the United Kingdom, or another friendly country that will require a response equivalent to a kinetic attack. In other words, a cyberattack will occur that will be looked on as an act of war. To date, despite the fact that cyberattacks can easily surpass kinetic attacks in both scope, magnitude and damage (both in the short and long term) we have not addressed such cyberattacks, planned for them, or developed long and short-term response policies.
I still believe this to be the case, the world has not got any safer following a host of geopolitical events, ranging from missile launches by North Korea through to Russian interference in elections such as this year’s French presidential election. This continues to mean cyber is being used as a weapon by nation states especially.
Indeed, we’ve seen an uptick in recent months of attacks focusing on various critical infrastructure around the globe. These attacks have targeted financial organisations, election infrastructure, and various utilities including oil and gas companies, payment systems, electric grids and governments.
The UK in a report this year from the UK’s General Communications Headquarters (GCHQ), and the national Cyber Security Centre (NCSC) stated that hackers are targeting the UK’s energy sector. Similar concerns have been raised by countries from around the world, notably in the United States there have been concerns around attacks on nuclear power stations.
The security breach of the future
I still expect that the “mega security breach of the future” will be a combination of an attack with catastrophic intent in addition to a less obvious, passive attack. This attack will focus on our overwhelming reliance on data. Most of the value we place in business relies on the trust we place on the data that we receive and manipulate through various streams.
If an attack were sophisticated enough to pair a catastrophic attack that shuts off power or the telecommunications grid with a passive attack that destroys the integrity and utilisation of data, the cyberattack could impact the entire Western world.
Imagine the lights went out, mobile phones failed and when the power came back on, our bank accounts, medical records and online e-store account information could not be trusted. There would be chaos. The WannaCry and Petya attacks – which were not even particularly sophisticated – gave some insight into the devastation that could be caused.
In the UK the NHS had to cancel operations and medical professionals had to resort to handwritten notes. Petya broke the monitoring systems at the Chernobyl nuclear power plant. This disaster scenario is not only in the minds of movie directors, it is very real; and governments and organisations around the world are working all day, every day to prevent serious attacks from succeeding, albeit some get through.
The good news is that increased awareness about the potential for these attacks is motivating organisations to take a hard look at their security postures and implement both educational mechanisms for employees and next-generation security solutions that can alert on, and prevent, advanced attacks.
So how should we focus on protecting critical infrastructure?
There are areas that don’t get the amount of attention and concern over cyber-attacks that they require. Our transportation system is one such example. An aeroplane is essentially a large industrial machine, more complex with each generation. An aeroplane has become a corporate business centre, incorporating connectivity, communication and access to the internet.
If a single hacker were able to breach the security of an aeroplane and take control of it for even five minutes, perhaps sending it into a sharp nosedive to prove his or her point, the aviation industry would immediately ground entire fleets until they could assure that no other plane could be similarly compromised. Imagine a week or more with no planes travelling anywhere.
With so many serious threats around, this means that organisations must continue to be vigilant and investments in up-to-date and state of the art defence is absolutely essential. Furthermore, training of dedicated and professional staff is also key as human intelligence plays a significant role in preventing the doomsday scenario of a cyber act of war. We should all be cautious and prepared as it is quite likely a major cyber-attack will affect a Western nation quite possibly in the remainder of this year, or at some point in 2018.

The post Attacking critical infrastructure – the evolution of kinetic warfare appeared first on IT Security Guru.

Android app stores flooded with 1,000 spyware apps

The Gurus — Fri, 11 Aug 2017 09:12:02 +0000

Hackers have flooded Android app stores, including the official Google Play store, with over 1,000 spyware apps, which have the capability to monitor almost every action on an infected device. Dubbed SonicSpy, the malware can silently record calls and audio, take photos, make calls, send text messages to numbers specified by the attackers, and monitor calls logs, contacts, and information about wi-fi access points.
View Full Story
ORIGINAL SOURCE: ZD Net

The post Android app stores flooded with 1,000 spyware apps appeared first on IT Security Guru.

Biological malware: Scientists use DNA to hack a computer

The Gurus — Fri, 11 Aug 2017 09:04:09 +0000

Scientists at the University of Washington in Seattle, have successfully been able to code a malware program into a DNA sample and use it to hack into a computer that was studying it. By doing this, they have exposed a weakness in systems that could lead to hackers taking control of computers in research centres, universities and laboratories, reports MIT technology review. Researchers are calling this the first “DNA-based exploit of a computer system.”
View Full Story
ORIGINAL SOURCE: IB Times

The post Biological malware: Scientists use DNA to hack a computer appeared first on IT Security Guru.

A ghost story – The haunting presence of an ex-employee

The Gurus — Wed, 09 Aug 2017 09:42:33 +0000

From recruiting the most talented employees, to ensuring accounts are in order and providing staff with the latest technological innovations, businesses across the globe work tirelessly every day to strive for success. Lurking behind every policy, best practice and guideline, however, is a world that often gets neglected. What happens when someone leaves the company? Of course, in an ideal world, businesses recruit a capable replacement, tie up any loose ends on a project they were previously working on, and of course, throw a leaving party to ensure both the employee and business can part ways on the best of terms. Sadly, we do not live in an ideal world and, on occasion, an employee’s departure isn’t quite so clean cut and can cause issues months after they have left the company. This begs the question, are organisations doing everything in their power to make sure a soon-to-be ex (employee) does not walk out the door with access to everything the business holds dear?
Former employees are not always your friends
We have all seen the hugely damaging actions that former employees can inflict upon businesses. One such example is a huge data breach experienced by OFCOM^[1], when they discovered that a former employee had downloaded and shared over six years’ worth of data with their new employer, which happened to be a major broadcaster. Luckily for OFCOM, the broadcaster in question chose not to exploit the data and alerted OFCOM to the stolen information. Shockingly, the latest research from OneLogin shows that despite the threat of former employees, more than half (58 per cent) still have access to the corporate network once they have left an organisation and almost a quarter of businesses (24 per cent) experience data breaches due to the action of ex-employees. The OFCOM data breach could have been catastrophic if it had have been used by a competitor, not to mention the potential damage to brand reputation. Similarly, businesses must also consider that when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018, UK firms could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher^[2], enough to leave an organisation with financial difficulties. Of course, there are scenarios where organisations have not been as lucky as OFCOM.
In fact, Marriott Hotels experienced the full force of a disgruntled former employee in 2016. According to court documents^[3], a former Marriott employee was fired from the company in August 2016, and was told not to access the company’s internal systems. However, despite this warning, the former employee accessed Marriott’s reservation system from the comfort of their home, slashing room rates down from $159-$499 to $12-$59. This particular breach cost Marriott $50,000. Mariott, however, isn’t the only organisation to have left themselves open to disgruntled ex-employees. In fact, 28 per cent of former employee’s accounts remain active for longer than a month.
HR & IT must collaborate and take accountability
A former employees’ word is not enough. HR and IT must work together to avoid situations such as this and it doesn’t have to be difficult or time intensive. Automated processes can be used to deprovision all access to corporate accounts within minutes of an employee’s contract being terminated to protect valuable corporate data. There are tools available to ensure that once an employee has logged off for the final time they are locked out from that moment onwards. OneLogin’s research revealed that only half of UK businesses use automated de-provisioning technology to ensure this happens. In addition, 45 per cent of businesses don’t use a Security and Information Manager (SIEM) to check for application use by former employees, leaving vital corporate data exposed to potential leaks. Businesses revoke a former employees’ means of physically getting into the office, so it is essential that their digital access is also revoked on departure.
Stick to the solution
It is crucial that businesses wake up and acknowledge that former employees exploiting corporate access is a problem and yes, it could happen to any company. It is clearly not enough to rely on the goodwill of ex-employees, however trustworthy they may appear to be. With so much at stake, are organisations really willing to leave the key to the business’ most precious assets in their hands? Quite frankly, there is no reason to.
Some employees leaving an organisation don’t have many loyalties to their previous employer, no matter how amicable their departure was, meaning security risks are highly likely. Therefore, it is imperative that deprovisioning employees’ corporate access on their last day is an absolute priority. Companies need to use the right tools to ensure this happens. These include:

Automated syncing of HR directories such as Workday, UltiPro, and Namely, which are the source of truth for employee status, and IT directories such as Active Directory and LDAP, which often control access to applications.
Automated deprovisioning of employees from applications that have an application programming interface (API) for user management. Most “birthright” applications that are widely used in companies, such as Office365 and G Suite, have these APIs.
Automatic checklist generation for IT admins, to ensure that they manually deprovision all ex-employees from all apps. Most applications don’t yet have an automated deprovisioning API and require manual intervention from IT.
Application access events sent to SIEM systems, to double-check that no ex-employees are accessing applications.

IT and HR can work collaboratively to fully deprovision all employees. If these steps are carried out correctly, a business can be safe in the knowledge that precautionary measures have been taken to protect confidential data from a departing employee.

Alvaro Hoyos, CISO at OneLogin

The post A ghost story – The haunting presence of an ex-employee appeared first on IT Security Guru.

My Time at Infosec Europe 2017

The Gurus — Thu, 13 Jul 2017 10:22:00 +0000

If you attended Infosec in London last month, you may have seen the panel discussion that I was part of. It took place on the exhibition floor and was also streamed throughout the show. The topic was social engineering and I was sharing the stage with a number of experts on the subject. One of them was Jenny Radcliffe, who is pretty much the best social engineer I know. Her talks are a great listen, as is her Human Factors podcast.

Jenny’s always full of wonderful horror stories about social engineering and just how easy it can be. So when I found out that I was to share a stage with her it was clear that I needed one of my own. I headed straight to ebay and ordered a high-vis jacket with the word “Security” on the back, which cost me less than £10. I’ve often read that such an item of clothing is all it takes to get into just about anywhere unnoticed or unquestioned. Someone had even used one to get into music gigs. It was time to put this to the test.

As it happened, Infosec took place a couple of weeks after the terror attacks at London Bridge and Borough Market. Security at the show was consequently tight, and everyone was advised to allow extra time for their bags to be searched. This seemed like a good time to test out my invisibility cloak. So as I approached Olympia I took the hi-vis out of the sports bag I was carrying and put it on. I strolled straight to the front of the queue and walked in. No one said a thing. No one asked to look in my bag. No one asked why I was walking around the show without a visitor badge.

I’ve been saying this for 20 years, and it’s as true now as it’s always been. Security is not just about technology. It’s about people. If you blow your security budget on firewalls and IDS, anti-ransomware suites and data breach insurance, you’re missing out on a huge area of risk.
So here’s your homework for next week. Head to ebay and buy yourself a hi-vis security vest. Add a lanyard with SECURITY printed on it too, if you wish, and knock up a quick photo ID card on the colour printer.
Then give it all to a friend of yours whose face isn’t known in your company, and see just how far they manage to get. Just don’t promise them a prize for every protected area they manage to penetrate, or it’ll end up costing you a fortune. I guarantee it.

The post My Time at Infosec Europe 2017 appeared first on IT Security Guru.

Westfield CIO: Data And Personalisation Are Key To Shopping Centre Survival

The Gurus — Fri, 23 Jun 2017 11:10:48 +0000

Shopping is fast becoming an online activity, but Westfield has a plan to keep consumers coming back to its two London facilities.
View Full Story
ORIGINAL SOURCE: Silicon UK

The post Westfield CIO: Data And Personalisation Are Key To Shopping Centre Survival appeared first on IT Security Guru.

The Infosecurity Europe IT Security Guru Awards 2017

The Gurus — Tue, 23 May 2017 10:20:02 +0000

This year IT Security Guru, ranked among one of the leading information security websites you should be reading, will be conducting its Infosecurity Awards at the Infosecurity Europe exhibition in London between 06-08 June 2017.
IT Security Guru has four categories in which all those attending Infosecurity Europe can vote for:

Best Stand
Best Newcomer
Best Giveaway
Best Speaker

If someone stands out to you, we want to hear about it and give the winners bragging rights! We would love vendors, CISOs, journalists, exhibitors, attendees and everyone in-between to participate in choosing the winners.
There will be two ways you can vote:

Those that are more socially active can vote by using the hashtag #infosecGuru followed by the relevant category and the company’s or speaker’s name e.g #infosecGuru Best Stand FireMon.
Printed answer sheets will be available on every stand where people can write down their winners.

Voting will stop on Thursday, 8^th June at 4pm and any votes put forward after this date will not be counted.
The winners will be announced shortly after voting closes.
We look forward to seeing you there!

The post The Infosecurity Europe IT Security Guru Awards 2017 appeared first on IT Security Guru.

FireMon Announces Industry’s First Intelligent Cloud Security Management Solution

The Gurus — Fri, 12 May 2017 10:31:00 +0000

FireMon today announced that its market leading Intelligent Security Management, which helps organizations worldwide centrally manage their on-premises firewalls, is available for cloud and native cloud firewalls. From traditional, on-premises or cloud firewalls such as Juniper Networks®, Palo Alto Networks® or Cisco®, to native cloud security controls like Amazon Web Services, regardless of what an enterprise’s security environment looks like, FireMon can manage it.
In its recent State of the Firewall Report, a global benchmarking study of over 400 organizations’ security infrastructures, FireMon found that cloud adoption is now the norm, but some questions still remain about who manages the cloud. For example, 90 percent said they had adopted a cloud solution, but for more than one third of respondents, responsibility for cloud security falls outside of security operations, which adds an extra layer of complexity to security management.
“Cloud environments face many of the same threats as traditional enterprise networks, but due to the vast amount of data stored on cloud servers, cloud services become an even more attractive target for a breach or attack,” said Jody Brazil, co-founder and Chief Product Strategist for FireMon. “What many organizations don’t realize is that while cloud providers typically deploy security controls to protect their own environments, ultimately it is the organization’s responsibility to protect their own data.
“In the process of deploying public and private cloud services, businesses are discovering new challenges in visibility, scalability and control of their hybrid cloud environments that impact their ability to mitigate risk and keep up with business agility and demands.”
FireMon’s Intelligent Security Management platform can help due to its flexibility to allow the same infrastructure-independent, single-pane monitoring and analysis that enables organizations to manage their on-premises security policies to be easily extended to support any hybrid cloud implementation. The platform is built to scale to meet the needs of the environment, no matter how simple or sophisticated. Furthermore, with FireMon’s acquisition of 40Cloud, a Cloud Infrastructure Security Broker, last year, organizations with multiple cloud environments can securely connect them to each other and apply a single security policy across them, rather than reset individual policies for each.
FireMon partners with the industry’s leading firewall vendors including Check Point® Software, Palo Alto Networks, Cisco, Fortinet® and Juniper Networks, and it can manage native, embedded security infrastructure in public and private clouds such as AWS Security Groups and VMWare NSX Distributed Firewalls.

The post FireMon Announces Industry’s First Intelligent Cloud Security Management Solution appeared first on IT Security Guru.