Hackers Will Target Small Business Through the Internet of Things in 2018, New Report Says

A new report finds hackers are poised to target small businesses that use Internet of Things (IoT) technology to gain access to data from larger global firms in 2018. The  2018 Cybersecurity Predictions by Aon’s Cyber Solutions predicts a small business Internet of Things (IoT) breach will create a domino effect that damages a larger company.

2018 Cybersecurity Predictions

The report also found that while  55 percent of small businesses were breached between 2015 and 2016,  only a small minority see cybersecurity as a critical issue. This is despite the fact that the overall money spent on cybersecurity in 2017 was $86.4 billion, an increase of 7 percent over 2016.

New Threat

The Internet of Things (IoT) is at heart of this new threat.  It’s loosely defined as all software enabled devices we use (from appliances to smartphone sand computers) that can exchange data.

Criminals hijacked hundreds of thousands of Internet of Things (IoT) devices worldwide in 2017. They’ve even fine tuned  social engineering and spear-phishing tactics according to the report.

Jason J. Hogg, CEO of Aon Cyber Solutions explains the looming threat as small businesses use this technology.

“IoT is notoriously unsecured: manufacturers often lack necessary security expertise, constant product innovation creates vulnerabilities, and companies frequently overlook proper patch management programs. Hackers exploit this reality, targeting IoT as a pivot point to enter systems and take control of physical operations.”


The report found that hackers favored botnets like “Hajime” and “IoT_reaper” last year. The growing trend caused concerns about DDoS attacks and other issues. DDoS attacks occur when hackers flood servers with bogus data and websites and networks get shut down.

High Cost

Any attack can really harm a small businesses’ operations as well as a larger organization.  There’s always a high cost to having your business shut down for any amount of time. What’s more, there’s lasting reputational damage because these smaller firms are working more and more with big organizations that have a large reach.

Hogg also says there are some other reasons why small businesses are ripe for this new Internet of Things (IoT) cybersecurity threat.

“Small businesses, lacking resources and/or awareness to effectively secure their systems, are particularly vulnerable to cyber attacks on IoT,” he says. “The breach will serve as a wake-up call for small and midsized businesses to implement better security measures so as not to risk losing business.”


The report also predicts passwords will continue to be hacked. Multifactor authentication will become critical as hackers learn to get around biometrics.  Larger businesses will adopt standalone cyber insurance policies and chief risk officers will play a larger role.

The report also sees the spotlight on regulation strengthening and widening as calls for a harmonized approach to cyber security get more intense.  It points to the EU’s attempt to set  a universal standard for consumer data privacy and Global Data Protection Regulation (GDPR), that oversees companies collecting data from EU citizens.

Criminals will also target transactions that use points as currency like retailers who use rewards, gift and loyalty programs.  The use of cryptocurrencies will encourage an increase in ransomware attacks in 2018 like the WannaCry ransomware that affected 200,000 computers in 150 countries in 2017.

Source: https://smallbiztrends.com/2018/01/2018-cybersecurity-predictions.html

New year, new defence: Cybersecurity help and predictions for 2018

Organisations will adopt AI and other emerging technologies to help fight this year’s growing cyber threats.

With 2017 seeing an enormous number of data breaches, businesses should be looking at their cybersecurity processes and planning how to effectively monitor their network security in the year to come. With massive developments in monitoring and AI providing unmissable cybersecurity opportunities, here are five predictions of what we expect to see in 2018.

1. Organisations will increasingly adopt AI-based systems to help with Cybersecurity

In 2018, we’ll see companies using AI-based tools to benchmark their networks to ensure that companies know exactly what systems should ‘normally’ look like, allowing abnormalities to be identified faster before cyber incidents become full-blown attacks.

Despite hackers constantly evolving their attack methods to target new vulnerability points and bypass existing defence systems, AI-based tools can use real-time analytical models to search for anomalies. While analysts still need to decide whether these anomalies require urgent action or not, AI can help make them more productive.

We can also expect to see AI being used more to evaluate and prioritise security alerts. This will automate the more routine procedures that analysts have to undertake, and may even reduce threat related ‘false positives’ alerts in networks. Many companies are relying on rule-sets provided by third-party providers to deal with false positives, and they often don’t have the ability to tune and change the rules. This means that they either suffer the false positives and ignore them, or turn off that rule if the false positives are too prevalent – neither of which is an effective strategy.

AI-based systems can help by filtering out the noise of false positives, making it easier for analysts to identify, and focus on, the real threats.

2. Companies will handle breach communication much better than they did in 2017

PayPal is a great example of this. The company should be commended for implementing good hygiene practices that resulted in identifying and announcing the breach at TIO on 4th December, and for showing leadership in claiming responsibility for dealing with the outcome. We’re set to see a big difference between those companies that try and sweep breaches under the carpet, and those that are set up with the right processes to investigate breaches and respond appropriately. Those who attempt to hide breaches – we’re looking at you Uber – will be treated with contempt by customers and the media, as indicated by surveys that indicate as many as 85% of respondents wouldn’t do business with firms that had suffered a data breach.

Of course, on 25th May, 2018, the General Data Protection Regulation (GDPR) will come into effect, which means companies will have to notify the Information Commissioner’s Office (ICO) of a breach within 72 hours, or a fine of up to 4% of global revenue.

Sensible organisations will look to implement stronger protection using application whitelisting, encryption and other techniques and improve their detection capability. They should also look to collect and store more definitive evidence about what takes place on their networks – in the form of more verbose log data, NetFlow history and full packet capture. Without this, organisations will find it impossible to investigate a breach quickly enough to satisfy regulatory obligations.

3. Retailers will be far more risk averse during holidays

Companies have begun to accept that optimised monitoring needs to take place all year-round, and Christmas will be no exception. However, companies will become more risk adverse, and whether it’s a bank or a retailer, as the holiday period approaches, often there’s a “blackout” period during which network and security teams are not allowed to make updates and changes to their networks other than urgent patches.

Threat actors may step their activity during the holiday period because there is a higher chance of evading identification and more to gain. This year, Shopify revealed that at the peak of Black Friday, online shoppers were making 2,800 orders per minute, worth approximately US$1million. Had Shopify experienced an outage of just five minutes during this busy period, it would have cost them US$5million in revenue. Protecting against outages – such as might result from a Distributed Denial Of Service (DDOS) attack – is critical at these times. Additionally, this volume of online activity makes it easy for hackers to hide their movements while everyone’s focus is on making sure systems stay up and handle the load.

4. New housekeeping and the end of BYOD

Basic house-keeping will play a big role in cybersecurity in 2018. We’ll see a lot more staff training, and more focus on patching and standardisation so that companies avoid attacks like the widespread ransomware outbreaks we saw this year.

We’re also likely to see more companies moving away from BYOD. The reality is that BYOD has simply proven too hard to regulate and the risk it poses too difficult to protect against. In sensitive networks, with a lot at stake, this risk is not acceptable any longer.

5. Increasing use of strong encryption, and attacks over encrypted connections.

We already know that encryption of network traffic is being used more frequently by attackers as way to hide evidence of their activity. Analysts and their detection tools can’t see into the payload of encrypted traffic.

Unless, of course, they have the encryption keys. If operators force all SSL connections to pass through a proxy, they can decrypt the traffic and see inside the payload. This allows the proxy to provide a clear-text version of the traffic to security tools for analysis, or to full packet capture appliances like the EndaceProbe Network Recorder.

 We should expect to see the adoption of SSL proxy appliances increasing in 2018 – great news for companies like Ixia, Gigamon, Bluecoat, Juniper and others that make these appliances.


So, will 2018 be just as unpredictable when it comes to cybersecurity, data breaches and network infiltration? Chances are, most likely it will. However, with the right plans, practices and network monitoring in place, companies can at least prepare themselves for the worst, and prevent any possible breaches from being anywhere near as extensive as those that took place in 2017.

Source: https://www.itproportal.com/features/new-year-new-defence-cybersecurity-help-and-predictions-for-2018/

Old Vulnerabilities still available to be exploited ROBOT

Old Vulnerabilities still available to be exploited
Return Of Bleichenbacher’s Oracle Threat

A joint study by researchers from Ruhr-Universitat Bochum/Hackmanit GmbH and Tripwire VERT has revealed a re-tread of an old vulnerability from 1998 that allows an attacker to leverage RSA decryption and cryptographic operations. It does so by using the private key configured on the vulnerable TLS servers. This latest CVE, dubbed ROBOT (Return Of Bleichenbacher’s Oracle Threat) has a surprisingly large target area, affecting almost a third of the top 100 domains (according to ALEXA).

I won’t detail the history and specifics of the exploit; there is a pretty good overview over at The Hacker News and of course at the researchers own website, where they have provided an online and downloadable tool for testing for this exploit.

What I will bring to attentionare the hardware vendors that are identified as being susceptible to this exploit even today , as it contains some of the biggest names in the IT industry: Cisco, F5, Citrix, and the most surprising isRadware, who specialize in building cybersecurity products. Granted some of the listed platforms are older legacy platforms, but given that the RSA cipher has been deprecated for over a decade, one would assume that patches to remove it would have been offered and applied years ago. One may be led to believe that this type of negligence is one way to incentivize customers to continually spend on expensive hardware upgrades, but of course we all know better than that…..

With regards to DOSarrest and R.O.B.O.T, we’ve long known about the weakness of using RSA ciphers, and only use strong, hardened cipher suites in our operations.

If you are using one of the affected hardware vendors, we can help. With our DDoS Proxy Defense Network, we can take all HTTPS connections and ensure your origin server/s are protected from this CVE, as well as many other vulnerabilities.

Jag Bains, CTO

DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/old-vulnerabilities-still-available-to-be-exploited-robot/

Throwing Caution to the Cloud?

The Hidden Costs of Moving IT operations onto the Cloud

As the CTO of a Cloud DDoS Protection Service, it would seem that I would be shooting myself in the foot by raising alarms about hidden costs in moving onto the cloud. After all, shouldn’t everything IT (including Security) be moved to cloud, with it’s promises of low cost, high flexibility and immediate scalability? On the surface, this sounds like a great opportunity for CIO’s and CSO’s who are trying to deal with a volatile budget, but like anything else in life, it’s best to take a closer look before committing.

When I speak with our customers, many of whom have been transitioning their system and storage to a cloud provider, we’ll often have discussions about support of their new setups within Amazon, Azure, etc. These migrations pose no problems for the DOSarrest service, and the conversations will invariably pivot into a Q&A on ideal hosting setups within these popular platforms, as I have had experience working with cloud hosting in my past lives. What I have noticed in conversing with these customers is that the same mistakes of the past are still occurring with high frequency even now, which is the pursuit of short term saving without fully auditing their existing setups and requirements. IT managers are still often attempting to take a snapshot of their server inventory and attempt to replicate it in the cloud during a migration, without fully appreciating that they have excess server capacity. This results in buying extra capacity when it is not required. What’s even worse are when IT managers are blissfully ignorant of the resources and processes operating within their environment that typically have little cost, and have no idea what that will look like on the invoice sheet when those same processes get moved into the cloud. Some good examples of areas that get overlooked in the migration are:

  1. CPU & Memory – it’s a safe bet you could walk into any enterprise datacenter and the vast majority of the systems will be running idle with the occasional 10% CPU load and minimal RAM. Yet each system will have robust specs (eg. 8 core, 32 Gb/s of RAM). Do you really need to replicate those specs in the cloud, even if it is cheaper than buying the actual server yourself?
  2. Storage –Similar to point 1, you will see a lot of disk space being unused in a datacenter. We all have to deal with growing and shrinking volumes, but have you recorded peak disk usages on a system for 1 day, 1 month, 1 year? Doing so would help ensure you don’t simply get the 5 TB option when it’s not needed
  3. Data Transfer/Bandwidth – it’s surprising to me how bandwidth generated by a server farm is often ignored by IT managers. BW plans with their upstreams will allow them to be ignorant of that I suppose. However, when moving to the cloud, you could end up with a hefty bill if you are unsure how much traffic your systems can generate during peak loads. You should also be aware of charges for data transfer between regions and zones.

When it comes to Security in the cloud, there are again other considerations one should account for to avoid paying extra costs.

a) Service Level Agreements – Does the cloud service provider have triple 9’s, Quadruple 9’s? More importantly, does the SLA have a limit to the size of attacks it will support? Is there a different price for each tier of SLA’s?

b) Throughput – the Service provider may say that they have Tb/s of capacity, but is there extra charges if there is a sustained attack over 50 Gb/s? 100 Gb/s? 500 Gb/s?

c) Tiered Support – often you will see a different price schedule for the types of support. 30 minute response versus 15. Phone support being extra

d) Cost for features – Are their additional charges for CDN? How about Web Application Firewall? Machine Learning for identifying anomalous traffic patterns?

At DOSarrest we recognize the cost risk for IT managers, and put all services under one fixed price, simplifying their budgetary exercises and minimizing potential cost over runs in the face of an unknown threat landscape. I know that if a customer of ours is fully using the services we offer that have no extra cost to them they can save thousands of dollars a month on a cloud hosting platform invoice.

In summary, do your due diligence. The cloud can be incredibly powerful with significant savings, but understand what your requirements are.

Jag Bains

CTO, DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/throwing-caution-to-the-cloud/

Bitfinex restored after DDoS attack

Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.

Bitfinex, which claims to be the world’s largest and most advanced cryptocurrency exchange, says it has restored its systems after coming under a “heavy” distributed denial of service (DDoS) attack.

Despite claiming on its website that Bitfinex is “protected by automatic distributed denial of service” systems, the company has been affected twice in December 2017 and once in November by DDoS attacks.

According to Bitfinex, the attackers created “hundreds of thousands of new accounts,” causing stress on the Bitfinex’s infrastructure. The exchange said it took about 12 hours to restore normal operations and that new user signups had been suspended temporarily to reduce demand on its infrastructure.

The latest DDoS attack on Bitfinex comes just days after an Imperva report showed that the bitcoin industry was one of the top ten industries most targeted by DDoS attacks in the third quarter of 2017.

Cyber security industry analysts say the increased interest in Bitcoin as its value continues to surge is making it a prime target for cyber criminals either for extortion or theft.

Igal Zeifman, director at Imperva Incapsula, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well protected.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders had tried in the past,” he said.

According to the Imperva report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack.

This latest DDoS attack on Bitfinex underlines how increased prominence can make businesses more vulnerable to DDoS attacks, said Kirill Kasavchenko, principal security technologist for Europe at Arbor Networks.

“The bitcoin market has been a hot topic over the past week, which has led to a surge in buyers,” he said. “Hackers are notoriously opportunistic, so it makes sense that they’re seizing this opportunity to make it difficult for Bitfinex to maintain usual business activities.”

Businesses which rely on their website as a route to market, said Kasavchenko, must learn lessons from this, and evaluate whether their current DDoS protection could work harder for their business.

“In response to bitcoin’s growth, attackers might launch DDoS attacks against exchanges not only as extortion threat, but also as a way to manipulate cryptocurrency rates by making trading platforms unavailable.

“Last but not least, cryptocurrencies do not have any legal status in most countries,” he said. “This means prosecution of attackers is often problematic not only from technical, but also from a legal point of view.”

Targeting bitcoin exchanges

In line with the trend of targeting bitcoin exchanges, cyber criminals stole nearly $80m worth of bitcoin from bitcoin mining and exchange service NiceHash.

According to NiceHash, the attackers – believed to be from outside the EU – accessed the company’s systems at around 00:18 GMT on 7 December, and began stealing bitcoin three and a half hours later.

This is the latest in a string of cryptocurrency heists in 2017, and security researchers are predicting the trend will only intensify in 2018.

As the bitcoin value continues to soar, its attractiveness to attackers – both at a criminal and nation state level – will increase in proportion, according to Richard Ford, chief scientist at security firm Forcepoint.

Source: http://www.computerweekly.com/news/450431741/Bitfinex-restored-after-DDoS-attack

Christmas revenues at risk from DDoS and POS-vulnerabilities

An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse.

According to the Kaspersky Lab IT Security Economics Report, over 77 per cent of companies have suffered from some kind of attack during the last 12 months. An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse – especially during the Christmas sale season, when there are more shoppers in store than usual, and the boost in sales is making retailer revenues an attractive target for cybercriminals.

The research shows that over the past year there has been an explosion (up to 16 per cent) in both attacks involving DDoS attacks, and attacks in which vulnerabilities in point-of- sale systems (POS-terminals) have been used. These figures indicate that whatever heists cybercriminals are planning this season, they are likely to start with, or include, DDoS or the exploitation of vulnerabilities in retailer POS systems.

In particular, 2017 has seen a series of high-profile cybersecurity breaches reported in the payment systems of major brands: from Chipotle to Hyatt Hotels and recently, Forever 21. Kaspersky Lab also registered a considerable increase and geographic spread in botnet DDoS attacks in the third quarter of 2017, with targets in 98 countries (compared to 82 in Q2), according to the latest DDoS Intelligence Report.

This situation is going to be extremely relevant to retail and e-commerce organizations during the intense period of sales around Christmas. As shoppers look to bag their bargains, retailers can expect increased revenues. This in turn makes retailers a lucrative prize, if cybercriminals can stage successful DDoS attacks against them for a ransom, or for dirty competition, use POS systems as an entry point for targeted attacks, or steal customer credentials and money.

“Given this year’s apparent increase in these types of attacks, we recommend businesses – retailers in particular – to stay alert during the Christmas season, when there are more risks of cybercriminals cashing-out, through the exploitation of payment systems or attacks that use DDoS. These can involve cybercriminals demanding a ransom, or simply preventing an organization from trading, making them lose income and clients as a result. But apart from the obvious risks, this is also a good opportunity for businesses to think about their protection in general, by developing their cybersecurity culture and investing in the right technologies.” – said Alessio Aceti, Head of Enterprise Business Division, Kaspersky Lab.

To avoid ruining their revenues in the upcoming high sales season, retailers and e-commerce organizations can protect themselves with a range of solutions dedicated to meeting their specific requirements. Kaspersky Lab strongly recommends that retailers:

– Keep e-commerce platforms up-to- date because every new update may contain critical patches to make the system less vulnerable to cybercriminals.

– If possible, make sure that the POS terminals in use run the latest version of software and change the default passwords.

– Use a tailored security solution, like Kaspersky Embedded Systems Security, to protect point of sales terminals from malware attacks.

– Prepare for DDoS attacks by choosing a reliable service provider that is a cybersecurity expert and can protect against powerful and sophisticated DDoS attacks. This is not always possible using in-house resources or Internet providers. To learn about the specialist Kaspersky DDoS Protection offering for SMBs and enterprises, please visit our website.

– Educate customers about the possible cyberthreats they may encounter while shopping online and offline, as well as steps about how to minimize the risks.

Source: http://www.deccanchronicle.com/technology/in-other-news/071217/christmas-revenues-at-risk-from-ddos-and-pos-vulnerabilities.html

Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva’s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency’s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers following the money.

“As a rule, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” he said.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders have tried in the past.”

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva’s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the IsacaCSX Europe 2017 conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.

source: http://www.computerweekly.com/news/450431318/Bitcoin-industry-enters-top-10-DDoS-targets

Cybersecurity and Privacy Predictions for 2018

The past year in cybersecurity has been one of combating ransomware extortion attacks, bracing systems against DDoS attacks and securing internet of things (IoT) systems. Looking to next year, cybersecurity experts at McAfee Labs laid out their predictions for the industry’s top concerns in 2018.

Among the top concerns for next year are hackers using machine learning to create an arms race of development, newer ways that hackers will target businesses with ransomware and potential exploits in serverless applications. Privacy is also a growing concern as consumer data collection through our devices shows no signs of slowing.

The McAfee Labs 2018 Threats Predictions Report explains five of the top cybercrime trends to be aware of and prepare for.

Machine learning has been put to use in dozens of industries, including cybersecurity, but cyber criminals are adapting it to automate the process of discovering exploits, responding to defenses and disrupting systems. While machine learning can help automate our defenses by checking defenses and using data to predict attacks, attackers will likely use it as a response, creating an arms war of machine versus machine.

Attackers can use machine learning for a number of purposes, such as machine-driven searches for vulnerabilities, more sophisticated and data-driven phishing attacks, and successfully using weak or stolen credentials over services and devices. Machine-driven attacks can scan for vulnerabilities much faster than humans, allowing them to exploit systems faster than they can be patched.

“We must recognize that although technologies like machine learning, deep learning and artificial intelligence will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them,” said Steve Grobman, senior vice president and chief technology officer for McAfee.

According to McAfee, machine learning is only as good as the humans who feed it data. Therefore, human and machine partnerships will be essential for combating cyber criminals and their machine learning techniques. It will be up to human defenders to work with machines to find vulnerabilities first and patch them.

Ransomware has already been a problem for businesses everywhere, costing them millions of dollars. According to McAfee, ransomware attacks have risen 56 percent over the last year; however, payments toward the extortions have declined. This can be attributed to more companies improving their data backups, decryption technology and overall awareness of the attacks.

Cyber criminals adapt and are changing their strategies with ransomware. Traditional ransomware is targeted toward computers and databases, blocking users with encryption and demanding a fee (usually in nondetectable cryptocurrency) to return access. Experts, however, see an even greater potential for damage as more of our devices become part of our networks in IoT systems.

While it may seem outlandish now, imagine hackers locking you out of your smart car and demanding a ransom before unlocking it. If hackers find ways to gain access to a company’s devices that are essential to its productivity, analysts predict that the greater loss of profits due to these disruptions will prompt the attackers to go after higher-profile targets.

“The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders,” Grobman said.

McAfee predicts that individuals who are seen as high-value targets can expect threats to shut down their essential devices, such as expensive smartphones and smart home appliances like thermostats and vehicles. Wealthier targets are perceived by hackers as more likely to pay the ransom.

Another trend with ransomware are attacks that encrypt businesses’ data and shut them out of essential systems but that don’t ask for a ransom or appear to have any means to request one. These types of attacks, such as the outbreak of WannaCry Ransomware, are puzzling, with experts theorizing that these attacks are tests or demonstrations to show others their destructive power, making an example of certain businesses so other companies are more willing to pay for their removal.

The use of serverless applications using platforms such as Amazon Web Service to build high-quality and smooth-running applications is growing in popularity, but security experts warn that proper precautions need to be taken before rushing into this technology. Serverless applications are built on a framework where the backend setup and upkeep are handled by a third-party cloud service.

McAfee says that while this saves developers the trouble of maintaining servers and allocating resources, these applications are still vulnerable through traditional means, such as privilege escalation attacks, which allow hackers to hijack the application’s network. Because an application’s function must be transferred over a network to the servers where the data resides, it creates a new point of intrusion for hackers.

As serverless applications continue to catch on, McAfee warns that attacks on the companies that implement them will also increase. As security methods evolve for serverless computing, it’s advised that developers ensure traffic on their application takes place over a VPN or that some form of encryption is used.

Gathering data on consumers becomes easier with each device added to a household. Corporations rely on a consumer’s willingness to hit the I Agree button on privacy agreements without reading them. Corporations have incentives to gather and sell as much data as possible so our connected devices that are capable of listening, watching, tracking and analyzing are turning consumers’ homes into buffets of information.

Corporations can, and likely will, push the line as to how far they can go with data collection, according to McAfee. New updates and firmware installations usually come with new privacy agreements that users must agree to in order to use them, with more permissions and disclosures snuck into the agreements. McAfee predicts that some corporations will tow this line by calculating the cost of breaking privacy laws and paying fines against profits gained by data collection.

While this mass data is consumed with the purpose of marketing in mind, with high-profile data breaches of notable corporations occurring regularly, this trend could result in such data falling into criminal hands.

It’s no secret that employers often pull up search results, histories and digital records of potential employees. For most adults, this history extends to the time we first starting using the internet and building social profiles. It’s technically possible that children born and raised during this time of mass collection could have these profiles created from moment they’re born.

For most small children, data collected is likely trivial. But habits and behaviors can still be recorded and stored. A worst-case scenario explained by McAfee is a child being denied entry to a school because officials could find out they spent most of their time binge-watching videos. The capabilities of technology to gather data on children should be concerning. While it’s hard to tell what this data collection will result in as time goes on, it’s important to know that it’s happening and will likely escalate.

If a child’s privacy is important, then parents are advised to pay attention to the devices they buy, turn off unnecessary features and change the default passwords to something stronger.

Source: https://www.businessnewsdaily.com/10418-cybersecurity-privacy-predictions.html

Are they prepared: The healthcare industry’s fear of the cyber threat

Infoblox report finds 1 in 4 UK healthcare IT professionals aren’t confident in their organisation’s ability to respond to cyber attacks.

Technology is booming in healthcare organisations with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more accurate diagnoses, and paperless systems for the easy exchange of patient information.

 As technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyberattacks disrupting services, stealing sensitive patient data, and putting lives at risk. Infoblox commissioned a survey of UK and US healthcare IT professionals to gain a better understanding of whether the healthcare industry is adequately prepared to combat this evolving threat.

Ready for ransomware

Following the significant disruption caused to the NHS by WannaCry in May 2017, many healthcare organisations are preparing themselves for further ransomware attacks. One quarter of participating healthcare IT professionals reported that their organisation would be willing to pay a ransom in the event of a cyber attack. Of these, 85% of UK respondents have a plan in place for this situation.

Dangerous operating systems

The number of connected devices on healthcare organisations’ networks is exploding, with 47 per cent of the large healthcare organisations surveyed indicating that they are managing over 5,000 devices on their network.

One in five healthcare IT professionals reported that Windows XP is running on their network, which has been unsupported since April 2014. 18 per cent indicated that connected medical devices on their network are running on the unsupported operating system, leaving organisations open to exploitation through security flaws in these unpatched devices.

Patching outdated operating systems is impossible for the 7% of IT professionals responding that they don’t know what operating systems their medical devices are running on. Even when the operating system these devices run on is known, a quarter (26%) of large organisations either can’t or don’t know if they can update these systems.

Investing against the threat

85% of healthcare IT professionals reported that their organisation has increased their cyber security spending in the past year, with 12% of organisations increasing spending by over 50%.

Traditional security solutions are the most popular, with anti-virus software and firewalls the solutions most invested in over the past year, at 61% and 57% respectively.

Half of organisation have invested in network monitoring to identify malicious activity on the network; one third have invested in DNS security solutions, which can actively disrupt Distributed Denial of Service (DDoS) attacks and data exfiltration; and 37% have invested in application security to secure web applications, operating systems and software.

Rob Bolton, Director of Western Europe at Infoblox said: “The healthcare industry is facing major challenges that require it to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands. Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly – but these new technologies also introduce new cyber risk that must be mitigated.

The widespread disruption experienced by the NHS during the WannaCry outbreak demonstrated the severe impact to health services that can be caused by a cyberattack. It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”

The report includes a case study on how Geisinger Health uncovered malicious activity on its network and was able to quickly and accurately identify the offending device, containing the malware before it spread throughout the network.

Commenting on the event, Rich Quinlan, senior technical analyst at Geisinger Health, said: “In spite of all the conventional steps we take to protect our internal network, patient care could still be affected. We could have an entire hospital full of useless ultrasound devices because one was brought in with a virus and we have no control over them. And if it was able to exfiltrate data, we would have a compliance issue.”

Source: http://www.information-age.com/business-can-stamp-credential-theft-123469539/

The dangers of DDoS overconfidence for European businesses

Is your organisation properly equipped to deal with a DDoS attack?

With cyber-attacks hitting headlines on an almost daily basis, from ransomware to data breaches and increasingly, DDoS attacks, there is no doubt that today’s cybercriminals are becoming more sophisticated. Take the Mirai botnet attack that targeted Dyn in October 2016, for instance. This high-profile attack caused the likes of Twitter, Amazon and even the BBC to be undermined, and is a perfect example of how cybercriminals are taking advantage of connected devices to carry out cyber-attacks en masse. The recent news of the Reaper botnet only adds fuel to fire, and is said to have the potential to carry out even bigger DDoS attacks than the Mirai botnet of last year.

The threat of DDoS attacks for European businesses across all industries is real. But despite warnings in the media, many businesses are confident in their preparedness to withstand a DDoS attack. But reality doesn’t paint the same pretty picture, and businesses’ overconfidence in their DDoS mitigation could actually be putting them in great danger.

The rise of DDoS

Our own research shows it isn’t just the number of DDoS attacks that is growing – the likelihood of being attacked is also on the rise. In 2014, the number of DDoS attacks grew by just 29% year on year, where attacks were mostly targeted at the online gaming industry. But in 2015, attacks grew by an astounding 200% – and these attacks were aimed at the online gaming industry, as well as public sector bodies and financial services too.

Businesses don’t just need to take into account the volume of attacks – the size of attacks is also growing at a somewhat alarming rate. While the largest detected attack in the first half of 2015 was 21Gbps, in 2016, the largest attack was almost three times the size at 58.8 Gbps.

With DDoS attacks becoming a bigger threat to businesses than ever before, CDNetworks investigated the preparedness, investment and confidence of more than 300 businesses across the UK and DACH. While the research shows that European businesses are taking notice, and 64% are set to increase their investment in DDoS mitigation in the next 12 months, the danger is that this investment will simply not be enough.

More investment, less risk?

Even though 79% of businesses think the likelihood of their infrastructure being attacked is likely to almost certain, many believe they aren’t actually at risk of suffering a DDoS attack. In fact, the combination of widespread, recent, and growing investment in DDoS mitigation has led to an overwhelming confidence, and 83% of respondents are either confident, or very confident, in both their current DDoS mitigation arrangements and with how resilient they would be in two years’ time.

But not everyone holds these same high levels of confidence. There is some underlying doubt from a minority (44%) of businesses who harbour doubts about their preparedness, and believe they are currently underinvesting in DDoS mitigation.

The dangers of overconfidence

While recent high-profile DDoS attacks seem to have motivated businesses to invest in DDoS mitigation technologies, when we take a closer look at the number of attacks that have taken place, this confidence is in fact, misplaced. When asked about the frequency of DDoS attacks, 86% confirmed they had suffered a DDoS attack in the last 12 months.

But if confidence is to be proven to be complacency, the number of attacks isn’t what is important – it’s the number of successful attacks that is key. And despite the amount of money companies are investing, and the levels of confidence they have in their DDoS mitigation technology, more than half of respondents (54%) suffered at least one successful attack in the past year. Which means this is more than a contrast of preparedness versus reality.

The complacency of businesses is also echoed in how they believe DDoS will impact them. In short, until you have experienced a successful attack, you cannot really appreciate the damage it can do to your business.

The administrative level is largely oblivious to how their reputation may be affected by failing to protect their business from a DDoS attack, while the C-suite cannot deny it would impact their view of the IT team, and were most likely to rate the impact as catastrophic. Understandably, the heads of the IT department felt the damage most keenly, being most convinced that their department’s reputation would suffer some or serious impact. IT heads therefore need to bear in mind that DDoS attacks are not only commercially damaging, but they will also affect their own prospects.

Ensuring DDoS mitigation

The good news is that enterprises can ensure their DDoS mitigation is not under-provisioned. Firstly, they need to perform a vulnerability test to identify where gaps lie in their systems and network defences. An extensive review of a network’s strengths and weaknesses will show where vulnerabilities lie, and determine whether the DDoS mitigation tools they have in place are fit for purpose. A vulnerability test will highlight the services and technology needed to ensure businesses are protected against DDoS.

Businesses also need to prepare for the worst. The lucky few that have not yet fallen victim to DDoS attacks are the ones that underestimate their severity– and regardless of confidence, business continuity must be a key part of DDoS planning. DDoS attacks can have catastrophic financial, legal, regulatory and brand reputation effects, so aside from the technical requirements of duplicating information, and ensuring recovery time objectives and recovery point objectives match business needs, there are also procedural requirements businesses need to consider. Identifying the crisis team and any security partners immediately for example, as well as having a communications plan in place, will ensure partners, employees, customers and the media are kept informed if an attack does take place.

Finally, with cybercriminal activity becoming more sophisticated, businesses need to be prepared in case a DDoS attack comes with a ransom demand. In such circumstances, paying cybercriminals is not recommended. Instead, businesses should consider having insurance policies in place. There will be some instances where cybercriminals win, and having insurance against data breaches and other types of attack will help to overcome some of the damage.

Source: https://www.itproportal.com/features/the-dangers-of-ddos-overconfidence-for-european-businesses/