IT Security News Blast 1-31-2017

Is it time to call an MSSP? Five signs that it can’t wait

  1. Limited resources and expertise within your organization
  2. Budget restrictions
  3. Lack of visibility into IT
  4. A vulnerable business ecosystem
  5. Compliance

https://www.helpnetsecurity.com/2017/01/30/mssp/

Ransomware attacks will double in 2017, study

Based on analysis of nearly two thousand data breaches that Beazley’s Breach Response division managed on behalf of clients in 2016, the study determined that there were four times as many ransomware attacks in 2016 compared to the previous year. “The ease and effectiveness of these attacks portend an even larger increase in 2017 with Beazley projecting these attacks to double again in 2017,” the study found. As the number of attackers is only increasing, the company said the unintended disclosure of personal information – usually via emails or faxes sent to the wrong recipient – is “much more dangerous.” Incidents of this type increased by nearly a third of all breaches in 2016, up from 24 percent in 2015, the study revealed.

https://www.scmagazine.com/ransomware-attacks-will-double-in-2017-study/article/634560/

6 Free Ransomware Decryption Tools [Slideshow]

“We have definitely angered the ransomware makers,” says Intel Security Vice President and CTO Raj Samani. “Recently, we found a ransomware variant using the file extension .nomoreransom, so they know who we are.” […] Here’s a look at the free tools available to get back your data after a ransomware attack as welll as in inside look at how they were created, based on interviews with vand der Wiel and Samani.

http://www.darkreading.com/threat-intelligence/6-free-ransomware-decryption-tools/d/d-id/1327999?

Some key cyber-security tips for financial firms

Given the intensifying scrutiny of the SEC and of FINRA, financial firms should consider re-doubling data security efforts, and launching a preemptive strike to counter future allegations of lackluster cyber-security—below are some suggestions on how.

  • Hire a CISO or form a data security committee (DSC)
  • The CISO or DSC should report to the general counsel.
  • Improve vendor due diligence
  • Vendor Management
  • Improve training and orientation
  • Tabletop exercises
  • Send customer alerts in plain English

https://www.complianceweek.com/blogs/john-reed-stark/some-key-cyber-security-tips-for-financial-firms

Cybersecurity: practical advice for SMBs

“Start with policies and procedures and by educating people in the company, especially those who are making electronic payments,” he suggests. Ideally, banking transactions should be carried out on a dedicated computer. “A lot of people get in trouble because they log into bank accounts on the same computer that they use for browsing CNN,” he says. “This will keep credentials a lot safer.” All employees should use two factor authentication (2FA), which requires not just a password but also some other form of verification, such as a card, token or a biometric form of authentication such as a fingerprint.

http://www.kmworld.com/Articles/Editorial/Features/Cybersecurity-practical-advice-for-SMBs-115898.aspx

Could jihadists paralyse a city – with help from ‘cyber mercenaries’?

“Even if they don’t have access to the capabilities, they can simply buy it on the darknet (a hidden internet realm of encrypted websites), where there is an enormous trade in cyber criminal technology,” Wainwright said at a panel discussion on “Terrorism in the Digital Age”. […] “This kind of attack has even begun in some countries,” Poupard said. “We are closely following what’s happening in Ukraine where strange breakdowns are becoming frequent that are caused by extremely sophisticated actions.”

http://www.scmp.com/news/world/europe/article/2066331/could-jihadists-paralyse-city-help-cyber-mercenaries

6 ways to launch a targeted cyberattack

Consider that, on average, attackers are in a network for more than 140 days before they’re detected, and 60% of network intrusions are eventually traced back to credentials, according to according to Microsoft. Most successful targeted attacks follow six steps or stages, though it’s important to remember that these steps often run in parallel. Multifaceted attacks are common, so a robust threat response plan should address all six steps and avoid jumping to conclusions.

http://www.networkworld.com/article/3161549/security/6-ways-to-launch-a-targeted-cyberattack.html

What’s In Store For Global Cyber Security In 2017

Trump’s stated desire to priorities what he feels are US interests  and a more transactional foreign policy, and his indication that he will better tolerate the spheres of influence of other global powers, is likely to embolden these actors to conduct a range of cyber activity within their respective backyards, with reduced fears of US reprisals. We anticipate this to be the case with China and the ASEAN states, particularly in relation to the South China Sea and associated territorial disputes; Iran within the Middle East region, particularly if Trump’s promised hardline stance materializes and aggravates existing regional and sectarian tensions; and Russia with the Baltic states, its near abroad and European powers.

http://www.forbes.com/sites/riskmap/2017/01/30/whats-in-store-for-global-cyber-security-in-2017/#5c3863eb5e0d

As administration drafts new cyber order, experts call for more action, fewer policies

“Since it’s about the fourth time we’ve done this review maybe we will take it serious this time,” said Bob Lentz, president of Cyber Security Strategies, and a former Defense Department cybersecurity executive. “I wish they would have emphasized IoT stronger as this is the game changer for next decade.” Shawn Henry, president of Crowdstrike Services and a former executive assistant director of the FBI, who oversaw computer crime investigations, put it more succinctly. “Most of the order has been completed previously, so the reporting already exists,” Henry said in an email to Federal News Radio.

http://federalnewsradio.com/reporters-notebook-jason-miller/2017/01/administration-drafts-new-cyber-order-experts-call-action-fewer-policies/

Many firms in the dark on cyber security investment

Dieroff believes that by having an ethos of following a group of principles, organisations can ensure the effective and relevant use of the IT security budget, and possibly reduce spending by buying only what they need. “If an organisation uses only an ISO certification as a guide for implementing a set of security controls, they run the risk of investing in controls that they are never going to need because they may not be relevant to that particular organisation’s business processes in any way,” he said.

http://www.computerweekly.com/news/450411926/Many-firms-in-the-dark-on-cyber-security-investment

Cyber Security : Why It Belongs In The Board Room

Given the present state of cyberspace, no longer can organizations afford their departments to work in silos when it comes to cyber security. What is required is cultural shift from the bottom to the top of the organizational pyramid covering every nook and corner of all echelons and stratums wherein every individual employee of the organization maintains an optimum cyber hygiene. It is the job of every employee from the CEO to the newly hired apprentice to inculcate an optimum security hygiene and develop a level of vigilance and awareness.

https://thetechportal.com/2017/01/30/cybersecurity/

Fears grow over militant cyber threat

“Digital attacks with major impacts are unlikely in the short term,” said Guillaume Poupard, head of France’s digital security service ANSSI, speaking to AFP at an international cyber security conference in Lille, France. “However, that could change very fast. Our real fear, and we may already be there, is that they will use mercenaries, people who will do anything for money,” Poupard said. The Islamic State group, Al-Qaeda and other militant groups are so far using the internet mainly for propaganda and recruitment purposes. “The skills are complex, though not at the level of a nuclear weapon,” Poupard said. “With a few dozen people, a little money, but not that much, you can be effective.”

http://nation.com.pk/international/29-Jan-2017/fears-grow-over-militant-cyber-threat

When does a cyberattack mean war? Experts say there’s no clear line

So 20 minutes into the hearing, [Senator John McCain] posed a blunt question to Director of National Security James Clapper: Would a successful digital campaign to alter the outcome of a U.S. election equal an attack on the U.S.? […] Clapper’s response highlighted an alarming point about U.S. cyber policy, one that could prove troublesome as U.S.-Russia tensions mount and an unpredictable new administration gets its bearings: America does not have a clearly defined threshold at which digital offensives escalate into all-out war.

https://www.revealnews.org/article/when-does-a-cyberattack-mean-war-experts-say-theres-no-clear-line/

How to practice cybersecurity (and why it’s different from IT security)

I admit this approach is a radical departure from how most organizations currently handle security. Further complicating this perspective is the fact that what I’m proposing can’t be learned in classrooms or professional development courses. The notion of experience being the best teacher applies to figuring out cybersecurity. Step one is thinking like a detective and asking questions about the incident like why was this attack vector used, are there any strange activities (however minor) occurring elsewhere in my IT environment, and why would attackers target our organization.

http://www.networkworld.com/article/3162996/security/how-to-practice-cybersecurity-and-why-its-different-from-it-security.html

Fake Netflix, WhatsApp, Facebook Android Apps Contain SpyNote RAT

Among the above-mentioned apps, Zscaler researchers have kept their emphases on fake Netflix app being infected with a new variant of SpyNote RAT. According to Shivang Desai of ZScaler, “The iOS and Android apps for Netflix are enormously popular, effectively turning a mobile device into a television with which users can stream full movies and TV programs anytime, anywhere. “But the apps, with their many millions of users, have captured the attention of the bad actors, too, who are exploiting the popularity of Netflix to spread malware.”

https://www.hackread.com/spynote-rat-netflix-whatsapp-facebook-android-apps/

Majority of Android VPNs can’t be trusted to make users more secure

Over the past half-decade, a growing number of ordinary people have come to regard virtual private networking software as an essential protection against all-too-easy attacks that intercept sensitive data or inject malicious code into incoming traffic. Now, a comprehensive study of almost 300 VPN apps downloaded by millions of Android users from Google’s official Play Market finds that the vast majority of them can’t be fully trusted. Some of them don’t work at all.

https://arstechnica.com/security/2017/01/majority-of-android-vpns-cant-be-trusted-to-make-users-more-secure/

Half of IT pros don’t know how to improve their security posture

72 percent of respondents report that their role covers so many different areas that it is difficult to focus on IT security as much as they should.

50 percent of the respondents said that security is so complex, they don’t know where to start to improve their organization’s security posture.

51 percent say they would like their organization to assign more budget and/or resources to IT security.

https://www.helpnetsecurity.com/2017/01/30/improve-security-posture/

Using deception technologies to thwart attacks and reveal targets

The Department of Homeland Security defines Moving Target Defense  as “the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts.” There are many different approaches for implementing MTD, including dynamic runtime platforms, dynamic application code and data, dynamic deception as well as control-flow enforcement technology by companies such as Intel and Microsoft.

https://gcn.com/articles/2017/01/27/deception-technologies-for-detection.aspx?admgarea=TC_SecCybersSec

Former NSA lawyer says US border plans to demand tourists’ browser history, phone data would be unlawful

A former senior lawyer for the National Security Agency has called plans to force visitors to the US to turn over contacts lists, browsing histories, and social media data “tremendously intrusive” and “grossly overbroad.” April Doss, former associate general counsel for intelligence law at the National Security Agency, argued in a phone call that such a move would almost certainly be unlawful. CNN reported Sunday that White House policy director Stephen Miller said Trump administration officials are “discussing the possibility of asking foreign visitors to disclose all websites and social media sites they visit, and to share the contacts in their cell phones.” […] “It defies belief to my way of thinking that web browsing histories and contacts list of every person who wants to enter the US on a visit could possibly have intelligence value,” said Doss.

http://www.zdnet.com/google-amp/article/former-nsa-lawyers-blast-us-plans-to-collect-contacts-list-browser-history-at-border/

//]]>