IT Support and Hardware for Clinics
32.7K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

House Panel Passes Cyberthreat Info Sharing Bill

House Panel Passes Cyberthreat Info Sharing Bill | IT Support and Hardware for Clinics | Scoop.it

After beating back amendments by Democratic members to limit liability protections for businesses, the House Homeland Security Committee on April 14 unanimously approved cyberthreat information sharing legislation on a voice vote.


The bill, sponsored by Committee Chairman Mike McCaul, R-Texas, now goes to the full House, where differences with another cyberthreat information sharing measure approved by the House Intelligence Committee last month will be worked out. House leaders indicated that the full House could vote on cyberthreat information sharing legislation as early as next week.


In the Senate, a version of its cyberthreat information sharing bill could come up for a vote shortly. Senate Majority Leader Mitch McConnell included the Cybersecurity Information Sharing Act passed last month by the Senate Intelligence Committee as among several bipartisan bills that the Senate is "working hard to advance."


The National Cybersecurity Protection Advancement Act of 2015, approved by the House Homeland Security Committee, provides many of the privacy and civil liberties protections sought by President Obama that were absent in earlier versions of cyberthreat information sharing legislation that passed the House and the White House had threatened to veto in the two previous congresses.

Limits Placed on Shared Data

The House committee approved one amendment that explicitly states that shared cyberthreat information processed through the National Cybersecurity and Communications Integration Center - known as NCCIC, the Department of Homeland Security portal - could not be used for law enforcement or intelligence purposes. Civil liberties groups have raised concerns that some cyberthreat information sharing bills could allow the use of collected cyberthreat data to spy on Americans, violating their privacy and liberties.


The legislation would require private companies to remove personally identifiable information unrelated to the cybersecurity risk before sharing information with the NCCIC or other private entities. It would also require the NCCIC to conduct a second scrub and destroy any personal information that is unrelated to the cybersecurity risk before further sharing with other government agencies or private organizations.


The aim of the cyberthreat information sharing legislation is to encourage businesses and other private organizations to share voluntarily threat data with the government and other businesses to mitigate damaging cyber-attacks. But some businesses are reluctant to share the information unless they are protected from legal actions, which led to the various provisions to offers liability protections.

Liability Provisions Remain Intact

The Democratic minority on the House Homeland Security Committee, along with the Obama administration, contend that the liability protections offered to businesses in the committee's bill were too broad, providing legal protections when not warranted. An amendment offered by Rep. Cedric Richmond, D-La., would have removed liability protection for businesses that received threat data but failed to act on it. "If you abide by the provisions of this act," Richmond said, "then you're exempt from liability. It's just that simple. Instead of adding all these other concepts to the liability language, if we take the time to pass a bill and you abide by it, you have liability exemption. If you don't, then you don't have exemption."


But the bill's cosponsor, Republican Rep. John Ratcliffe of Texas, said the broader liability protections in the bill are aimed to get the greatest number of businesses to participate in cyberthreat information sharing. "Stakeholders are concerned about putting their customers or consumers at risk, and their information at risk; they're concerned about exposing their own sensitive business information by sharing," Ratcliffe said. "And, they're also concerned about possibly violating federal privacy laws. Having strong liability protection is going to be absolutely critical and vital to the success of this bill, and the phraseology in this bill is absolutely critical and essential to that point."

The bill originally provided liability protection for businesses that conducted its network security awareness in "good faith," but the committee voted to excise those words from the measure because, as McCaul noted, the term is too ambiguous and could lead to confusion in enforcing the measure should it become law.

Awaiting Word from White House

The White House has not said whether it would support or veto any of the cyberthreat information sharing bills winding their way through Congress. Statements of Administration Policy, such as the ones containing the earlier veto threats, usually are issued shortly before one of the chambers is set to vote on the legislation.

After the committee vote, the Financial Services Roundtable called for swift floor action on the legislation. "Congressional action to better protect consumers from cyber-attacks is long overdue," said Tim Pawlenty, CEO of the Roundtable, a financial services industry advocacy group. "We applaud the House for addressing gaps in our nation's cybersecurity laws and urge both chambers of Congress to quickly put a bill on the president's desk."


more...
No comment yet.
Scoop.it!

US Senate committee advances cyber-surveillance bill

US Senate committee advances cyber-surveillance bill | IT Support and Hardware for Clinics | Scoop.it

The Senate intelligence committee advanced a priority bill for the National Security Agency on Thursday afternoon, approving long-stalled cybersecurity legislation that civil libertarians consider the latest pathway for surveillance abuse.

The vote on the Cybersecurity Information Sharing Act, 14 to 1, occurred in a secret session inside the Hart Senate office building. Democrat Ron Wyden was the dissenter, calling the measure “a surveillance bill by another name”.

Senator Richard Burr, the committee chairman, said the bill would create avenues for private-to-private, private-to-government and government-to-private information sharing.

The bill’s bipartisan advocates consider it a prophylactic measure against catastrophic data theft, particularly in light of recent large-scale hacking of Sony, Target, Home Depot and other companies.

Private companies could share customer data “in a voluntary capacity” with the government, Burr said, “so that we bring the full strength of the federal government to identifying and recommending what anybody else in the United States should adopt”.

“The sharing has to be voluntary, not coercive, and it’s got to be protected,” said Senator Dianne Feinstein, the committee’s vice-chair, adding that the information would pass through the Department of Homeland Security – and “transferred in real time to other departments where it’s applicable”.

Feinstein said the bill’s provisions would “only be used for counterterrorism purposes and certain immediate crimes”.

Several iterations of the cybersecurity bill have failed in recent years, including a post-Edward Snowden effort that the committee, then under Democratic leadership, approved last year. President Obama, renewing the push earlier this year, has called for a bill to enhance information sharing between businesses particularly banks and others in the financial sector and the federal government surrounding indications of malicious network intrusions.

Advertisement

Both the administration and Congress intend the legislation to join a panoply of recent moves to bolster cybersecurity, including February’s announced creation of a consolidated center within the intelligence agencies for analysis of internet-borne threats.

“This bill will not eliminate [breaches] happening,” Burr said. “This bill will hopefully minimize the impact of a penetration because of the real-time response.”

Feinstein said that companies, “reluctant to share with the government because they are subject to suit” would be protected from lawsuits “for cybersecurity purposes” under the bill.

But the bill faces strong opposition inside and outside Congress. Beyond expanding government’s reach into private data outside warrant requirements, it mandates real-time access to that data for intelligence agencies and the military.

‘Significantly undermine privacy and civil liberties’

Privacy advocates consider the bill to provide a new avenue for the NSA to access consumer and financial data, once laundered through the Department of Homeland Security (DHS), the initial public repository for the desired private-sector information. Campaigners consider the emphasis placed by the bill’s backers on DHS’s role to be a misleading way of downplaying NSA access to win congressional support.

A coalition of nearly 50 technologists, privacy groups and campaigners wrote to the committee earlier this month urging rejection of a bill that would “significantly undermine privacy and civil liberties” and potentially permit corporations to “hack back” at perceived network intrusions.

The bill “does not effectively require private entities to strip out information that identifies a specific person prior to sharing cyber-threat indicators with the government, a fundamental and important privacy protection,” the 2 March letter reads. Its changes to federal law “would permit companies to retaliate against a perceived threat in a manner that may cause significant harm, and undermine cybersecurity”, particularly given the misattributions of responsibility frequently seen in hacking cases.

Companies can only take “defensive measures” and not “countermeasures against another company”, Feinstein said.

Burr said that language in the bill would require companies to “remove all personal information before that data is transferred to the federal government”, and that the Department of Homeland Security would scrub any data not cleaned by companies. “We’ve tried to minimize in that any personal, identifying data that could be captured,” he said.

But Burr admitted the bill would still allow companies to share directly with the NSA, and could potentially receive liability protections if information is shared “not electronically”. “Our preference is the electronic transfer through the DHS portal,” he said.

While the NSA has labored to convince the public to move on from international condemnation of its digital dragnets – though Congress has passed no legislation to curtail them – acrimony within the tech sector at the surveillance giant persists.

At a Washington forum last month, Yahoo’s chief security officer confronted the NSA’s chief, Admiral Mike Rogers, over a recent push by US security agencies to undermine encryption for government benefit, a revival of the so-called “Crypto Wars” of the 1990s.

Alex Stamos of Yahoo challenged Rogers to explain why his company should not do the same thing on behalf of US adversaries or competitors to facilitate their spying on the United States. Rogers, in what was seen as a heated exchange, resisted the comparison.

Against that backdrop of suspicion, it is uncertain if the new cybersecurity bill can garner the votes in the broader Senate and House that its predecessors could not. The digital-rights group Access on Thursday was already seeking to mobilize its membership to call legislators in objection to the bill.

Wyden declined to comment to reporters, saying as he left the meeting: “You guys know I like talking about this stuff but I can’t say anything.”

He later articulated his dissent in a statement: “The most effective way to protect cybersecurity is by ensuring network owners take responsibility for security. Strong cybersecurity legislation should make clear that government agencies cannot order US hardware and software companies to build weaker products, as senior FBI officials have proposed.”



Via Paulo Félix
more...
No comment yet.
Scoop.it!

How the NSA’s Firmware Hacking Works and Why It’s So Unsettling

How the NSA’s Firmware Hacking Works and Why It’s So Unsettling | IT Support and Hardware for Clinics | Scoop.it
One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered.It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. This lets spies like the Equation Group bypass disk encryption by secreting documents they want to seize in areas that don’t get encrypted.Kaspersky has so far uncovered 500 victims of the Equation Group, but only five of these had the firmware-flashing module on their systems. The flasher module is likely reserved for significant systems that present special surveillance challenges. Costin Raiu, director of Kaspersky’s Global Research and Analysis Team, believes these are high-value computers that are not connected to the internet and are protected with disk encryption.Here’s what we know about the firmware-flashing module.How It WorksHard drive disks have a controller, essentially a mini-computer, that includes a memory chip or flash ROM where the firmware code for operating the hard drive resides.When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one. The researchers uncovered two versions of the flasher module: one that appears to have been compiled in 2010 and is used with EquatinoDrug and one with a 2013 compilation date that is used with GrayFish.The Trojanized firmware lets attackers stay on the system even through software updates. If a victim, thinking his or her computer is infected, wipes the computer’s operating system and reinstalls it to eliminate any malicious code, the malicious firmware code remains untouched. It can then reach out to the command server to restore all of the other malicious components that got wiped from the system.Even if the firmware itself is updated with a new vendor release, the malicious firmware code may still persist because some firmware updates replace only parts of the firmware, meaning the malicious portions may not get overwritten with the update. The only solution for victims is to trash their hard drive and start over with a new one.The attack works because firmware was never designed with security in mind. Hard disk makers don’t cryptographically sign the firmware they install on drives the way software vendors do. Nor do hard drive disk designs have authentication built in to check for signed firmware. This makes it possible for someone to change the firmware. And firmware is the perfect place to conceal malware because antivirus scanners don’t examine it. There’s also no easy way for users to read the firmware and manually check if it’s been altered.The firmware flasher module can reprogram the firmware of more than a dozen different hard drive brands, including IBM, Seagate, Western Digital, and Toshiba.“You know how much effort it takes to land just one firmware for a hard drive? You need to know specifications, the CPU, the architecture of the firmware, how it works,” Raiu says. The Kaspersky researchers have called it “an astonishing technical accomplishment and is testament to the group’s abilities.”Once the firmware is replaced with the Trojanized version, the flasher module creates an API that can communicate with other malicious modules on the system and also access hidden sectors of the disk where the attackers want to conceal data they intend to steal. They hide this data in the so-called service area of the hard drive disk where the hard disk stores data needed for its internal operation.Hidden Storage Is the Holy GrailThe revelation that the firmware hack helps store data the attackers want to steal didn’t get much play when the story broke last week, but it’s the most significant part of the hack. It also raises a number of questions about how exactly the attackers are pulling this off. Without an actual copy of the firmware payload that gets flashed to infected systems, there’s still a lot that’s unknown about the attack, but some of it can be surmised.The ROM chip that contains the firmware includes a small amount of storage that goes unused. If the ROM chip is 2 megabytes, the firmware might take up just 1.5 megabytes, leaving half a megabyte of unused space that can be employed for hiding data the attackers want to steal.This is particularly useful if the the computer has disk encryption enabled. Because the EquationDrug and GrayFish malware run in Windows, they can grab a copy of documents while they’re unencrypted and save them to this hidden area on the machine that doesn’t get encrypted. There isn’t much space on the chip for a lot of data or documents, however, so the attackers can also just store something equally as valuable to bypass encryption.“Taking into account the fact that their GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,” Raiu says.Authorities could later grab the computer, perhaps through border interdiction or something the NSA calls “customs opportunities,” and extract the password from this hidden area to unlock the encrypted disk.Raiu thinks the intended targets of such a scheme are limited to machines that are not connected to the internet and have encrypted hard drives. One of the five machines they found hit with the firmware flasher module had no internet connection and was used for special secure communications.“[The owners] only use it in some very specific cases where there is no other way around it,” Raiu says. “Think about Bin Laden who lived in the desert in an isolated compound—doesn’t have internet and no electronic footprint. So if you want information from his computer how do you get it? You get documents into the hidden area and you wait, and then after one or two years you come back and steal it. The benefits [of using this] are very specific.”Raiu thinks, however, that the attackers have a grander scheme in mind. “In the future probably they want to take it to the next level where they just copy all the documents [into the hidden area] instead of the password. [Then] at some point, when they have an opportunity to have physical access to the system, they can then access that hidden area and get the unencrypted docs.”They wouldn’t need the password if they could copy an entire directory from the operating system to the hidden sector for accessing later. But the flash chip where the firmware resides is too small for large amounts of data. So the attackers would need a bigger hidden space for storage. Luckily for them, it exists. There are large sectors in the service area of the hard drive disk that are also unused and could be commandeered to store a large cache of documents, even ones that might have been deleted from other parts of the computer. This service area, also called the reserved are or system area, stores the firmware and other data needed to operate drives, but it also contains large portions of unused space.An interesting paper (.pdf) published in February 2013 by Ariel Berkman, a data recovery specialist at the Israeli firm Recover, noted “not only that these areas can’t be sanitized (via standard tools), they cannot be accessed via anti-virus software [or] computer forensics tools.”Berkman points out that one particular model of Western Digital drives has 141 MB reserved for the service area, but only uses 12 MB of this, leaving the rest free for stealth storage.To write or copy data to service area requires special commands that are specific to each vendor and are not publicly documented, so an attacker would need to uncover what these are. But once they do, “[b]y sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these [service] areas to read and write data that are otherwise inaccessible,” Berkman writes. It is also possible, though not trivial, to write a program to automatically copy documents to this area. Berkman himself wrote a proof-of-concept program to read and write a file of up to 94 MB to the service area, but the program was a bit unstable and he noted that it could cause some data loss or cause the hard drive to fail.One problem with hiding large amounts of data like this, however, is that its presence might be detected by examining the size of the used space in the service area. If there should be 129 MB of unused space in this sector but there’s only 80 MB, it’s a dead giveaway that something is there that shouldn’t be. But a leaked NSA document that was written in 2006 but was published by Der Spiegel last month suggests the spy agency might have resolved this particular problem.
Via Paulo Félix
more...
No comment yet.
Scoop.it!

Ramping Up Automobile Cybersecurity

Ramping Up Automobile Cybersecurity | IT Support and Hardware for Clinics | Scoop.it

In late 2014, signs emerged that the automobile industry was taking the first steps toward addressing cybersecurity and privacy risks.

See Also: Solving the Mobile Security Challenge

For instance, General Motors hired its first chief product cybersecurity officer, and the automobile industry set up an automobile Information Sharing and Analysis Center to collect and share information about cyber-related threats and vulnerabilities in motor vehicle electronics.


Heading into 2015, efforts to mitigate cybersecurity and privacy risks affecting automobiles continue to gain traction. Recently, Senator Edward Markey, D-Mass., issued a report detailing various automobile security and privacy vulnerabilities. Then, on Feb. 11, Markey confirmed that he, along with Senator Richard Blumenthal, D-Conn., will introduce legislation that would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards for improving the security of vehicles and protecting drivers' privacy.

"We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century," Markey says.

The senators' efforts come after auto manufacturer BMW recently addressed a potential security gap affecting data transmissions to and from the company's connected vehicles via the mobile phone network.

But while early steps are being taken by the industry to get on top of the risks, progress around securing automobiles may not come as quickly as some would hope. "Sure, proof of concept exploits are there - and they are real - but there is not even a semblance of exploitation by the criminals in the wild," says Anton Chuvakin, research vice president for security and risk management at Gartner.

"We do have a chance to prepare for this now by starting early with car and other device security," he says. "However, the history of information security teaches us that we probably won't. Today the threat is mostly 'not' real, but all signs point that it will become real."

Key Risks

Chris Valasek, director of vehicle security research at IOActive, a computer security services firm, has researched cyber vulnerabilities in automobiles through funding from the Cyber Fast Track initiative from the Defense Advanced Research Projects Agency, or DARPA.

Based on his research, Valasek says hackers could gain access to a vehicle's systems and potentially take private information, such as GPS coordinates or the driver's username and password for various in-car applications. Also, cybercriminals potentially could obtain control of computers within the car that operate certain features, such as cruise control, Valasek says.

"[Through our research], we showed that if you're on the car's computer network, you could send messages to completely stop the car and immobilize it," he says. "If an attacker found a way to break in remotely - through Bluetooth, cellular or an application - and was able to be on the right portion of the car's network, they could stop the car, disengage breaks or steer the steering wheel."

Down the road, automakers also need to worry about the potential cyberthreats concerning so-called "autonomous" or driverless vehicles now in development, says Stephen Wu, an attorney at the Silicon Valley Law Group, who has been researching the legal concerns regarding autonomous driving. "If cars crash because of information security vulnerabilities, it could lead to liability for the manufacturers," he says. "They need not only be concerned about safety, but also the governance of information security, privacy and the management of information that's being generated and communicated by cars."

Security Gaps Remain

The recent report from Senator Markey is based on a survey of 16 major automobile manufacturers about how vehicles may be vulnerable to hackers and how driver information is collected and protected.

Among the findings:

  • Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions;
  • Most automobile manufacturers were unaware of or unable to report on past hacking incidents;
  • Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers;
  • Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real time, and most said they rely on technologies that cannot be used for this purpose at all.

Valasek at IOActive says the biggest takeaway from the report is how most of the manufacturers couldn't answer many questions. "This means that not only are they behind on their security efforts, but probably don't have a good idea of the attack landscape or where to start," he says.

Legislation

The new legislation proposed by Markey would include three key requirements:

  • All wireless access points in cars must be protected against hacking attacks and evaluated using penetration testing;
  • All collected information must be appropriately secured and encrypted to prevent unwanted access; and
  • The manufacturer or third-party feature provider must be able to detect, report and respond to real-time hacking events.

To address privacy issues, Markey is seeking a transparency requirement that drivers be made explicitly aware of data collection, transmission and use. He also wants consumers to have the ability to choose whether data is collected, without having to disable navigation. And he's seeking prohibition of the use of personal driving information for advertising or marketing purposes.

"In essence, the proposed legislation codifies what have been best practices in privacy and security for years," says Scot Ganow, a privacy and security attorney at the law firm Faruki Ireland and Cox PLL.

But that doesn't mean the proposed law won't face challenges similar to those that have arisen in previous failed attempts to adopt federal data breach legislation, Ganow says. "As with all laws seeking to regulate commerce and, in particular, the flow of information, the struggle will exist over balancing appropriate regulation while not choking innovation and corporate independence."

Proactive Approach

As the security and privacy landscape around automobiles continues to take shape, manufacturers can start taking the necessary steps to get ahead of the challenge before it becomes a real problem.

Right now, hacking a vehicle is still very hard and very expensive, Valasek says. "That's not to say that won't change in the future. But you want to start implementing security measures before there is an actual problem."

Valasek argues that manufacturers "will have to accept that security is required as part of the process and not an after-thought. Only then can we truly talk about mitigating risks."

In addition, automakers should hire more cybersecurity experts and attempt to integrate security into the automotive software development lifecycle, says Ben Johnson, chief security strategist at Bit9 + Carbon Black, an endpoint security firm. "Immediately, I would be hiring penetration-testers and security consultants to do as much assessment and analysis of the existing systems as possible," he says.

It may also be in the best interest of the automobile industry - and consumers - if manufacturers adopt a model similar to PCI-DSS, the independently developed standards in the payments card industry, says Andreas Mai, director for smart connected vehicles at Cisco. "If an independent body devised a list of security features and controls that a vehicle and its computer systems should have, and the body audited vehicles for adherence, even if it was voluntary, like Consumer Reports, it would at least provide consumers with the notion someone has looked at security and provide a baseline level of confidence," he says.


more...
Secunoid's curator insight, February 19, 2015 1:52 PM

The next frontier to keep an eye out for from security perspective, Automobiles.

Sandesh's curator insight, March 23, 2015 9:55 AM

They have introduced the cybersecurity which is attached withh audio player

Scoop.it!

Online trust is at the breaking point

Online trust is at the breaking point | IT Support and Hardware for Clinics | Scoop.it

IT security professionals around the globe believe the system of trust established by cryptographic keys and digital certificates, as well as the security of trillions of dollars of the world's economy, is at the breaking point.

For the first time, half of the more than 2,300 IT security professionals surveyed by The Ponemon Institute now believe the technology behind the trust their business requires to operate is in jeopardy. 100% of organizations surveyed had responded to multiple attacks on keys and certificates over the last two years.


Research reveals that over the next two years, the risk facing every Global 5000 enterprise from attacks on keys and certificates is at least $53 million USD, an increase of 51 percent from 2013. For four years running, 100 percent of the companies surveyed said they had responded to multiple attacks on keys and certificates, and vulnerabilities have taken their toll.

"The overwhelming theme in this year's report is that online trust is at the breaking point. And it's no surprise. Leading researchers from FireEye, Intel, Kaspersky, and Mandiant, and many others consistently identify the misuse of key and certificates as an important part of APT and cybercriminal operations," said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. "Whether they realize it or not, every business relies upon cryptographic keys and digital certificates to operate. Without the trust established by keys and certificates, we'd be back to the Internet 'stone age' – not knowing if a website, device, or mobile application can be trusted."

As risk increases, so does the number of keys and certificates: Over the last two years, the number of keys and certificates deployed on infrastructure such as web servers, network appliances, and cloud services grew more than 34 percent to almost 24,000 per enterprise. The use of more keys and certificates makes them a better target for attack. Stolen certificates sell for almost $1000 on underground marketplaces, and doubled in price in just one year. Researchers from Intel believe hacker interest is growing quickly.

Organizations are more uncertain than ever about how and where they use keys and certificates: Now 54 percent of organizations admit to not knowing where all keys and certificates are located and how they're being used. This leads to the logical conclusion: how can any enterprise know what's trusted or not?

Security pros worry about a Cryptoapocalypse-like event: A scenario where the standard algorithms of trust like RSA and SHA are compromised and exploited overnight is reported as the most alarming threat. Instantly transactions, payments, mobile applications, and a growing number of Internet of Things could not be trusted. Coined by researchers at Black Hat 2013, a Cryptoapocalypse would dwarf Heartbleed in scope, complexity, and time to remediate.

The misuse of enterprise mobile certificates is a lurking concern: The misuse of enterprise mobility certificates used for applications like WiFi, VPN, and MDM/EMM is a growing concern for security professionals. Misuse of enterprise mobility certificates was a close second to a Cryptoapocalypse-like event as the most alarming threat. Incidents involving enterprise mobility certificates were assessed to have the largest total impact, over $126 million, and the second largest risk. With a quickly expanding array of mobile devices and applications in enterprises, it's no wonder why security pros are so concerned.

"With the rising tide of attacks on keys and certificates, it's important that enterprises really understand the grave financial consequences. We couldn't run the world's digital economy without the system of trust they create," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "This research is incredibly timely for IT security professionals everywhere – they need a wake up call like this to realize they can no longer place blind trust in keys and certificates that are increasingly being misused by cybercriminals."survey


Via Paulo Félix
more...
No comment yet.
Scoop.it!

OpenDNS trials system that quickly detects computer crime

OpenDNS trials system that quickly detects computer crime | IT Support and Hardware for Clinics | Scoop.it

A security system undergoing testing by a San-Francisco-based company aims to speed up the detection of websites and domains used for cybercrime.

The technology is being developed by OpenDNS, which specializes in performing DNS (Domain Name System) lookups. The DNS translates domain names such as idg.com into an IP address that can be called into a browser

OpenDNS offers a secure DNS service for ISPs and organizations that blocks requests from Web browsers to sites that may be associated with cybercrime or spoof a company such as PayPal.

The company, which was founded in 2005, has grown so much that its systems respond to some 71 billion DNS requests per day. That’s just 2 percent of global DNS traffic but is enough of a sample to pick up on many cybercrime campaigns.

The new system, called Natural Language Processing rank (NLPRank) looks at a range of metrics around a particular domain name or website to figure out if it’s suspicious.

It scores a domain name to figure out if it’s likely fraudulent by comparing it to a corpus of suspicious names or phrases. For example, g00gle.com—with zeros substituting for the letter “o”—would raise a red flag.

Many cybercriminal groups have surprisingly predictable patterns when registering domains names for their campaigns, a type of malicious vernacular that OpenDNS is indexing. Bogus domain names use company names, or phrases like “Java update,” “billinginfo” or “security-info” to try to appear legitimate.

But there’s a chance that NLPRank could trigger a false positive, flagging a variation of a domain that is legitimate, said Andrew Hay, director of security research at OpenDNS.

To prevent false positives, the system also checks to see if a particular domain is running on the same network, known as its ASN (autonomous system number), that the company or organization usually uses. NLPRank also looks at the HTML composition of a new domain. If it differs from that of the real organization, it can be a sign of fraud.

NLPRank is still being refined to make sure the false positive rate is as low as possible. But there have been encouraging signs that the system has already spotted malware campaigns seen by other security companies, Hay said.

Earlier this month, Kaspersky Lab released a report on a gang that stole upwards of US$1 billion from banks in 25 countries. The group infiltrated banks by gaining the login credentials to key systems through emails containing malicious code, which were opened by employees.

Hay said Kaspersky approached OpenDNS before the report was published to see if it had information on domains associated with the attacks. NLPRank was already blocking some of the suspicious domains, even though OpenDNS didn’t know more details about the attacks.

“We caught these things well back,” Hay said.

In some cases, NLPRank could allow a domain to be blocked even before one is actively used. After cybercriminals register a domain, they’ll often visit it once to make sure it’s accessible. It may then go dormant for a few days before it is incorporated in a campaign, Hay said.

If a fraudster is connected to an ISP that uses OpenDNS’s service, just a single DNS query for that new domain would allow OpenDNS to analyze and potentially block it before it is used for crime.

“As soon as we see that little bump on the wire, we can block it and monitor to see what’s going on,” Hay said. “It’s almost an early warning system for fraudulent activity.”



more...
No comment yet.
Scoop.it!

Cybercrime Affects More Than 431 Million Adult Victims Globally

Cybercrime Affects More Than 431 Million Adult Victims Globally | IT Support and Hardware for Clinics | Scoop.it

Cybercrime affects more than 431 million adult victims around the world. Since the internet has become such an integral part of governments, businesses, and the lives of millions of people, cyberspace has become an ideal place, allowing criminals to remain anonymous while they prey on victims.

The most common forms of cybercrime are offences related to identity, such as malware, hacking, and phishing. Criminals use these methods of cybercrime to steal money and credit card information. Additionally, cybercriminals use the internet for crimes related to child pornography, abuse material, and intellectual and copyright property.

As technology advances, criminals are finding it much easier to perform a cybercrime; advanced techniques and skills to perpetrate threats are no longer required. For instance, software that allows criminals to override passwords and locate access points of computers are easily purchased online. Unfortunately, the ability to find cyber criminals is becoming more difficult.


Cybercrime is a rapidly growing business, exceeding $3 trillion a year. Victims and perpetrators are located anywhere in the world. The effects of cybercrime are seen across societies, stressing the need for a pressing and strong international response.

However, many countries do not have the capacity or regulations to combat cybercrime. A global effort is required to make available firmer regulations and improved protection because cyber criminals hide within legal loopholes in countries with less stringent regulation.

Criminals perpetrate a cybercrime by taking advantage of a country’s weak security measures. Additionally, the lack of cooperation between developing and developed countries can also result in safe havens for individuals and groups who carry out a cybercrime.

The United Nations is actively involved in fighting cybercrime. The organization set up the United Nations Office on Drugs and Crime (UNODC) following the 12th Crime Congress to study cybercrime. The UNODC is a global leader in the fight against illicit drugs and international crime.

Cybercrime affects one million victims every single day. More than 431 million people are affected by cybercrime, that’s 14 adult victims every second.

In addition, there are up to 80 million automated hacking attacks every day. The most common and fastest growing forms of consumer fraud on the Internet are identity-related offences, especially through the misuse of credit card information.

Learning online protection methods is one of the simplest means of defense from becoming victim to a cybercrime. When purchasing products online, always be aware of the trustworthiness of the websites.

Avoid using public computers for anything that requires a credit card payment. By all means, be sure online purchases and banking are facilitated with a fully legitimate and safe business.

Computers should have up-to-date security software; choose strong passwords, and do not open suspicious emails or special offers that ask for personal information, which are often in the form of sales, contests, or fake banks.

Internet-related crime, like any other crime, should be reported to appropriate law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the crime.


Via Paulo Félix
more...
purushothamwebsoftex's curator insight, February 24, 2015 3:05 AM

Websoftex Software extending its services in Website Designing, Web Development, MLM Software,HR Payroll Software, TDS Software, Micro Finance Software, RD FD Software, ERP Software, Chit Fund Software. With the help of our experienced software team and insights of clients MLM Software is continuously updated to latest technologies and demands. Websoftex pays special attention to its Research & Development.