risk Archives - IT Security Guru

Shedding light on the Deep & Dark Web: Bringing risk intelligence to bear for business benefit

The Gurus — Mon, 23 Oct 2017 10:19:50 +0000

Beyond the accessible surface of the open web, anonymous users exchange illegal goods and plan criminal activities away from prying eyes. Known as the Deep & Dark Web, these covert regions of the Internet are unindexed by search engines and far greater in volume than the open web. Here, among the forum chatter of cybercriminals and other adversaries, emerging threats and business risks frequently take shape. Shedding light on these secretive communities and the topics discussed within them offers a significant advantage to corporations seeking to combat threats and get one step ahead of adversaries.
An undiscovered country
Before we delve into the murky world of cybercrime, it’s worth distinguishing between the Deep Web and the Dark Web. The Deep Web simply refers to areas of the Internet that are not indexed by search engines. This includes perfectly legal sites protected by passwords, firewalls, and/or paywalls. Online banking systems and private social media profiles are example of sites where user privacy is protected for entirely legitimate reasons. For authorised users, accessing these sections of the Deep Web requires nothing more than a standard Internet browser and the ability to enter the requisite login credentials.
In contrast, the Dark Web refers to a subcomponent of the Deep Web. Accessing it requires the use of specific encrypted browsers — such as Tor or I2P — that conceal the identity and location of the user. While the Dark Web is often tied to illegal activity, legitimate uses do exist under certain circumstances. For example, individuals located in regions governed by oppressive regimes where Internet usage and freedom of speech are restricted may have few options, if any, for accessing the Internet aside from the Dark Web.
However, wherever anonymity is possible, those to whom it is useful for illegitimate purposes are quick to take advantage. Collectively, the Deep & Dark Web has long served as a safe haven for cybercriminals, state-sponsored actors, and other adversaries with varying motivations for engaging in illegal activities. Most of these adversaries are motivated by monetary gain, which they seek to accomplish in a variety of ways.
Typical uses of the Deep & Dark Web include buying and selling illegal goods such as drugs, stolen information, weapons, and malware, among others. These online communities also facilitate collaboration and information sharing, providing adversaries with access to a wealth of expertise in a broad range of illicit subject matters ranging from physical and online theft to advanced hacking skills. By serving as a platform for recruiting, training, and advising new members, the Deep & Dark Web helps adversaries grow their sphere of influence and increase their potential for success.
In fact, community members are expected to actively contribute to the collective wealth of information and ideas that enable other members to advance their skills and develop new schemes. For example, one cybercriminal involved in various gift card fraud schemes was known to solicit old or empty gift card codes from their fellow cybercriminal peers so they could use them to improve their tactics and help their schemes become more lucrative. Understandably, Deep & Dark Web communities and their members are insular, secretive, and wary of scrutiny, making said communities difficult for outsiders to penetrate.

Danger, lies and empty threats
Aside from monetary gain, many adversaries are also motivated by the pursuit of power and validation. While the Deep & Dark Web is home to many unlawful activities that can give rise to tangible dangers, it is also fraught with exaggerations, lies, and empty threats. Specifically, attention-seeking individuals may try to appear more sophisticated and capable than they actually are in order to build up their reputations and earn the respect of accomplished criminals. Some may even wish to gain invitations to more exclusive, invite-only communities.
For defenders seeking to glean actionable insights from the Deep & Dark Web, distinguishing the genuine threats from the background noise is an ongoing endeavour. Indeed, this is one of the main reasons why Deep & Dark Web intelligence is best gleaned by analysts with the right tools, expertise, and experience. Such analysts have honed their tradecraft over years spent observing Deep & Dark Web forums to track emerging threats, become familiar with adversaries’ capabilities, and develop ever-evolving profiles of key individuals.
As you might expect, Deep & Dark Web forums are international communities, so linguistic skills are very valuable. Adversaries understandably go to sophisticated lengths to conceal their identities, meaning that in-depth knowledge and fluency in multiple languages can help analysts identify when a threat purports to come from one community but actually originates in another. And as with any community, adversaries on the Deep & Dark Web communicate with one another using their own slang and a wide variety of social and cultural nuances. Naturally, the most effective analysts possess a comprehensive understanding of and ability to effectively communicate using these linguistic complexities.

From intelligence to action
Gaining proactive visibility into the Deep & Dark Web can indeed enhance an organisation’s security and risk posture. A recent example of this occurred prior to the implementation of Europay MasterCard Visa (EMV) in the U.S., when intelligence from the Deep & Dark Web enabled Flashpoint’s team of analysts to uncover a plot to exploit the EMV rollout. While monitoring certain underground communities, analysts discovered that a group of threat actors had developed an EMV-chip recording software, as well as the manufacturing techniques needed to fabricate chip-enabled credit cards that were allegedly capable of bypassing even the most robust anti-fraud controls. Upon being made aware of these findings, financial services institutions were able to adjust their EMV implementation strategy and security measures to prevent the threat becoming reality.
It’s important to recognise, however, that accessing and collecting data from the Deep & Dark Web is not only difficult, it presents significant security risks. As such, organisations are encouraged to partner with analysts who have the proper tools, experience, and expertise to safely glean insights from these regions of the Internet. While organisations across all sectors will always be of interest to adversaries seeking monetary and/or personal gain, obtaining proactive visibility into where these adversaries interact and their malicious schemes are developed can enable defenders to bolster security, inform critical decisions, and ultimately mitigate a broad spectrum of cyber and physical risks.

The post Shedding light on the Deep & Dark Web: Bringing risk intelligence to bear for business benefit appeared first on IT Security Guru.

Imperva Insider Threats Study Finds More than Half of IT Security Professionals Are Concerned About Careless Users Putting Data at Risk

The Gurus — Fri, 14 Jul 2017 10:34:44 +0000

Imperva, Inc., committed to protecting business-critical data and applications in the cloud and on-premises, today announced the results of a survey of 310 IT security professionals taken at the Infosecurity Europe trade show. The survey found that when it comes to insider threats, over half (58 percent) of IT security professionals were deeply concerned, not primarily about malicious users, but about careless users who unwittingly put their organisation’s data at risk.
Forty-seven percent of the security professionals surveyed confessed to being “very worried” about insider threats. In addition, 14 percent of respondents revealed they do not have a security solution in place to detect insider threats.
“As we’ve seen in past high-profile cases, data breaches caused by careless, malicious or compromised insiders are real and serious,” said Terry Ray, CTO at Imperva. “Because the problem begins with users that have legitimate access to enterprise data, attacks from the inside can be present for long periods of time before finally being detected. What’s more, costs associated with loss of data can run in the millions and lead to customer loss, brand damage and stock price decline.”
While there are specific strategies and tools to help manage and investigate insider threats, our respondents found them to be labor intensive. For example:

Fifty-five percent of respondents said that managing too many security alerts was the most time-consuming element of investigating insider threats.
Forty-four percent of respondents admitted they do not have enough staff resources to analyse data permissions correctly.

There was a silver lining as 65 percent of the security professionals surveyed estimated that machine learning-based solutions that identify insider threats would free up more than 12 staff hours a week.
“To mitigate the risk, organisations should ask themselves where their sensitive data lies and invest in protecting it. Businesses can employ solutions, especially those based on machine learning technology that can process and analyse vast amounts of data, to help them pinpoint critical anomalies that indicate misuse of enterprise data and that also help them to quickly quarantine risky users to prevent and contain data breaches proactively,” Ray concluded.
To view the full survey results, visit http://bit.ly/2uPI4wM.

The post Imperva Insider Threats Study Finds More than Half of IT Security Professionals Are Concerned About Careless Users Putting Data at Risk appeared first on IT Security Guru.

Gartner Says Four Vectors Are Transforming the Security Software Market

The Gurus — Tue, 30 May 2017 09:37:56 +0000

The security software market is undergoing a dramatic transformation due to four key developments, according to Gartner, Inc. The use of advanced analytics, expanded ecosystems, adoption of software as a service (SaaS) and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments.
“The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how risk and security functions deliver value in an organisation,” said Deborah Kish, principal research analyst at Gartner. “At the same time, the threat landscape and rise in the number of high-impact security incidents are also creating demand for security technologies and innovations that deliver greater effectiveness.”

Four vectors are transforming the security software market:

By 2020, Advanced Security Analytics Will Be Embedded in at Least 75 Per Cent of Security Products
Enterprises are increasingly seeking products that incorporate “smarter” predictive and prescriptive analytic technologies, which help warn users of potential security incidents and provide guidance on optimal responses. These more-advanced analytical capabilities are driven by a variety of underlying technologies, such as heuristics, artificial intelligence/machine learning and other techniques. Successful vendors will work with customers and prospects to understand use cases where analytics will deliver significant value and augment limited security staff and resources.
Acquiring and Integrating Products and Technologies Will Be a Critical Strategy to Increase Market Share and Enter New Markets
Given the preponderance of startups and smaller vendors pursuing innovative approaches to security problems, acquisition, integration and consolidation are highly effective strategies to increase market share and enter completely new markets. In many cases, mature vendors in search of continued growth are acquiring faster-growing companies from emerging adjacent markets. In other cases, vendors are optimising profits by consolidating similar products under a single brand, therefore leveraging economies of scale by combining core functions, such as development, support, sales and marketing.
End Users’ Quest for Flexibility Will Increase Adoption of SaaS
Security buyers are making security product investment decisions that support digital business, fit their current challenges and deliver performance value. Gartner’s recent end-user security spending survey indicates that, in order to do this, they have a preference for products in an as-a-service format. SaaS for security and risk management is becoming critical as customers transition to digital business practices. However, providers must consider the financial implications of maintaining support for legacy security products while investing in an as-a-service product or managed service.
The Regulatory Environment Will Create Opportunities for Security Software Providers
The EU General Data Protection Regulation will come into effect on 25^th May, 2018 and could see organisations facing heavy fines should they receive a single complaint for mishandling private data. Punitive regulations will create board-level fears, driving security software budget decisions based on the potential financial impact of fines and noncompliance. Consequently, organisations will look to providers with products that provide the needed visibility and control of their data. Providers should identify the key regulatory requirements and constraints in target geographies by working with legal counsel to deliver product and service choices that will alleviate board-level fears.

Gartner clients can learn more in the report: “Market Opportunity Map: Security and Risk Management Software, Worldwide.”

The post Gartner Says Four Vectors Are Transforming the Security Software Market appeared first on IT Security Guru.

Why business risk intelligence comes before digital risk monitoring

The Gurus — Tue, 11 Apr 2017 12:48:53 +0000

Everyone remembers the social media boom of the mid-2000s. While social networks such as MySpace and Friendster already existed and had fledgling ad revenue models, it wasn’t until the emergence of Twitter, Facebook’s acquisition of FriendFeed, and the development of tools such as HubSpot and HootSuite that businesses began to take social media seriously as a digital channel.
Then, as is the case of all emerging technology use cases, market confusion began. Is social media really important in business? Is it digital marketing? Is it social media for business? Is it social marketing? Does it fit in lead generation or communications?
In the end it was rightly determined that social media is merely a tactical approach that is part of a bigger marketing and business strategy and wouldn’t be as valuable if that strategy were not developed first. And, as with most strategic development, sometimes research and more advanced tools are required to glean the information to put the right tactics in motion.
Fast forward to the mid-2010s and we’re in a similar dilemma with the crowded cyber threat intelligence (CTI) market, especially in the discussion around digital risk monitoring. According to Forrester, digital risk is assessing cyber risk, brand risk, and physical risk emanating from open web properties, social networks, and some computer and mobile applications. Much like tactical social media tools, a good intelligence-rich strategy needs to be developed in advance of any digital risk monitoring implementation in order to be most effective.
Business Risk Intelligence (BRI), on the other hand, provides strategic intelligence gleaned from the Deep & Dark Web that informs organisations what the actual threats are that are critical to their business. While many organisations do have digital risk monitoring in addition to BRI, many organisations end up adding BRI later on to address the intelligence gap that digital risk monitoring approaches leave open. Many concerns often stem from missed information around insider threats, fraud, anti-money laundering, geopolitical intelligence, supply chain, and a need for more sophisticated threat actor profiling or directed actor engagement.
For one, putting the tactical before the strategic is going to land most organisations in a corner where they are missing business critical information. Second, digital risk monitoring solutions, even if they offer data from the Deep & Dark Web, do not often have expertise beyond purely automated approaches to gain information, which can never be rich enough to be considered intelligence.
Just as strategy needs to come before tactics, BRI must come before digital risk monitoring. Digital risk solutions are good for setting and monitoring already known information, or as I’ve said before, “answering the questions companies already know to ask.” But BRI is what helps determine what needs to change in operations, policies, and protections across an organisation.
Here’s an example based on the insider threat use case. In one incident, intelligence from an underground forum revealed that a rogue employee of a multinational technology company was preparing to profit from stolen source code from unreleased, enterprise-level software. With this intelligence, the company was able to be alerted and then supported in completing an internal investigation, work with law enforcement to support the employee’s arrest, prevent the illicit sale, and preserve the company’s intellectual property.
Digital risk monitoring could not have been used to detect or mitigate this insider threat. BRI, on the other hand, found the threat in its relevant context, enabling the company to take the appropriate steps to minimise its risk.
According to The Forrester Wave: Digital Risk Monitoring, Q3 2016: “Generic online or social media monitoring provides a false sense of security. Many security and risk] and marketing pros remain naïve about serious risks in their organisation’s digital presence, because they believe their existing social media monitoring or cyber threat intelligence (CTI) tools will detect them. That notion, however, is increasingly misguided.”
It’s misguided, of course, because these basic tools are tactical and do not provide the intelligence alone that is needed. The challenge of digital risk is that it rests somewhere between basic social media and brand monitoring, sprinkled with traditional cyber threat intelligence. Digital risk doesn’t have the scalable technology and human power behind it to produce BRI that helps all departments in an organisation determine the best strategies for protecting their digital, human, and physical assets.
Digital risk monitoring is a helpful tool for organisations that already have rich intelligence and not just data. Failing to distinguish between the two can be problematic. It is nearly impossible to form relevant context without first considering how the data relates to the entire risk profile of an organisation not just a tactical report. Observing digital risk through the open web is not enough to develop necessary context and thus cannot enable organisations to apply and operationalise the data to address their challenges effectively. BRI must come first.
By Josh Lefkowitz, CEO, Flashpoint

The post Why business risk intelligence comes before digital risk monitoring appeared first on IT Security Guru.

New survey shows 78% of eCommerce websites at risk

The Gurus — Fri, 07 Apr 2017 08:49:33 +0000

Security scans performed on 60,000 Magento websites, the most popular e-commerce platform, show that 78% are missing critical security patches, while 5% are confirmed to have payment card data harvesting malware stealing their customer details.
The scans were carried out, in the last week, using Foregenix’s free online scanner, WebScan.
The findings follow a number of high profile breaches of customer data over the past year, involving companies including Oracle, Cisco and Yahoo.
The cyber security company, which is renowned globally for its work with banks and payment providers, has an active threat intelligence team researching and analysing attack trends, with a strong focus on the eCommerce sector.
Benjamin Hosack, co-founder of Foregenix, said the rise in cybercrime threatens to undermine confidence in e-commerce, especially in markets leading the way in online sales such as the US and UK. While heavy penalties by card providers could put many smaller traders out of business in the year ahead.
“Breaches of security are also getting more expensive and it’s the small firms which are worst affected. Visa for example imposes a fine of up to €18 for each stolen set of card data from European merchants, according to Barclaycard.* Given that it takes six months for the average trader to realise they have been hacked, those for example with 100,000 transactions a year, could face a fine of roughly €450,000 – a sum beyond the means of many SMEs.
“Magento and other e-commerce platforms release regular software updates in response to threats. These security patches, if not applied, can leave websites highly vulnerable to hacking. However, most website developers and owners are very slow to update software, mainly because it’s a fairly complex and costly process.
“As in-store payments become more secure, cyber crime is migrating online,” says Benjamin. “This is particularly true in the US which finally began to migrate to chip and pin (EMV) in 2015. With lists of online storesreadily available, it’s easy for hackers to attack them en masse. The massive growth in online crime could make consumers more reluctant to buy online, especially from smaller traders.
“Online businesses often assume web developers / agencies take care of security. Design agencies are great at producing beautiful, transactional websites that sells, but their expertise on security issues generally isn’t as developed. Agencies and their clients need to be aware of e-commerce security issues, even a single breach can be devastating for a small business.”
Any business that wants to know whether its website is secure can scan externally for free, using the same technology that detected the issues above at http://webscan.foregenix.com
* https://www.barclaycard.co.uk/business/files/B3038-ADC-Keeping-data-safe-and-secure-booklet-new.pdf

The post New survey shows 78% of eCommerce websites at risk appeared first on IT Security Guru.

IT Pros Don’t Change Their Passwords – Oh, the Irony

The Gurus — Fri, 13 May 2016 09:24:57 +0000

You are probably sick and tired of your IT team banging on about changing your passwords regularly, but there is no one to chase the IT team to change their own privileged passwords (admin, root and such). We assume they follow their own advice but ironically, the majority (55%) of IT professionals make end users change their passwords more often than they change administrative credentials. This is according to a survey of almost 200 IT professionals at RSA Conference 2016 by Lieberman Software.
That figure is not surprising. Without an automated solution to manage all the privileged credentials that exist in large networks, it’s not uncommon for administrative passwords to be rarely updated in many organisations. Admittedly, it’s difficult for IT staff to keep track of all their admin passwords, but this gets even more complicated when you’re expected to know every place where the credentials are used – and what might break when they’re updated. However, because of the sensitive systems that these credentials protect, frequent privileged password changes are essential for good security.
So just how often are privileged credentials changed? Shockingly, never, according to 10% of respondents who were brave enough to admit this. Fortunately, 74% change administrative passwords on at least a monthly basis, which is much better as most regulatory compliance regulations require organisations to change privileged credentials every 30 days minimally.
Although, even a 30 day password update rate may not be frequent enough when you consider that cyber intruders and malicious insiders look for passwords that let them jump from system to system on a network until they find what they want. How much damage can they do in that time before their stolen credentials are invalidated?
Meanwhile, the gold star goes to only 1% of those that change their administrative passwords daily, according to the survey.

The Threats Behind Privileged Passwords

So what exactly are the potential problems that could arise if privileged credentials area not looked after properly? Well, when an employee leaves a job, there’s typically a standard set of practices that are followed; checking in physical keys and equipment, transitioning documents and contacts to other employees, and so on. But 15% of respondents said that if they left their organisation they could still access their admin credentials remotely. This is a huge potential threat as they often know the password secrets that let them log in to systems and applications on the network.
If privileged credentials aren’t continuously changed, thus shutting off former employees’ log ins, odds are these ex-employees can still gain administrative access long after their employment ends. Every company must have a procedure in place for changing all passwords and revoking access as soon as someone leaves the company.
But how secure are the privileged credentials of current employees? As it turns out, 36% of respondents share administrative passwords within their IT groups. Believe it or not, this is a common IT administration practice. IT pros are busy people, balancing their daily administration tasks with unexpected emergency repairs. So, looking to simplify matters, systems administrators often re-use the same password across many systems and share this password with other IT administrators.
Yet, if a hacker or malicious insider gets hold of this shared password, they’ve just gained access to systems around the network. We have to start asking ourselves if the convenience of sharing passwords is really worth it? Or is there a better way to deal with the problem of administrative passwords? And what is the best way to mitigate the risk?
There are three steps that businesses can take to protect themselves from the burden of passwords:

As this survey highlights, we need to train staff, especially staff that has administrative rights, that they won’t have access to the power to do harm all the time without a gate. They will still be able to do everything they did before, but there will be an extra step. They can think of it as scanning their badge before they walk into the server room. Now they will scan their virtual badge before they can walk into a secure library where all the rights are stored. They can check out the power they need, everyone will be able to see who has it checked out, and then it will get checked back in where they’re done. It’s a small change, but it makes a big difference.

When a password is checked out, we would change the security for that password when it gets checked back in or when the checkout expires. However, if that’s the only time we rotate that security that means the bad guys can get in through an email and start collecting rights to use later. But, if a program is in place to aggressively rotate admin rights and credentials all the time, even when they’re not in use, then the bad guys get the rug pulled out from under them.

Now that we have this power to control rights and privileges we should hook it up to our other security systems to make sure everything is working in a healthy, closed loop process. If you have analytics and logging solutions looking at all the security event data to find patterns, then you would surely want to throw in all the data about who has legitimate privilege. That leads to simple correlations – like an action that takes place using a privileged identity that was not currently checked out to any authorised user is suspicious. If you have solutions that are detecting malware and other incidents as they happen, you can automate a privileged response in near real-time with no operational impact.

If businesses automate privileged password management and follow the steps above they will be in a much better position to fight off cybercriminals who attempt to leap over network defences and move around laterally within an organisation’s systems.
For more information on these and other findings (including how many respondents say they’re prepared for a cyber attack) see http://go.liebsoft.com/rsa-conference-2016-survey.

The post IT Pros Don’t Change Their Passwords – Oh, the Irony appeared first on IT Security Guru.

Blockchain and Risk

The Gurus — Fri, 15 Apr 2016 11:06:54 +0000

A blockchain is a data structure, originally used by bitcoin, that maintains a growing list of transaction records in a way that is extremely resistant to tampering. This technology is seen by many as the basis for creating distributed ledgers for a wide range of applications. But what are the risks associated with the use of this technology?
Distributed ledgers offer a range of potential benefits to both private sector organizations as well as government and public services. They can be widely distributed and yet at the same time precisely controlled. They reduce costs by automating the processes involved in verifying and rapidly publishing authorized changes. They are structured in a way that makes it extremely difficult to change or tamper with existing authorized content. They can be the basis for new kinds of applications like smart contracts.
The benefits of distributed ledgers based on blockchain are that they provide assurance against three kinds of risks. These are illustrated in the figure below:

Figure 1: Kinds of Assurance from Distributed Ledgers.
However, every new technology is claimed to offer unparalleled benefits, many of which do not materialise in practice. Equally organizations that fail to exploit the new technologies may find to their cost that they have lost market. The constant challenge is to identify and quantify the real potential benefits and balance these against a realistic view of the potential risks.
A report from KuppingerCole, that is shortly to be published, identifies some of the potential risks that need to be considered by any organization considering the use of blockchain platforms. The mentioned report identifies 19 different risks and classifies these according to their likelihood and potential impact. These risks are categorized as being:

Critical risks – with a high likelihood and a very high impact that have the potential to disrupt transaction processing or damage integrity.
Important Risks – with a very high impact but a lower likelihood that could damage the business using the system.
Risks needing consideration – some of these, like the long term durability of the cryptographic algorithms used, may not crystalize in the short term but could pose longer term problems.

The following figure illustrates an example of each of these risks.

Figure 2: Examples of Risks
Blockchain based distributed ledgers are generating much hype and it is very difficult to recognize the real value and the real risks from emerging technologies. KuppingerCole recommends that organizations should put in place an action plan to:

Identify the opportunities for the exploitation of blockchain technology.
Quantify the expected benefits and potential risks from these.
Choose an appropriate delivery architecture and platform.
Recommend the actions needed to manage the risks identified based on the detailed recommendations in this document

KuppingerCole has already published research into this subject:

To find out more on this subject attend the Blockchain Seminar in Munich on May 9^th: Moving Beyond the Hype: EIC 2016 Blockchain Seminar – ID Conferences

Mike Small has been Senior Analyst at KuppingerCole since more than 4 years and mainly focusses on security and risk management in the Cloud. He is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. Mike Small has a first class honors degree in engineering from Brunel University. Until 2009, he worked for CA (now CA Technologies Inc.) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line. At KuppingerCole he covers the topics Cloud Provider Selection and Assurance, Information Security Program Maturity Assessments, Information Stewardship as well as Big Data.

The post Blockchain and Risk appeared first on IT Security Guru.

Bitcoin startup Coinkite closes wallet service due to “BS” of DDoS attacks, dealing with lawyers

The Gurus — Tue, 29 Mar 2016 12:48:01 +0000

It would appear that much of Coinkite’s decision to get out of the online Bitcoin wallet business was due to the company constantly dealing with harassment, with a blog post announcing the move describing that they had been under constant Distributed Denial of Service (DDoS) attacks over the last three years, and that they had also had to deal with Government agencies and attempted intrusions into client privacy.

In an interview with Coindesk, Chief Executive Officer Rodolfo Novak said that the company wanted to move away from software as their meager resources were being drained by the “amount of bullshit” involved with running the service.

“We want to write software, not deal with lawyers and DDoSing…One of the main issues with SaaS is all the free users and need support and we want to provide good support. All these things have costs,” Novak noted.

Original Source: Silicon Angle

View the full story here

The post Bitcoin startup Coinkite closes wallet service due to “BS” of DDoS attacks, dealing with lawyers appeared first on IT Security Guru.

Clark County water district hit with cyber attack

The Gurus — Tue, 08 Mar 2016 10:53:35 +0000

The Clark County Water Reclamation District has been hit with a cyber-attack but officials say operations haven’t been disrupted and no customer or employee information was hacked.
The agency said in a statement Monday that its computer system was attacked late Friday night.
Computers were shut down as a precaution but operations at all seven treatment facilities and customer service centers were not affected.
Authorities are investigating and law enforcement has been notified.

Original Source: KOLO
View the full story here

The post Clark County water district hit with cyber attack appeared first on IT Security Guru.

Security Professionals Sick of Stupid Users, Bromium Finds

The Gurus — Tue, 08 Mar 2016 10:36:05 +0000

Bromium, the micro-virtualisation specialists from California, have just released the results of a survey conducted at RSA 2016 with some surprising results. Users take note!
Asking 100 security professionals whether users were causing them the most headaches in their work, 70% of respondents replied “yes” – a pretty conclusive answer. What’s more Bromium have completed similar surveys in previous year which have delivered the same answer, showing that something really must be done in this area.
The threat of data breaches being caused by employee error or lack of awareness has evidently not abated, despite the security sector experiencing fantastic growth in recent years and a renewed emphasis on security in the business world.
Bromium’s suvey also found that security pros still see endpoint risk as the biggest security risk – 49% of respondents said this, following on from another Bromium survey that found endpoint security risks were perceived as 5 times greater than network or cloud risk.
So why is this the case? Well endpoints are often cited as vulnerable for a few reasons – because they’re often not up to date patch-wise, so many devices connect to corporate networks with the dawn of BYOD and companies can’t control what their employees are doing on their smartphones. This list is hardly exhaustive, as there are so many reasons endpoints can become compromised.
When it comes to patching, the survey also revealed what some in the security industry would consider a gaping hole in defences – that more than a quarter of respondents took more than a month to patch zero-days. Bromium found the same at Black Hat – however there’s hope on the horizon as 50% of respondents said patches for zero-days were implemented in the first week.
To see what else Bromium found at RSA, the full results are available here: http://blogs.bromium.com/2016/03/04/rsa-conference-2016-state-of-security-survey/

The post Security Professionals Sick of Stupid Users, Bromium Finds appeared first on IT Security Guru.