|
||
1) Russia's
Fancy Bear APT Group Gets More Dangerous – Fancy
Bear, the Russian advanced persistent threat group associated with the
infamous intrusion at the Democratic National Committee last year among
numerous other break-ins, may have become just a little bit more dangerous. Encryption and code refreshes to group's
main attack tool have made it stealthier and harder to stop, ESET says. The fourth and latest version of
the malware comes with new techniques for obfuscating strings and all
run-time type information. The techniques, according to ESET, have significantly
improved the malware's encryption abilities. The Fancy Bear/Sednit group also
has upgraded some of the code used for command and control (C&C) purposes
and added a new domain generation algorithm (DGA) feature for quickly
creating fallback C&C domains.
2) Cybersecurity:
A priority area for the Indian Government - India’s
rapid transition towards digital economy coupled with national projects like
Digital India, Smart Cities, National Broadband Network and so on are
altering the digital landscape rapidly with direct impact on governance,
transparency, and accountability. With
the drive towards a digital economy, a large amount of consumer and citizen
data will be stored digitally, and many transactions will be carried out
online, by individuals, companies, as well as government departments. This
rapid change towards a digital environment has brought to fore the challenges
of certain security risks and concerns, particularly to human and nation’s
cybersecurity.
3) Comprehensive
Endpoint Protection Requires the Right Cyber Threat Intelligence
- A recent report from Grand View Research predicts that the cyber threat
intelligence (CTI) market will reach $12.6 billion by 2025. This growth in
demand isn't surprising when you consider the ongoing success of so many
high-profile and extremely damaging attacks. This climate of increasingly
sophisticated breaches has moved many organizations — particularly, those
that handle and retain sensitive data — to upgrade their cybersecurity
measures by adding CTI and incident forensics. CTI falls into three main categories -- tactical, operational, and
strategic -- and answers questions related to the "who, what, and
why" of a cyber-attack.
4) Fileless
Malware Attacks Hit Milestone in 2017 -
Fileless malware attacks using PowerShell or Windows Management
Instrumentation (WMI) tools accounted for 52% of all attacks this year,
beating out malware-based attacks for the first time, according to Carbon
Black's 2017 Threat Report. Non-malware
attacks account for the majority of all attacks this year, and ransomware
grows to a $5 billion industry, new data shows. Kryptik, Strictor, Nemucod, Emotet, and Skeeyah were the five top
malware families this year, according to the report. And the top three industries hit this year by
malware authors included finance, healthcare, and retail.
5) Google
Sheds Light on Data Encryption Practices - Google
explains the details of how it secures information in the cloud and encrypts
data in transit. Following a year of major cyberattacks and security threats,
Google has published two whitepapers to explain how it secures data. One
focuses on encryption of data in transit; the other on service-to-service
communication using Application Layer Transport Security (ALTS).
6) What's
next for cybersecurity in 2018? - We live in a world that is networked
together, where companies rely on networked systems and their data is stored
in the cloud. The year 2018 will bring
more connectivity, digital transformation initiatives, and data to companies,
along with a number of new cybersecurity threats and landscape changes
making cybersecurity one of the most crucial issues that need to be addressed
in the present scenario.
7) CROOKS
SWITCH FROM RANSOMWARE TO CRYPTOCURRENCY MINING
- Criminals behind the VenusLocker ransomware have switched to cryptocurrency
mining in their latest campaign targeting computer users in South Korea.
Instead of attempting to infect targeted computers with ransomware, the group is now trying to install
malware on PCs that mines for Monero, an open-source cryptocurrency.
Researchers said the shift by threat actors is also spurred by
anti-ransomware mitigation efforts that have made infecting systems with
malware harder.
8) Digital
Transformation Emboldens Cyber Adversaries—Can Cybersecurity Keep Up? - Businesses are accelerating their
digital transformation, seeking to leverage their online presence to enrich
products, deepen customer relationships, and boost their brand ecosystems.
However, with this rapid growth comes difficulty. As organizations expand
into digital channels, their digital footprint, i.e., all their
external-facing assets including websites, email servers, social landing
pages, and pages created outside proper protocol, also expands to potentially
unmanageable proportions.
9) The
Internet of Things Is Going to Change Everything About Cybersecurity
- Cybersecurity can cause organizational migraines. In 2016, breaches cost
businesses nearly $4 billion and exposed an average of 24,000 records per
incident. In 2017, the number of breaches is anticipated to rise by 36%. The
constant drumbeat of threats and attacks is becoming so mainstream that
businesses are expected to invest more than $93 billion in cyber defenses by
2018. Even Congress is acting more quickly to pass laws that will — hopefully
— improve the situation. Despite
increased spending and innovation in the cybersecurity market, there is every
indication that the situation will only worsen. The number of unmanaged
devices being introduced onto networks daily is increasing by orders of
magnitude, with Gartner predicting there will be 20 billion in use by 2020.
10) How
AI is the Future of Cybersecurity - The frightening truth about
increasingly common cyber-attacks is that most businesses and the
cybersecurity industry itself is not prepared. Beyond the lack of
preparedness on the business level, the
cybersecurity workforce itself is also having an incredibly hard time keeping
up with demand. By 2021, there are estimated to be an astounding 3.5
million unfilled cybersecurity positions worldwide.
|
||
|
Weekly blog that sums up the interesting Cyber Security developments of the past week.
Tuesday, December 26, 2017
iNews - Around The World This Week
Thursday, December 21, 2017
Right to Privacy:
Right to Privacy: Why This Is a Big Win for People and Security of Their Personal Data
“You can’t have privacy without security” Larry Page, Google’s CEO, famously said at a TED Conference, a few years ago.
Today, closer home, that rings true.
A few months ago when Right to Privacy found its way into the Indian Constitution, it marked a great first step towards recognizing the increasing—and often neglected—need to strengthen security to protect data and privacy.
Never before has there been a clarion call to create a robust regime for data protection. That’s something the Supreme Court has demanded of Indian organizations and the government. I think that’s quite significant.
That presents a remarkable opportunity for Indian organizations to step up their security efforts, and at the same time, build a culture that upholds the need to protect customer data.
It evidently means here’s a chance for Indian companies to create a solid framework and a strong cybersecurity policy that ensures data protection. That, in itself, is a big win for the privacy of personal data.
Much to Gain
In the age of social media and e-commerce, as data increasingly becomes a commodity, protecting this data also becomes an imperative.
Simply put, the more important data becomes, the more important are the tools to protect data.
And when customers are confident that their data is in safe hands, they are more than willing to part with it. For businesses, this is an indicator of customer trust, which boosts customer retention and new customer acquisition, leading to increased revenue.
Recently, Nasscom’s President R. Chandrashekhar said that the Supreme Court ruling significantly boosts India’s attractiveness as a safe destination for global sourcing which according to him is “another win”. As a growing digital economy, that’s great news for Indian businesses who can take advantage of increased customer confidence.
Outside Indian shores, the European Union’s General Data Protection Regulation (GDPR) requires all businesses—across the world--collecting data of EU citizens to become fully accountable for protecting any data categorized as ‘personal.’ With the Right to Privacy ruling, Indian businesses that cater to the European market will feel a step closer to ensuring they comply with GDPR.
Protecting Customer Privacy
In order to preserve the essence of privacy, Indian organizations need to provide an increased sense of visibility and control over confidential customer data.
To do so, they need to first recognize and assess the hands that hold customer data: Your employees.
That means there needs to be an increased focus on the people who create, touch and move customer data. One way to do that is to turn to Behavioral Analytics. It helps organizations monitor how their employees are handling customer data and detect suspicious behaviour.
That’s even more pertinent now that customer data has become the lifeline of most organizations. Industries like telecom, financial and healthcare services, e-commerce firms and government agencies that collect a large amount of sensitive personal data will have to re-evaluate their data strategy.
They will have to provision for new norms that vow to protect customer data and privacy, first and foremost. The Right to Privacy ruling has opened new doors for businesses by providing an opportunity to strengthen security to protect privacy, and thereby gain customer confidence.
Source: https://tinyurl.com/y9bpsqlf
Monday, December 18, 2017
iNews - Around The World This Week
1)
TRITON
Malware Targeting Critical Infrastructure Could Cause Physical Damage
– Security researchers have uncovered another nasty piece of malware designed
specifically to target industrial control systems (ICS) with a potential to
cause health and life-threatening accidents. Dubbed Triton, also known as Trisis,
the ICS malware has been designed to target Triconex Safety Instrumented
System (SIS) controllers —an autonomous control system that independently
monitors the performance of critical systems and takes immediate actions
automatically, if a dangerous state is detected. According to separate
research conducted by ICS cybersecurity firm Dragos, which calls this malware
"TRISIS," the attack was launched against an industrial
organization in the Middle East.
2)
Newly Uncovered
'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks
- Security researchers have uncovered a previously undetected group of
Russian-speaking hackers that has silently been targeting Banks, financial
institutions, and legal firms, primarily in the United States, UK, and
Russia. In the past 18 months, the hacking group is believed to have
conducted more than 20 attacks against various financial organizations—stolen
more than $11 Million and sensitive documents that could be used for next
attacks. Since its first successful attack in May last year, MoneyTaker
has targeted banks in California, Illinois, Utah, Oklahoma, Colorado, South
Carolina, Missouri, North Carolina, Virginia and Florida, primarily targeting
small community banks with limited cyber defenses.
3)
Security
Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL - A
team of security researchers has discovered a critical implementation flaw in
major mobile banking applications that left banking credentials of millions
of users vulnerable to hackers. The affected banking apps include HSBC,
NatWest, Co-op, Santander, and Allied Irish bank, which have now been updated
after researchers reported them of the issue. SSL pinning is a security
feature that prevents man-in-the-middle (MITM) attacks by enabling an
additional layer of trust between the listed hosts and devices. When
implemented, SSL pinning helps to neutralize network-based attacks wherein
attackers could attempt to use valid certificates issued by rogue
certification authorities.
4)
Here's
where 'Smart Hospitals' will make big tech investments in the near future
- Building on top of today’s digital infrastructure, Smart Hospitals will
focus on patient experience, outcomes, the Triple Aim and they’ll make
expensive acquisitions between now and 2025. Smart hospitals optimize,
redesign, or build new clinical processes, management systems and potentially
infrastructure, enabled by underlying digitized networking of interconnected
assets, to provide a valuable service or insight, which was not possible or
available earlier, to achieve better patient care, experience, and
operational efficiency. Digital transformation is happening in almost
every industry and healthcare is no exception. Analyst house IDC earlier
this year pegged the global DX market at escalating as high as $20 trillion
in the coming years.
5)
The
next big thing in pharmacy supply chain: Blockchain - With $200
billion lost to counterfeit drugs annually and patient safety issues, a
chain-of-custody log that blockchain could enable holds promise. Blockchain
has the potential to transform healthcare in general and the pharmacy supply
chain in particular. The distributed ledger technology could offer
legislative, logistical and patient safety benefits for pharmaceutical supply
chain management. From a regulatory perspective in the United States,
blockchain technological and structural capabilities, in fact,
extraordinarily map to the key requirements of the Drug Supply Chain Security
Act.
6)
Healthcare
Faces Poor Cybersecurity Prognosis - The healthcare industry is
underestimating security threats as attackers continue to seek data and
monetary gain. Threat actors rarely attack with the intent of causing
physical harm, most are looking for financial gain. eSentire reports
patient records are worth between $0.05 and $2.42 USD each. Attackers can
sell them on the Dark Web, use them for tax fraud or blackmail, or for
conducting spear phishing campaigns. Opportunistic attacks are common because
of the amount of vulnerable devices.
7)
As
India Surveys Bitcoin Exchanges, West Toughens Its Regulations - Once
voiced by a cryptocurrency enthusiast, “Bitcoin will do to banks what
email did to the postal industry” has now been raised by Israel’s Prime
Minister Benjamin Netanyahu while speaking of cryptocurrencies, exchanges and
cryptocurrency regulations. “Is the fate of banks that they will eventually
disappear? Yes. The answer is Yes. Does it need to happen tomorrow? And do we
need to do it through Bitcoin? That’s a question mark!” stated the PM.
8)
Kaspersky
Lab Detects 360,000 new Malicious Files Daily - The number of daily
detected malicious files reflects the average activity of cybercriminals
involved in the creation and distribution of malware. The number of daily
detected malicious files reflects the average activity of cybercriminals
involved in the creation and distribution of malware. This figure was
calculated for the first time in 2011 and totaled 70,000 at that time. Since
then it has grown five-fold, and as the 2017 data shows, it is still
increasing. Most of the files identified as dangerous fall into the
malware category (78 percent). However, viruses – whose prevalence
significantly dropped 5-7 years ago, due to their complex development and low
efficiency - still constitute 14 percent of daily detections.
9)
USB
Encryption and Security Falls Well Short - A recent survey from
Apricorn of more than 400 IT professionals from industries including education,
finance, government, healthcare, legal, manufacturing, retail and
manufacturing, reveals that most employees use USB drives, but that companies
are leaving themselves open to data breaches and leaks by not effectively
monitoring these devices and the data that gets written to them. However,
eight out of 10 employees use non-encrypted USB drives such as those received
free at conferences, tradeshow events or business meetings, which could be
easily lost or stolen and fall into the wrong hands, or introduce malware
into a company’s host system.
10)
We
need to talk about mathematical backdoors in encryption algorithms -
Governments and intelligence agencies strive to control and bypass or
circumvent cryptographic protection of data and communications. Backdooring
encryption algorithms is considered as the best way to enforce cryptographic
control. Security researchers regularly set out to find implementation
problems in cryptographic algorithms, but not enough effort is going towards
the search for mathematical backdoors, two cryptography professors have
argued.
|
Credits - Nagesh of Ivalue.
Subscribe to:
Posts (Atom)