Why Ethical Hackers have an essential part to play in protecting enterprise data from cybersecurity threats

The beginning of October sees the start of Cyber Security Awareness Month, a collaborative effort between governments and industry to raise awareness about the importance of staying safe online. Part of this conversation inevitably revolves around cybersecurity threats. Highlighting the simple steps that can be taken to protect data, whether personal, financial and/or professional is the key to changing behavior and any bad habits that organizations, and people within them, have.

One of the ways companies scan help mitigate the likelihood of a successful malicious attack is to employ the skills of an ethical hacker. Although this term may seem somewhat paradoxical, ethical hackers are actually the ‘good guys’, working against our traditional idea of a hacker to discover risks and vulnerabilities in an enterprises network, before they are compromised by someone looking to exploit them. It is important to note that by definition, what makes this type of hacking ethical is that it is done with express permission from the target. The reason why ethical hackers are so good at this is because they think as a hacker would, in order to find loopholes and weak points that others probably wouldn’t. If and when a vulnerability is found, an ethical hacker will document the issues and offer advice on how to fix the problems.

In today’s dynamic online world, the value of data is enormous. As such, those entities that store vast amounts of data are vulnerable to becoming targets of people looking to acquire this valuable resource. Nobody, including a single employee, an organization, or even countries, are immune from crimes relating to the procurement of data, including becoming victims of identity theft and banking fraud. With more and more companies entering the e-commerce ecosystem and adopting new technologies like cloud computing, the threat from imminent security breaches is clearly demanding the need for efficient information security systems.

What’s more, for a company, the reputational damage that results from a data breach is often highly damaging for the trust between themselves and their customers, as well as any future prospects. The elevated threat landscape, therefore, urgently dictates the need for a comprehensive, real-world assessment of an organization’s security practices.

Our very own Cybersecurity expert, and a formal ethical hacker, Jason Hart explains more information on the aspects of ethical hacking in this video.

Ethical hackers can help a company understand where its most valuable data is stored and exactly how it can be best protected and can work with the enterprise to reduce their overall security risk – evaluating a company’s overall security posture. For example, the business will need to think carefully about what areas of data are most important for it to protect, financial data, personal data, client data, and so on. Which area would cause them the most pain in the event of a hack? By knowing and fully understanding this, it can then effectively work with an ethical hacker to allocate its budget and resources and make sure the most important area is the best protected.

Taking a proactive approach to security can help organizations better protect their data and in the long term save them money. To be clear, hiring an ethical hacker will not make a company’s defense system 100% secure, however, once the ethical hacker has completed their report the company’s network should be able to withstand automated attacks and unskilled hackers. Although the use of an ethical hacker may not be something a company wants to willing tell its customers it is using, to garner their client’s trust on a more public level, businesses can also prove they are compliant with regulations, including PCI for credit cards and GDPR, for example. Overall, when used in combination with other good security measures, such as multi factor authentication, access control, and data encryption, the skills of an ethical hacker can mean enterprise’s defense systems are in a much better place going forward than prior to their arrival.

As part of Cybersecurity Awareness Month Thales have published a new report entitled The Who’s Who of Hackers, which contains rigorous profile analysis of 66 groups of attackers with global importance today. If you would like more information you can download the report at the following link https://thalesgroup-myfeed.com/THECYBERTHREATHANDBOOK 

The post Why Ethical Hackers have an essential part to play in protecting enterprise data from cybersecurity threats appeared first on Cybersecurity Insiders.

November 29, 2019 at 09:08PM

Read More

The evolution of smart cities: what provisions are vital for their success?

Cities are undergoing a wave of digital transformation. With rapid population growth and urbanization transforming the way we live, improving or even maintaining our current quality of life relies upon using resources more efficiently. To put this point into perspective, it is estimated that by 2050, 66 percent of the global population will live in cities – an additional 2.5 billion people on the current number. Despite this significant change, keeping people and the environment healthy in order to provide sustainable jobs and attractive living spaces should be an objective for every government. After all, a flourishing population is what makes a city tick. The real test for smart cities, therefore, is whether citizens can feel benefits as a direct result of them. We are lucky that we now have the technology to diminish many of the shortcomings of urbanization as this blog will also explore.

Smart cities work by utilizing IoT sensors, actuators, and technology to connect components across the city. This connects every layer of a city, from the air to the street to the Underground. In this way, cloud based IoT applications receive, analyze and manage data in real-time to help municipalities, enterprises, and citizens make better decisions that can, in turn, work towards making our lives that bit easier. Importantly, smart cities also benefit the environment. Pairing devices and data with a city’s physical infrastructure and services can cut costs and improve sustainability with both water and energy usage, which in turn reduces CO2 emissions.

In 2019 the very first edition of the IMD Smart City Index ranked 102 cities worldwide, based on how citizens perceive the scope and impact of efforts to make their cities ‘smart’. The highest ranked city according to the results is Singapore, with northern Europe also doing particularly well, having six cities ranked as part of the top ten.

In Singapore, smart traffic cameras already restrict traffic depending on the level of volume, in order to ease the commute of thousands of passengers every day. What’s more, as fewer transactions are made using cash, and instead use mobile wallet payments for travel, the country is putting in place measures that can understand how many people are paying for tickets at certain times of the day, or up-and-coming areas that might benefit from increased levels of housing.

In Copenhagen, which ranked fifth overall, its smart city projects have used wireless data from phones merged with GPS signals to meet green initiatives city-wide. Using data about how people across the city moved, the city was able to better optimize its flow of traffic. In the end, a 10 percent reduction of travel time for residents was achieved, as well as huge economic benefit from the energy saved.

One thing that is very apparent in making a smart city work, is that all the integrated technology needs to be embraced by the people of the city, which means that building the next generation of smart cities is going to take a massive amount of cooperation between businesses, governments and citizens.

For governments and councils, it not simply a case of juggling city resources – they need to be encouraging a lifestyle change in people that supports a smart city. Antwerp, for example, is putting its people at the center of innovation. The city is bringing citizens together with user groups, hardware developers and app developers, in order to accelerate the implementation of the Internet of Things, establishing a smart and participative city.

There are also a number of questions around ethics involved in the implementation of smart cities and managing the data they collect. We’ve already seen the banning of certain software in many cities due to the lack of transparency surrounding data rights. It is therefore absolutely essential that all ecosystem partners – governments, enterprises, software providers, device manufacturers, energy providers, and network service providers – do their part and integrate solutions that abide by core security objectives:

Availability: Without actionable, real-time, and reliable access to data, the smart city can’t thrive. How data is collected, distilled and shared is critical, and security solutions must avoid negative effects on availability.

Integrity: Smart cities depend on reliable and accurate data. Measures must be taken to ensure that data is accurate and free from manipulation by a malicious actor.

Confidentiality: Some of the data collected, stored and analyzed will include sensitive details about consumers themselves. Steps must be taken to create strong authentication methods to prevent unauthorized disclosure of sensitive information.

Accountability: Users of a system must be responsible for their actions. Their interactions with sensitive systems should be logged and associated with a specific user. These logs should be difficult to forge and have strong encrypted protections.

Thankfully, as a result of growing digital security concerns, legislation is being introduced to address threats and potential market failure. The creation of legislation like the IoT Cybersecurity Improvement Act in the U.S, for example, will help to establish minimum security requirements for connected devices.

With the smart city industry projected to be a $400 billion market by 2020, and with 600 cities around the globe expected to generate 60% of the world’s GDP by 2025, the deployment of 5G technology will be a turning point to propel smart city technology into the mainstream and accelerate innovations in this sphere. While there’s no one-size-fits-all when it comes to putting the most appropriate infrastructure in place to facilitate the creation of a smart city, there are many Low Power Wide Area Network (LPWAN) options that are already available that a city can select from such as, LTE Cat M, NB-IoT, LoRa, Bluetooth.

One only needs to look at the most recent example of the city of Hull in the UK, which recently developed its own operating system to centralize all the IoT elements, to understand how a cohesive smart city strategy could be put into practice across the world. Learning from other cities who have trialed smart city technology, listening to communities, and ensuring smart city data is properly secured is the key to consumer trust in this revolution and the expansion of more smart cities in the future.

The post The evolution of smart cities: what provisions are vital for their success? appeared first on Cybersecurity Insiders.

November 29, 2019 at 09:08PM

Read More

Twitter allows 2-factor authentication without a Phone Number

After witnessing a Sim Swapping saga with CEO Jack Dorsey, Twitter has made it official that from now on its users can enable two-factor authentication without the need for a phone number.

Kayvon Beykpour, a product lead on Twitter has confirmed the news and said that the new security feature will enable the users to secure their account without the need to give a phone number and inbound SMS. He added that the micro-blogging website took these measures after twitter hackers managed to hijack the phone number of Dorsey in Twitter hack 2019 with SIM Swapping or SIM Jacking feature where a mobile phone number is cloned to a new SIM Card.

Technically speaking, Two Factor authentication adds an extra security layer to user accounts as they have to input a 4-6 digit number to gain authentication for valid login.

Now comes the big question- how to activate the 2FA without the need for a phone number- Just visit the Account section on the website Twitter.com and then select the Account tabs section and click on security. Next go to the 2-Factor authentication where you will see 3 different options such as Text Message, Authentication App and Security Key. There the user can select the ‘Authentication App’ after which a QR code will be generated to create your 2FA code. After the QR code gets scanned, enter the 6-digit number displayed on the app and that’s will secure your twitter account without the need of a phone number and 2FA.

The post Twitter allows 2-factor authentication without a Phone Number appeared first on Cybersecurity Insiders.

November 29, 2019 at 08:55PM

Read More

How to keep your Microsoft Windows 10 PC safe from Ransomware Attacks

Microsoft has recently published a list of measures to be taken by customers to block ransomware attacks on their respective Windows 10 computers. And there are as follows-

1.     The first and foremost thing is to keep your Windows 10 Operating System and anti-virus up to date and better upgrade your PC to a Windows 10 Operating system. All Windows 7 Operating system users should keep in mind that their operating system will loose the regular security upgrades provide by Microsoft from January 2020. And that’s because the technology giant has made it official that it is going to stop offering upgrades to Win 7 systems from this year-end.

2.     Better back up files to an external hard drive or a cloud-based storage platform like One Drive or Google Drive.

3.     Just enable the file history feature or the system protection feature on your Win 10 device. Or else better set up a drive for file history.

4.     Using OneDrive for consumers or business makes sense in such situations.

5.     Never click on malicious links displayed on websites, spam messages or emails as they could dump you into phishing troubles

6.     Always use Microsoft Edge Browse which is being offered with SmartScreen Protection as prevents users from falling prey to websites which host exploits, and helps them stay safe from socially engineered attacks such as malware and phishing downloads.

7.     Better disable the loading of Macros in MS Office software

8.     If possible keep the Remote Desktop feature disabled

9.     Using 2FA makes complete sense

10. And using a web connection which is password protected makes complete sense

11. Stay away from websites that distribute illegal downloads, A-rated content, etc…
 

The post How to keep your Microsoft Windows 10 PC safe from Ransomware Attacks appeared first on Cybersecurity Insiders.

November 29, 2019 at 11:42AM

Read More

France to launch cyberattacks on hackers in retaliation

France law enforcement authorities are planning to hit out at the cyber assailants who have targeted Rouen Hospital with ransomware on November 15th of this year.

“As the hackers are still active in targeting more agencies in France, we are planning to digitally target them in retaliation”, said Guillaume Poupard, the head of National Cyber Security Agency, France (ANSSI).

Speaking at a conference in Paris, Mr. Poupard said that the new French law allows the government to neutralize the attackers and so we are planning to hit the target by this month-end.

Going deep into the details, mid this month, a large scale cyber attack took place at Rouen Hospital on November 15th this year. The impact was severe where 90% of IT services were severely affected.

However, a press statement released by the hospital authorities early this week says that 90% of the services were now operational, as most of the systems have been recovered from the malware attack.

Remi Heym, the director of Communications, Rouen said that his firm will from now on take all appropriate measures to prevent future cyber attacks.

Note- Law enforcement agencies in the United States have got an executive order this year from President Donald Trump that they can launch cyberattacks on hackers in retaliation if and when proven guilty.

Probably the same will be followed by the France government in this regard as the French President Emmanuel Macron also stated the same at a National Conference in August this year.

The post France to launch cyberattacks on hackers in retaliation appeared first on Cybersecurity Insiders.

November 29, 2019 at 11:37AM

Read More

Zero Trust by Design: Information Security in the era of The Cloud

In a previous blog, we explored how businesses are increasingly moving towards a Zero Trust mindset when adopting cybersecurity practices. The very essence of Zero Trust, as the term implies, is to assume the stance of distrust towards any user or device that tries to enter the corporate environment – it follows the mantra of “never trust, always verify”.

While Zero Trust is an important principle, it’s just a mindset shift that reflects the acknowledgement of new threat vectors arising from an increasingly stretched corporate environment. Mindset changes like this need to be accompanied by a pragmatic approach to security implementation, which is where Security By Design comes in.

Security By Design

Making sure that software and hardware systems are secure from the ground up – from the genesis of design to deployment – has never been more important in our connected world. With the explosion in the volume of workplace devices and cloud environment systems, going to the source or root of each component, whether that be hardware, software or data, is increasingly critical. With these systems needing to move, store and provide access to sensitive data, they are prime targets for a cyber-attack – making a branch and root approach to cybersecurity all the more important.

Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through measures such as continuous testing, authentication safeguards and adherence to best programming practices. Building security into products from the start of their development addresses the all-too-common tendency for security to be an afterthought, with designers patching security holes as and when they are found.

Without ensuring every aspect of a system has the highest level of security from the point it is created, there is a higher risk that the device or system can be hacked. It is therefore essential that manufactures or engineers are building secure products to create a strong bond of trust between developers and users. If it becomes apparent that the software or hardware of a device has been compromised by a malicious attack, this bond of trust is broken, turning consumers away from advances in technology, such as products that use cloud applications, and hindering further innovation.

To be truly secure, sensitive source code and data must also rely on a hardware root of trust like a Hardware Security Module (HSM) to ensure that it is encrypted, that any sensitive data remains confidential, and that its integrity can be guaranteed. This frame of mind, combining secure hardware with a ground-up approach to processes, is essential for good quality cybersecurity practices.

Zero Trust by Design

Over the last few years, we’ve seen enterprises increasingly shift their workload to the cloud, propelled by the use of applications like Salesforce, Box and Office 365. This has accordingly required a change in attitudes to information and cybersecurity to keep up with this evolving workplace.

The security threats that accompany the evolution of the cloud pose a daunting prospect for IT departments, as the rise in the number of cloud environments involves an expanding number of untrusted endpoints. Indeed, 49% of business believe cloud applications are the biggest targets for cyberattacks.

One of the ways to address these threats is to apply the principle of Zero Trust to the foundational concept of Security by Design. Accordingly, this makes sure security is rooted in every product and service by design and that a company does not trust anyone by default, even those already inside the network perimeter.

Since the technical maturity of organizations varies significantly, it’s challenging to define a standard approach to Zero Trust By Design. Ultimately, each company needs to make a self-assessment of its capabilities and the spread of its sensitive data to determine which methods and tools are the most appropriate to protect cloud and web-based apps, while ensuring these security measures provide are as frictionless as possible.

In some cases, it may be appropriate to implement a tightly regulated internal infrastructure, where even the web browser is limited to a single brand and hardware-based tokens, which use private firmware would ensure security is almost impenetrable. Yet, for other companies, this sort of tightly regulated IT infrastructure could cause friction for users.

Achieving this balance, between a high security environment and user convenience, is the constant compromise that CIOs and CISOs need to strike. In order to do this, businesses require flexible security solutions that are resilient and built for a multi and hybrid-cloud environment. By effectively walking this tightrope, organisations can achieve a Zero Trust By Design information security approach that satisfies both cyber diligence and user experience requirements.

To learn more about how Thales’ IDaaS solutions enable secure, convenient access to numerous cloud applications, or for help on how to choose the right option for your organization’s cybersecurity and make your CISO’s life easier, visit our website https://safenet.gemalto.com/cloud-data-security/.

In addition, for an even more in-depth review, you can also take a look at the whitepaper by Identity Defined Security Alliance on role of identity for implementing Zero Trust.

The post Zero Trust by Design: Information Security in the era of The Cloud appeared first on Cybersecurity Insiders.

November 28, 2019 at 09:09PM

Read More

Face/Off: Security challenges in the age of facial recognition

Facial recognition is rightfully held up as an accurate and secure method of safeguarding devices and ensuring more accurate identity proofing. It is, in essence, the new science of identity. But while facial recognition technology complements the need for ‘traditional’ security measures, such as username/password combinations and security checkpoints, it faces its own unique set of security challenges. The face switch scenario imagined in the John Travolta and Nicolas Cage classic movie Face/Off might seem a little far-fetched but concerns about attackers ‘stealing’ people’s faces have actually been realized in the past. We delve into some of the security challenges facing the technology below – as well as how it’s evolving to counter these threats.

Trading places

With earlier iterations of facial recognition, criminals were able to trick the cameras using photographs, video clips and even 3D masks. The aforementioned Face/Off envisioned a near-perfect face switch scenario that even allowed Travolta, pretending to be Cage’s character, to convince his loved ones of his authenticity. At the genesis of facial recognition, this scenario would have easily spoofed the early technology’s basic algorithms.

These days, the technology powering facial recognition has come on leaps and bounds. Using biometrics, facial recognition data identifies and verifies a person using a set of recognizable and verifiable data unique and specific to that person. Unlike traditional forms of ID – like passports or driving licenses – it’s very difficult to replicate a set of subtle and unique biometric identifiers like spacing of the eyes, the bridge of the nose, contour of the lips etc.

Then there’s liveness detection, which will look for indicators of a non-live image such as inconsistent features between foreground and background. They may ask the user to blink or move. They are needed to defeat criminals who try to cheat facial recognition systems by using photographs or masks.

The sleeping threat

One of the recurring concerns that followed on the heels of the adoption of Face ID by most major smartphone manufacturers was the ability to unlock someone’s phone by pointing it at their sleeping face. Others feared that people could essentially also be coerced into unlocking their phones by being forced into an authentication while the device was being held to their face.

This, clearly, could be a significant security flaw. However, most phone makers have anticipated this issue – in the case of the iPhone, it will only unlock if the users’ eyes are open which helps address the concern about being hacked while sleeping. As the technology enjoys incremental advances, it is constantly developing new ways to resist biometric fraud. Liveness detection again can check on blinking and face motion.

Another way to prevent a forced authentication is by using facial recognition as an element of the identification process. In low-risk scenarios, for example, facial recognition alone might be suitable. But where the risk is high, the system might demand multi-factor authentication such as password and fingerprint. For example, you might want to lock certain apps on your phone for an extra degree of security.

Security for any season

Fundamentally, it’s this versatility and convenience that makes facial recognition so key for a variety of use cases. The face is the most flexible biometric authentication tool as it can be put to use in a variety of settings and without sensors. As the technology continues to gallop ahead, it’s this combination of supreme security and flexibility that’s helping to drive widespread adoption of facial recognition tech – and ultimately helping to prevent the sort of criminal activity posited by films like Face/Off.

If you would like more information about our facial recognition technology you can visit our webpage to discover more.

The post Face/Off: Security challenges in the age of facial recognition appeared first on Cybersecurity Insiders.

November 28, 2019 at 09:09PM

Read More

Alibaba thwarting 2.2 Billion Cyber Attacks on a daily note

Chinese Multinational company Alibaba has disclosed that it is thwarting around 2.2 Billion Cyber Attacks on a single day. And the attack scale will increase during the annual online shopping event which coincides with Black Friday or Cyber Monday in the United States.

But the good news is that the e-commerce giant has deployed more than 3,000 security specialists and 1,258 algorithmic models working 24/7.

Jessie Zheng, the Chief Risk Officer at Alibaba said that disclosed number of cyber threats included abnormal transactions, counterfeit goods and malicious complaints such as DDoS attacks, brute force attacks, and malware intrusions.

So, to tackle the cyber ordeal, Alibaba seems to have deployed a team of both humans and AI propelled machines to detect and mitigate the threats.

Politely Trumpeting about its achievement Alibaba founder Jack Ma says that Alipay indulges around $50 billion worth transactions on a daily note. But has never lost a cent to hackers which shows us how skillful are its cybersecurity team in protecting the assets.

After reading the content of this article, you might now get a doubt on how much data should your hand over to e-commerce companies in exchange for your shipping experience?

Well, the answer is simple and that is to never fall prey to data-mining programs such as collecting payment card details, email ids, and contact numbers. But is that possible in this digital world?

Nope, that’s not possible when tech companies are ingeniously trying to push their customers towards greater transparency- pushing customers to immense cyber risks.

The post Alibaba thwarting 2.2 Billion Cyber Attacks on a daily note appeared first on Cybersecurity Insiders.

November 28, 2019 at 08:45PM

Read More

Google confirms state-sponsored cyber attacks on its users

Google’s Threat Analysis Group has confirmed that it has sent over 12,000 warnings to its users targeted by state-sponsored phishing campaigns. The internet juggernaut has also confirmed that governments from the east are showing a lot of interest in launching phishing and disinformation related attacks on the company’s Western users.

Releasing the update in its latest blog post, the web search giant said that its security researchers have found a new cyber threat from a new hacking group dubbed Russian Sandworm. But Google claims that it has taken measures to defend against such attacks and has discovered that a campaign was launched by a Russian firm to tarnish the image of few technology firms from the west with fake news.

Google claimed in its blog post that its analysis has found that hackers were interested in launching credential phishing emails this year to steal account details like passwords since May’19.

The technology giant also claims from its research that the government-backed hacking campaigns have increased over the past 3 years and most of them were launched by Sandworm. In one such campaign which gained the attention of the internet giant, hackers targeted users from South Korea using Android apps modified with spying malware which was downloaded more than 500,000 times and could have targeted at least 100,000 devices.

Also, mobile system developers from Ukraine were being increasingly targeted with spear-phishing emails. And the targets include mostly who developed a larger number of published apps on Google Play Store.

The post Google confirms state-sponsored cyber attacks on its users appeared first on Cybersecurity Insiders.

November 28, 2019 at 10:24AM

Read More

Ryuk Ransomware attack on Prosegur Australia

Spanish cash moving company Prosegur’s Australia division has released a press statement a few hours ago saying that its global network was hit by Ryuk Ransomware. The multinational company which offers armored vehicles and services to move cash to ATMs, restaurants, banks and financial institutions across Europe, Latin America, North America, and Asia said that the file-encrypting malware has disrupted its digital operations across 4 continents which might take a week or two to recover.

 

Going deep into the details, Prosegur started its business in Australia in 2013 after acquiring Chubb Security. And strengthen itself on a further note after purchasing Westpac’s teller machines last month.

 

On Wednesday this week, the company declared that it’s IT infrastructure was reigning under the RYUK ransomware cyberattack and declared that all its internal and external systems were affected including its website which was down for 8 hours from late afternoon.

 

Yesterday at 6 PM GMT the company declared that the attack was of ransomware variant which was confirmed by IT authorities after the initial probe.

 

Note- Prosegur is having a business in over 26 countries and is into the cash transport business from the past 60 years. First, the company started a business from Spain and Portugal and then extending its tradeline to Latin America, Europe, and Asia. It is one of the largest security companies in Spain and probably the first to get listed on the Madrid Stock Exchange. What’s interesting is that despite being in the security business, the company became a victim of the biggest heist when the Prosegur Office in Ciudad del Este was robbed in cinematic style.

The post Ryuk Ransomware attack on Prosegur Australia appeared first on Cybersecurity Insiders.

November 28, 2019 at 10:21AM

Read More

Four innovations changing the face of the financial industry

Technological advances and changes in customer expectations over recent years have made a huge impact on the banking and financial services sectors. In many cases, the transformation has been dramatic, with digital technologies enabling new services and totally resetting consumer expectations. For example, earlier this month NatWest Bank announced that it is trialing our biometric technology with credit cards in the UK, meaning that customers will soon be able to make ‘infinite’ contactless purchases that are above the current limit of £30.

The pace of disruption and innovation in finance is unlike anything we’ve seen before, but the industry has shown that it’s become much more comfortable with the shift to digital processes, whether internal or customer-facing.

With further innovation arriving almost daily – from opening an account with a selfie to social-media led cryptocurrencies – I’ve picked out four recent developments that in my opinion have had the biggest impact on businesses and consumers alike.

Making purchases with your fingerprint

While the smartphone industry kick-started the mainstream use of fingerprint authentication a few years ago, we are now seeing other biometric factors become part of our everyday lives, especially in payments. Furthermore, contactless payments have become so popular among consumers in the UK, for example, that they accounted for half of all debit card transactions in July 2019.

The biometric EMV payment card combines the convenience of contactless with the trust that is associated with biometrics, and with no spending limit.

The enrolment process for the card is very simple, secure and mindful of data privacy. Whether you’re activating your card at home via a secure sleeve or at the bank branch, there’s no biometric data handling outside of these premises. Your fingerprint is only stored on the card, and your bank has no access to this information.

The fact that the card keeps its ISO form factor and can be used in contact mode, or at the ATM for cash withdrawals, will ensure that EMV payment remains a truly universal payment device over the longer term.

Digital payments and mobile wallets

Ever wondered how paying with your smartphone for goods and services became so widespread? It’s thanks to a white label payment application, designed for mobile wallets that is based on EMV standards. The application supports proximity, in-app and online payments and it’s compatible with the latest security standards such as 3D Secure or PSD2. The technology can convert any type of plastic card, be it contact, contactless and even magstripe, into a digital card available on a smartphone in just seconds. The digital card can be used for in-store payments via NFC or QR code and also for in-app and ecommerce transactions.

This technology is widely deployed across the world, used every day by millions of customers. So, if you’re using a mobile wallet for ecommerce and contactless payments, it’s likely that it’s based on this technology.

Intelligent and adaptive fraud prevention

Authenticating users in any number of given scenarios is a challenge for every bank. But as the number of services that require authentication gets larger, managing them has become an increasing burden.

Support in this endeavor is here in the form of cloud-based solutions for user authentication management. These systems use multiple layers of real-time risk management algorithms to set an appropriate level of authentication for any use case, by leveraging contextual analysis and historical data. For example, it could determine how much authentication is required by examining the device the customer is using, the time of day and their location. This results in a secure and frictionless user experience for consumers, as well as reductions in operational and fraud management costs for the bank.

With banks adding new services frequently, a cloud-based management platform can allow them to flexibly integrate their own risk assessment solutions, or best-in-class solutions from third parties. This means they can try several solutions quickly to find out which suits their needs best or change their solutions as new types of fraud emerge. This way banks can maintain the best possible user experience, combined with low fraud rates, over time.

Using blockchain to manage customer identity

Today, we create multiple online login credentials, which are often unsafe, for websites and service providers – and in many cases we even use the same easy-to-remember password for multiple accounts. Managing several digital identities is not something our brains are wired to do. Besides the inconvenience, this also presents a huge security threat – insecure passwords cause an estimated 80 percent of breaches, according to a report from Verizon.

Financial institutions need access to users’ personal data in order to operate, and it’s important that this information is reliable and trustworthy. Adopting a decentralized digital ID platform based on blockchain allows organizations to provide customers with one consistent and secure process to register, login and transact in the form of ubiquitous digital identities. Incorporating blockchain into this process represents a major shift in power and convenience for end users.

For example, the Self Sovereign Identity scheme relies on blockchain to bring together trust and security to mutualize Know Your Customer (KYC) efforts and monetize access to verified information to relying parties. Instead of relying on a central authority to control the verification of IDs, it leverages the capabilities of multiple trusted parties that create attestations on the distributed ledger. The end user’s personal data remains under their sole control and they can decide what identity attributes can be shared and with whom.

It’s a hugely exciting time to be part of the financial industry due to the sheer pace and scale of technological innovation taking place. These shifts have brought countless benefits with regards to streamlining services and operations, fraud management, customer experience and satisfaction – and in many cases it’s already hard to imagine life without them. What do you think is coming next? Let us know in the comments below or by tweeting us @Gemalto.

The post Four innovations changing the face of the financial industry appeared first on Cybersecurity Insiders.

November 27, 2019 at 09:08PM

Read More

Russian company tries to Cyber Attack Ohio Election Day 2019

On November 5th,2019, Ohio detected a cyber attack on its election procedure which is now concluded to be unsophisticated. Frank LaRose, the Republican Secretary of State released a press statement on Tuesday disclosing the details of the attack and confirmed that the attack originated in Panama and a Russian Company was behind the cyber incident.

 

Frank LaRose said that the hackers tried to induce an “SQL Injection based malicious code” into the official website which was eventually blocked and thwarted by the IT threat detection systems of the Ohio Secretary of State’s Office.

 

“It was just an attempt to exploit the vulnerabilities and the bad guys were in lookout for soft spots. However, the good guys won over the bad guys and everything went in favor of the Ohio Secretary of State’s Office”, LaRose said. He added that the attempt was to disrupt and undermine the credibility of elections. Furthermore, he cleared the air that neither the election machines or the ballot counters are connected to the internet during the election procedure.

 

Note 1- Ohio is being guarded by the “Albert” intrusion system, which is a digital threat detection framework meant to alert the authorities on any unauthorized intrusion.

 

Note 2- After the US elections 2016 held in November 2016, many media sources speculated that the election results were rigged in favor of Donald Trump by a foreign nation which could be Vladimir Putin led Russia. However, the country denied and Trump announced that some media outlets were painting red against his party by conducting a political witch-hunt through Yellow Journalism.

 

Note 3- On January 13th,2017, the office of the then-president Barack Obama released a press statement claiming that the US 2016 Polls were indeed influenced by Russia and was discovered in a joint probe conducted by the FBI and CIA. However, all these speculations and press releases lost their fizz as soon as Donald Trump took oath as the 45th US President on January 17th of 2017.

 

Note 4- The details of the Russian company which tried to influence the Ohio Election Day 2019 ill to be out soon!

 

The post Russian company tries to Cyber Attack Ohio Election Day 2019 appeared first on Cybersecurity Insiders.

November 27, 2019 at 08:58PM

Read More

Important updates about the California Consumer Privacy Act (CCPA)

Here’s an email sent by Google to its users about its recent update to California Consumer Privacy Act CCPA-

 

Dear Partner, 

 

 The California Consumer Privacy Act (CCPA) is a new data privacy law that applies to certain businesses that collect personal information from California residents. The new law goes into effect on January 1, 2020.

  

  Google already offers data protection terms pursuant to the General Data Protection Regulation (GDPR) in Europe. We are now also offering service provider terms under the CCPA, which will supplement those existing data protection terms (revised to reflect the CCPA), effective January 1, 2020. No additional action is required to accept the service provider terms if you’ve already agreed to the online data protection terms.

  

   These service provider terms will be made available alongside new tools for partners to enable restricted data processing. Restricted data processing is intended to help advertisers and partners prepare for CCPA. Please note that restricted data processing operates differently across our products. Some products provided by Google will automatically operate using restricted data processing while the action is required to enable restricted data processing for other products.

  

Subject to the service provider terms, we will act as your CCPA service provider with respect to data processed while restricted data processing is enabled. You can refer to this article for more information on restricted data processing and determine whether restricted data processing meets your CCPA compliance needs. 

 

Please see privacy.google.com/businesses for more information about Google’s data privacy policies.

  

 Thanks,

  

 The Google Team

 

The post Important updates about the California Consumer Privacy Act (CCPA) appeared first on Cybersecurity Insiders.

November 27, 2019 at 11:03AM

Read More

Android apps fraudulently access Facebook and Twitter user data

Facebook and Twitter have made an official announcement yesterday that few android apps were accessing the login info and other details of its users when the users used the same credentials into certain apps that were being downloaded via the Google Play Store.

According to a source from CNBC, the damage was being done by a Software Development Kit (SDK) used by OneAudience and Mobiburn apps which were found guilty of giving access to Facebook (FB) and Twitter users without their consent.

Security researchers working for the news site found that the apps accessed info such as email addresses, user names, most recent Facebook and Twitter posts and the followers and the people they were following.

It is being reported that hackers can take control of anyone’s account through this vulnerability repeating last month’s hacking saga of Twitter founder Jack Dorsey.

Lindsay McCallum the official spokeswoman for Twitter warned users to review the apps which were using the credentials of their respective social media accounts as there is a chance that these accounts could or could have already accessed sensitive info of the users.

Affected users of Twitter will be emailed about the vulnerability soon and the company is also intending to inform Google and Apple on this newly found vulnerability.

Some of the apps which were found guilty of stealing Facebook and Twitter credentials include names such as Giant Square and Photofy.

Meanwhile, Mark Zuckerberg led company FB has announced that we will be releasing a new research app named Viewpoints in Jan’19 which will be basically a survey app that will be rewarding users with points. The app is said to be available for Android users for now and will be focusing on how long users are using other apps and software on Google-owned Android operating systems.

The post Android apps fraudulently access Facebook and Twitter user data appeared first on Cybersecurity Insiders.

November 27, 2019 at 10:53AM

Read More

Over 80K computers running on Microsoft Windows OS found generating bitcoins with Malware

According to a security report released by Microsoft, over 80,000 computers running on different versions of the Windows Operating system were found mining bitcoins without the knowledge of the users.

Dubbed as Dexphot, the malware has been reportedly infecting Win machines since Oct’18 stealing the computing power of its machines to mine bitcoins.

Technologically, bitcoins mining happens when computers do humongous amounts of calculations and get rewarded by a bitcoin on successful completion of the calculation string.

Researchers found that Dexphot malware is sophisticated enough to reinstall itself on an incremental note to remain for long on the computers to mine Bitcoins. And has the tendency to get customized and used as a botnet to launch DDoS cyber attacks to overload servers with web traffic and imperil IT infrastructures of public and private entities.

“It is one of the countless malware which is being used for Cryptocurrency Mining silently stealing the processing power and earning Bitcoins for hackers without the knowledge of the victim.
However, the good news is that the infection is seen spreading widely across Win 8,7 and XP machines and not the Windows 10 operating system run machine”, says Hazel Kim, malware analysts working for Microsoft Defender ATP Research.

Kim claims that Microsoft is working hard to mitigate such risks with countermeasures and has so far attained super-success in doing so. However, a lot of works needs to be done to attain a full count on this note.

The post Over 80K computers running on Microsoft Windows OS found generating bitcoins with Malware appeared first on Cybersecurity Insiders.

November 27, 2019 at 10:50AM

Read More

Reflections on Captain Sully’s #ISC2Congress Keynote

by Dr. Chris Veltsos, CISSP 

(ISC)² Security Congress wrapped up four weeks ago. The event sported world-class keynotes and also had many great sessions. This article shares some reflections on Captain Sully’s keynote, and his message to all of us information security professionals.

A Perfect Fit for Cybersecurity

The opening keynote at the 2019 (ISC)² Security Congress could easily be mistaken for a figure larger than life. Captain Sully’s story is one of calm in the face of chaos, with the result being that everyone on board that fateful flight was able to get out alive. As some of the exchanges between the pilots and the control tower resonated through the speakers, the mood was tense, as if all of us in the room suddenly found ourselves in the cockpit. However, Captain Sully’s message wasn’t focused on the failure of the technical equipment — as most engines would fail when hit by a flock of Canada geese — and instead focused on the importance of education and training, keeping cool and communicating well during a crisis, and the value of debriefings. More on this in a bit.

This cybersecurity conference keynote wasn’t about technology per se, yet it was such a perfect fit for what information security professionals are facing today. We have complex, interdependent systems and controls, and yes, it is highly likely that these systems or controls are going to fail, with potentially disastrous consequences. As I write these words, the news reports that a large cloud service provider had a major disruption, ransomware has once again shut down operations at several large and small organizations, and another spat of organizations suffered data breaches.

Judging by the standing ovation and clapping levels, Captain Sully’s keynote resonated very well with attendees. So what were some of the notable take-aways?

The Importance of Education, Training, and Debriefing

At several points, Captain Sully made the clear connections between the positive outcome of US Airways Flight 1549 and the education and training that he received — or rather that he engaged in — throughout his career. Why engaged in instead of received? Because education and training require that the person actively participates in those activities rather than being a passive recipient of information. In retrospect, Captain Sully highlighted several points in his career where education and training helped steer the outcome of flight 1549 to what we know today. He credited his love of reading and learning for having not only saved his life, but that of more than 150 people. And at the pace that things are changing today, Captain Sully reminded us to nurture a mindset of continuous learning, in ourselves and in the people who look up to us.

But education and training can only get us so far in terms of preparation. Without practice — and regular debriefings, even when the practice was a success — we are unable to internalize the lessons that must be learned, lessons that can one day make the difference between a crash where everyone survives, and one where lives are lost. And these drills can’t just be limited to the technologists, they have to involve business leaders, decision makers, across many levels of organizational leadership, to draw out lessons to be learned, and playbooks to be updated.

Shared Responsibility

Another key theme in Captain Sully’s keynote was that of the shared responsibility that we are faced with. As security professionals know, information security is not a technology issue, it is a whole-of-business issue. That means, as Captain Sully said, “it’s not about me, it’s about us.” This requires a shift in mindset, both from security professionals and from business leaders, to ensure that we focus on what brings us together instead of the organizational silos that have in the past kept us apart. Digital disruption is taking the world of business by storm, and as you’ve noticed, there are a lot of bumps in the road so far. “We must adapt.” Yes, we as security professionals must adapt, and yet we must also help our organizations adapt.

This sense of shared responsibility helps us keep the big picture in mind. It’s not about being right about a specific control or waiting for the inevitable “I told you this would happen” moment. It’s about ensuring that our organizations are resilient in the face of ever changing operating and environmental conditions. Together we are better able to handle the crisis at hand. In Captain Sully’s case, he is quick to praise the teamwork that helped bring about the positive outcome. He couldn’t have done it without the help of his co-pilot, and he described a sort of dance that took place in the cockpit while maneuvering to bring a jetliner to gently crash in the Hudson river. But the crisis wasn’t over once the plane came to a rest in the water; Captain Sully praised the work of the flight attendants for helping get everyone out of the sinking plane. 

Shared responsibility means that we must continue to stretch and reinvent ourselves as the realities of running a business today continue to stretch our capabilities. But there was one more key theme in Captain Sully’s keynote: communication.

Communication is Key

Unlike most crises or near-crises, the case of Flight 1549 is a fairly open book in that investigators were able to go over the two black boxes, the cockpit voice recorder and the flight data recorder, and comb over every instant of the flight, including every decision by the pilot and co-pilot. Another unique aspect of this crisis was that of the communications between the cockpit and the control tower. Clarity, focus, determination, trust. The now famous pilot shared with the audience how, to this day, he still remembers choosing his words very carefully, to ensure they represented the situation or the orders he wanted executed as best he could. In his communications with the tower, you can hear the very clear language used to list and negotiate nearest-airport options. Then once it became clear the plane couldn’t even reach the nearest airport, the focus — and communications in the cockpit — shifted to the preparations for a water landing.  

Captain Sully also described how, even though they had not flown together until that day, he and co-pilot Silkes could collaborate almost wordlessly, stemming in part from the many trainings and debriefs they had each taken part in, and the sense of shared responsibility. The pilot and co-pilot must be able to quickly and honestly share relevant pieces of information with one another, and trust that the other party would be able to articulate concerns over an incorrect reading or action. Getting to that point — when two people can communicate with one another like a well-choreographed dance — it requires a keen attention to and investment in developing our ability to communicate, both when times are good and during a crisis.

We as cybersecurity professionals have our work cut out for us. Not only do we need to continue to develop our ability to understand and master the many technical domains that are part of our cybersecurity responsibilities, we must also invest in growing our ability to communicate with a wide variety of audiences, including top leadership and other decision makers, as we’re all in this together. 

Captain Sully’s words inspire us to continue our own professional development so we can be better prepared to respond to the next cybersecurity challenge.

The post Reflections on Captain Sully’s #ISC2Congress Keynote appeared first on Cybersecurity Insiders.

November 26, 2019 at 09:09PM

Read More

Palo Alto Networks acquires Aporeto and Demistro

California based Cybersecurity firm Palo Alto Networks has made it official that it has acquired AI-based startup Aporeto for a cash deal of $150 million. The objective of the company behind the acquisition is to use AI and Machine Learning tools of Aporeto to automate significant certain segments of its products and services such as cloud monitoring, firewalls and compliance-related licenses along with endpoint protection.

 

News is out that Aporeto co-founders Satyam Sinha and Dimitri Stliadis will be joining the Palo Alto networks from early next year and will be given relevant roles to play in the development of the American Multinational Cybersecurity company.

 

“We are thrilled to welcome Aporeto to our Palo Alto Networks family and feel that the machine identity technology of the newly acquired company will help accelerate our Prisma Cloud capabilities which will help our customers secure their journey to the cloud”, said Nikesh Arora, Chairman, and CEO, Palo Alto Networks.

 

In another development related to the acquisition by the same company, the Santa Clara based security company is said to have brought the entire stocks of Information Security startup Demistro for $560 million. The former is aiming to gain the threat prevention intelligence and response technology from the latter to strengthen its Application Framework Strategy.

 

Founded in the year 2015, Demistro is said to offer automation tools for Information Security Management through its Security Orchestration Automation and Response (SOAR) platform.

 

Note- In June’18, Nikesh Arora, the former executive of Google and Softbank joined the company as the Chairman and CEO. And from then-on the company’s acquisition spree is continuing…

The post Palo Alto Networks acquires Aporeto and Demistro appeared first on Cybersecurity Insiders.

November 26, 2019 at 08:48PM

Read More

How I Went from Climbing Cable Poles to High-End Threat Hunting

By Tia Hopkins, vice president, global sales engineer, eSentire

My path to cybersecurity wasn’t a linear one. My first real job was installing DSL (digital subscriber lines) for phone companies. I was climbing poles, pulling cables and that sort of thing. Installing high-speed internet is what led me to IT, because customers would ask questions like “How do I do this on more than one computer?” or “What’s a network?” or “What’s Wi-Fi?” To answer their questions, I started digging in deeper and got turned onto the IT side of the business.

Eventually, I started doing junior admin work and worked my way up through the ranks at different companies before ending up in the role of IT director. I was hired to help a company owner transition from a break/fix retail shop into a managed services offering for businesses. I was responsible for developing and maturing the services offering, establishing technology partnerships, and improving the end user experience – while also delivering the services, too.  I had no idea at the time that this opportunity would end up spurring my career in cybersecurity.

Getting further under the hood with DevOps, security and cloud

As I became more responsible for service offerings and environments at that company, I started looking at all of the things that were going on in the industry. The three big things that stood out to me at the time were DevOps, security and cloud. The owner was really gung-ho about the cloud, but it seemed to me that we should be focusing more on securing these environments before putting all of our customers’ stuff in the cloud. And that jumpstarted my interest in security.

Once I got bit by the cybersecurity bug, I really dove in and started reading everything I could find. I started getting certifications and education in cybersecurity. The more I learned, the more interested I became – it resonated and felt like “This is how my mind works.”

Now, of course I’m not a criminal, but I’m very good at finding loopholes and developing ways to exploit them. It’s important to understand how things can be broken and infiltrated. It’s not criminal if it’s ethical – I’ve got a white hat. But if somebody can build it, somebody can break it; that’s how I look at things.

Security felt like my calling. It requires being able to think outside the box. And you’ve got to keep learning and adapt. You can’t just confine yourself to what’s the norm, what’s the standard, because as we know, the industry evolves every day and you have to be able to keep up with it.

Transitioning to security

At first when I started interviewing for security jobs, there was a tendency to push me towards pre-sales and consulting. That wasn’t what I wanted. I wanted to be technical and hands-on. I wanted to deploy things. But I did end up in pre-sales for a while, which helped me understand the other side of the sales cycle.

Eventually, a recruiter contacted me and told me I would be a great fit for eSentire, a managed detection and response (MDR)  company. I didn’t even know what that was. I normally ignore recruiters, but I was intrigued by this opportunity so I continued to explore. The more I read up on MDR, the more I realized that this is where the industry’s going. I thought, “Holy cow – this is what I’m missing.” I don’t like to do what everybody is doing right now; I like to do what everybody is going to be doing in the future. eSentire’s MDR approach really interested me – it was exciting then, and I’m still excited.

A world of possibilities

Cybersecurity is a deep and multifaceted field with all sorts of opportunities and ways to get involved. It’s exciting to see the push to bring more women into the field, and I help with mentoring and attend meet-ups as my busy schedule allows. If you have a real interest, it doesn’t matter where you start from. I started out installing cable! There’s never been a better time to jump into this field; the need is huge, and there will be plenty of people and programs to help you along your own particular path.

About the author

As vice president, global sales engineering at eSentire, Tia Hopkins is focused on leading the team in providing pre-sales engineering support. She has held various technology roles, including Senior Solutions Architect and Director of IT Services at services organizations. She is an adjunct Professor for Yeshiva University’s Cybersecurity Masters program, and a Career Mentor for Cybrary and Built by Girls.

Tia is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (C|EH) and Certified Hacking Forensics Investigator (C|HFI). She also holds a BS in Information Technology, MS in Information Security and Assurance and MS in Cybersecurity and Information Assurance, and plans to continue her education in pursuit of an MBA in IT Management.

 

The post How I Went from Climbing Cable Poles to High-End Threat Hunting appeared first on Cybersecurity Insiders.

November 26, 2019 at 01:26PM

Read More

NYPD knocked out by Ransomware Attack

A ransomware scare has made the New York Police Department (NYPD) pull-down its fingerprints database offline. However, an official statement released by the law enforcement agency says that none of the stored data records were impacted by the file encryption malware as the ransomware was contained in the initial stage of a cyber attack.

Highly placed sources say that the file-encrypting virus was introduced into the network by a contractor who was working on a project of replacing digital displays. Going deep, Cybersecurity Insiders has learned that the contractor might have probably introduced the malware through his Mini NUC PC which might have been infected by the malware already.

When the IT officials of the NYPD probed into the matter they found that the contractor was innocent making the incident inadvertent. But they also learned the fact that the ransomware proliferated to around 23 machines connected to LiveScan Fingerprint- Tracking system on a rapid note forcing the officials to knock down all the servers offline to keep the malware spread contained.

Jessica Tisch, the Deputy Commissioner for IT, NYPD said that the malware made the LiveScan machine go offline and over 200 computers connected to the network might need a software installation re-jig as early as possible.

 “The Catastrophic repercussions of ransomware attacks on public utilities are known and would qualify for a national emergency if the situation deteriorates”, says Ms. Tisch.

Sources say that the offline systems reportedly belonged to the Joint Terrorism Task Force and the NYPD’s Cyber Command.

Ransomware spreading threat actors are increasingly targeting public institutions and it’s best if these agencies start taking proactive measures to tackle such cyber threats from the bud.

The post NYPD knocked out by Ransomware Attack appeared first on Cybersecurity Insiders.

November 26, 2019 at 10:34AM

Read More

Cyber Attack on OnePlus Online store

Chinese Smartphone maker OnePlus has made it official that data related to its consumers of the online store was hacked and accessed by unknown hackers almost two weeks ago. However, the Shenzhen based company has assured that payment information and passwords remain unaffected as the data was put on another server.

The company which is a subsidiary of OPPO Mobile Telecommunication brand is yet to reveal the exact number of affected users as the cyber incident is still under a probe.

What’s interesting in this cyber attack saga is that a similar cyberattack took place in Jan’18 and the company then revealed that more than 40,000 customers were affected by the incident which took place due to an induction of a malicious script into the OnePlus.net’s payment page making hacker’s access card details of the customers via the browser. The other highlight was that the company did not recognize the infiltration. It was the customers who alerted the smartphone maker after witnessing fraudulent transactions on their bank statements after using their respective cards on the online store of OnePlus.

Those affected by the latest incident will be informed on an official note via email by OnePlus by this weekend. And if you happen to be a customer of the said Chinese vendor and did not receive the email, then you can confirm that you were fortunate enough to escape the data breach.

Prima Facie launched by OnePlus says that customer names, contact numbers, emails, and shipping addresses were stolen in the incident. So, there is a high chance of the affected customers being infected by spam or phishing emails.

The post Cyber Attack on OnePlus Online store appeared first on Cybersecurity Insiders.

November 26, 2019 at 10:32AM

Read More

Ransomware attack on 110 Nursing homes across the United States

A ransomware attack launched on a Wisconsin based IT company is said to have disrupted the services of over 110 Nursing Homes across the United States. The company owner claims that the impact was not only harsh on the business but could have also lead to the demise of some patients.

Now, the company which is under discussion is Milwaukee based Virtual Care Provider Inc (VCPI) which is a firm into IT consulting, internet access, data storage, and security services. News is out that the malware attack on the cloud-based service provider has severely impacted more than 96 healthcare units across 45 United States and could have disrupted operations over 85,000 computers used across the hospital networks.

Cybersecurity Insiders has learned that the file-encrypting malware attack which took place on November 17 of this year was of RYUK Ransomware variant and is said to have encrypted all the data of the cloud services provider. Moreover, the hackers are said to be demanding a ransom of $14 million to free up the data with a decryption key.

In an interview given to KrebsonSecurity, VCPI owner Karen Christianson said that the business was severely affected by the ransomware attack and has virtually lost access to sensitive info which includes access to patient records, client billing, phone system communication, Payroll operations and info, Internet service, and email access.

As most of the nursing homes in the hospital network have access to VCPI cloud via Citrix based Virtual Private Network, the company is trying hard to restore access to this network as soon as possible.

An anonymous source reporting to our blog said that the company is on the verge of losing business which could lead to a shutdown. Furthermore, the IT disruption is said to have lead to the impact of serious data access operations to patient records which can lead to the death of some patients suffering from chronic diseases.

Karen Christianson has clarified that his company is not ready to pay the ransom and would depend on data backups instead.

The post Ransomware attack on 110 Nursing homes across the United States appeared first on Cybersecurity Insiders.

November 25, 2019 at 08:50PM

Read More

Data of prepaid customers of T Mobile hacked

Germany based Telecom Company T-Mobile has officially declared on Friday last week that sensitive info of its prepaid subscribers was leaked to hackers. The leaked details include social security numbers, financial data, passwords and other info related to the subscribers.

 

However, a source from America’s top mobile services provider based on the condition of anonymity said that billing address, phone numbers, account number, rate plan, names, and their location data were also accessed by hackers. But the company has reportedly kept the info in dark from the world for reasons.

 

T-Mobile is thus urging its users to either update their account PIN by dialing 611 from the registered device or call the 1-1800-TMOBILE number from any phone to lock the security.

 

Most of the customers who were impacted by the breach were informed by a text message by the service provided by Sunday late at night. However, those who haven’t can reach out to customer care to know more information.

 

T-Mobile’s Postpaid customers i.e. who pays the bill on a monthly note after using the service are apparently safe from the hacking repercussions as their details are stored on a separate server.

Why did the service provider show laxity towards prepaid customers is yet to be known.

 

Note- In Aug’18 news was out that info of more than 2-million customers of T-Mobile was stolen by hackers and this included phone numbers, addresses, email addresses and also location data. Now, the data breach’s magnitude appears to be high and wonder what the management is doing when it comes to the protection of data of its valuable customers.

 

The post Data of prepaid customers of T Mobile hacked appeared first on Cybersecurity Insiders.

November 25, 2019 at 11:03AM

Read More

Iranian hackers to launch data destroying malware on Western countries

All these days hackers from Iran were seen indulging in activities such as DDoS attacks and espionage. But now, there is evidence that these hackers have decided to launch malware campaigns that are capable of destroying data on the servers being operated in Western countries. This includes data being stored on public and private entities such as critical infrastructure owned by countries.

Revealing the same at the CyberwarCon Conference held in Arlington, Virginia; Ned Moran a security researcher from Microsoft ringed the alarm bell. Ned said that his security team’s discovery has found that the Iranian hacking group dubbed APT33 has changed its hacking objective by shifting its focus from espionage to data destroying campaigns.

APT33 also named Holmium, or Refined Kitten or Elfin the group is said to carry out disruptive cyberattacks on the critical infrastructure of western countries. The team of researchers from Microsoft’s Threat Intelligence Group has already said found that the hacking group has started groundwork on this issue and devised a virus called StoneDrill which is more powerful from Shamoon malware and is being integrated with TURNEDUP backdoor software.

Last year, McAfee reported the same and has disclosed the news with evidence which says that the hacking group has already succeeded in planting the malware on the servers of some private technology companies operating in the west and is now reaping out financial benefits with the intrusion.

What type of data was accessed by the hackers and the information related to the infiltrated servers is yet to be known.

But Microsoft researchers claim that the hacking group managed to intrude the servers with the help of password spray and has been indulging in such activities by targeting at least 2000 companies per month.

Ned Moran said that half of those companies happen to be manufactures, suppliers, or maintenance contractors of Industrial Control Systems (ICS).

The post Iranian hackers to launch data destroying malware on Western countries appeared first on Cybersecurity Insiders.

November 25, 2019 at 11:01AM

Read More

Zero Trust – The new default for Information Security

Since the dawn of information security, trust has been a critical element. Over time, as information technology has become more distributed, the notion of trust has evolved around who logically needs to be able to access a service. For example, if you are seeking to get onto your corporate network then you will need to have a unique username and password to view the corporate information sources and private documents. In addition, firewalls are used to prevent outsiders and other potential threats from entering these zones.

Nevertheless, only using usernames and passwords to be able to access this kind of corporate information poses problems for those people who need to be permitted to access specific company resources through the internet, such as field engineers. As a result, VPNs have been created to provide trusted communication tunnels that can securely grant access to specific ports of enterprise data, controlled by IT departments.

For a while, this combination of usernames, VPNs, and firewalls was enough to create a high level of security within an organization’s network of employees and external actors. However, this has changed dramatically over the past decade with the explosion of mobile computing. The shift from working on a monitor to a personal laptop and to our devices, like phones and tablets, has proven to be a significant challenge for IT departments. No longer can they call the shots by only allowing corporate data to be accessed through company issued computers.

What’s more, this huge proliferation of personal devices has also been accompanied by the adoption of cloud computing and cloud applications, such as Salesforce, Office 365 and DropBox. This means the ways in which sensitive data can be shared has also increased exponentially. In working on projects with other companies it has become commonplace to share files, even for sensitive initiatives like new marketing releases. IT departments have therefore often resorted to blocking any unsanctioned applications or traffic from unmanaged devices. However, the cost of this is excessive and can inhibit innovation within the workforce, forcing employees to use potentially outdated programs and devices that prevent remote working. It is for these reasons that trust-based systems for protecting enterprise information are becoming obsolete.

While hacking corporate network systems from the outside requires a certain degree of skill to break through the firewalls and VPNs, an easier way to gain access to sensitive corporate data is to go via an employee who has access to such data. One such way to do this is via phishing attacks – pretending to be a trusted system to trick an employee into giving over their username and password. Once inside, the hacker can enter the trusted zone and acquire sensitive data or trigger other malicious attacks.

It is this realization of internal threats that coined the term ‘Zero Trust’. This mindset is simple – any user or device trying to access confidential data cannot and should not be trusted by default, even if they work for the company.

When discussing how to implement a Zero Trust framework it must be noted that one size does not fit all in terms of what degree of security needs to be put in place and how segregated access needs to be. However, there are two key enablers that are helpful to take into consideration when adopting Zero Trust posture; Identity and Access Management (IAM) and Network Micro-segmentation.

IAM essentially lets system administrators manage the identities of different users and entities; and regulate access to systems or networks based on the roles of individual users within the enterprise. Roles are defined according to job competency, authority and responsibility within the enterprise. A good example of this is the special permissions that more senior figures in the organization may have access to compared to their juniors. In practical terms this may mean that only a Practice Head would have access to the Purchasing System to approve a purchase request. One of the key advantages of Access Management systems is that they can enable or revoke access regardless of a user’s location or device type. This gives system administrators a lot of flexibility in organizations that have a lot of remote or nomad workers; while giving employees the freedom to work from any location. Their value as key resource in cybersecurity is highlighted by the fact that 75% of organizations rely on access management to secure their external users’ logins to online corporate resources.

Network Micro-segmentation works by slicing a network into different segments that can only be accessed by a known number of users. For example, if you worked in HR for your company you could not access the section of documents meant for the Finance team and vice versa. It also means that if a worker’s credentials are used by a hacker, they could not compromise more data than that individual had access to – each application or resource is isolated with its own firewall to secure it. However, although this reduces the lateral movement of threats, a company will still have to use an identity and access management system to identify users, devices and other resources in the first place.

While both these approaches are different, they are complementary in a variety of ways and in the long term most companies will likely need to balance both to significantly reduce the insider threat and create a version of a Zero Trust framework that works for them. As the threat landscape continues to advance and evolve it is important that companies do not forget that sometimes the worst threats come from those you might normally trust the most – the insiders! Never trust, always verify!

The post Zero Trust – The new default for Information Security appeared first on Cybersecurity Insiders.

November 22, 2019 at 09:09PM

Read More