Tech Guides - Cybersecurity

Today, maintaining data integrity and network security is a primary challenge for businesses everywhere. The scale of the threats they face is enormous. Those that succeed go unheralded. Those that fail end up in the headlines. Despite the risks, a shocking number of security decision-makers seem confident that their companies have no vulnerabilities to exploit. According to a recent research report by Forrester, more than 85% of those decision-makers believe that they've left no gaps in their organization's security posture. A cursory look at the available data, however, should be enough to indicate that some of them are going to be proven wrong – and that they're at a much greater risk than they realize or are willing to admit. The threat landscape is stark. There have already been at least 3,800 data breaches in 2019 alone, which is a huge increase over prior years. The environment is so dangerous that Microsoft and Mastercard are spearheading an effort alongside other tech firms to create a joint-cyberdefense organization to help targeted firms fend off determined attackers. None of that squares with the high confidence that businesses now seem to have in their security. It is clear that there is quite a bit of distance between how digital security experts judge the preparedness of businesses to defend themselves and how the business decision makers view their own efforts. The best way to remedy that is for businesses to double-check their security posture to make sure they are in the best possible position to fend off cyberattacks. To help, here's a rundown of the most common security vulnerabilities that tend to exist in business organizations, to use as a checklist for shoring up defenses. 1. Physical vulnerabilities Although it's often overlooked, the physical security of a company's data and digital assets is essential. That's why penetration testing firms will often include on-site security breach attempts as part of their assessments (sometimes with unfortunate results). It's also why businesses should create and enforce strict on-site security policies and control who possesses what equipment and where they may take it. In addition, any devices that contain protected data should make use of strong storage encryption and have enforced password requirements – ideally using physical keys to further mitigate risk. 2. Poor access controls and monitoring One of the biggest threats to security that businesses now face isn't external – it's from their own employees. Research by Verizon paints a disturbing picture of the kinds of insider threats that are at the root of many cybersecurity incidents. Many of them trace back to unauthorized or improper systems access, or poor access controls that allow employees to see more data than they need to do their jobs. Worse still, there's no way to completely eliminate the problem. An employee with the right know-how can be a threat even when their access is properly restricted. That's why every organization must also practice routine monitoring of data access and credential audits to look for patterns that could indicate a problem. 3. Lack of cybersecurity personnel The speed with which threats in the digital space are evolving has caused businesses everywhere to rush to hire cybersecurity experts to help them defend themselves. The problem is that there are simply not enough of them to go around. According to the industry group (ISC)2, there are currently 2.93 million open cybersecurity positions around the world, and the number keeps on growing. To overcome the shortage, businesses would do well to augment their security personnel recruiting by training existing IT staff in cybersecurity. They can subsidize things like online CompTIA courses for IT staff so they can upskill to meet emerging threats. When it comes to cybersecurity, a business can't have too many experts – so they'd best get started making some new ones. 4. Poor employee security training Intentional acts by disgruntled or otherwise malicious employees aren't the only kind of insider threat that businesses face. In reality, many of the breaches traced to insiders happen by accident. Employees might fall prey to social engineering attacks and spear phishing emails or calls, and turn over information to unauthorized parties without ever knowing they've done anything wrong. If you think about it, a company's workforce is it's largest attack surface, so it's critical to take steps to help them be as security-minded as possible. Despite this reality, a recent survey found that only 31% of employees receive annual security training. This statistic should dent the confidence of the aforementioned security decision-makers, and cause them to reevaluate their employee security training efforts post-haste. 5. Lack of cloud security standards It should come as no surprise that the sharp rise in data breaches has coincided with the headlong rush of businesses into the cloud. One need to only look at the enormous number of data thefts that have happened in broad daylight via misconfigured Amazon AWS storage buckets to understand how big an issue this is. The notoriety notwithstanding, these kinds of security lapses continue to happen with alarming frequency. At their roots is a general lack of security procedures surrounding employee use of cloud data storage. As a general rule, businesses should have a process in place to have qualified IT staff configure offsite data storage and restrict settings access only to those who need it. In addition, all cloud storage should be tested often to make sure no vulnerabilities exist and that no unauthorized access is possible. 6. Failure to plan for future threats In the military, there's a common admonition against "fighting yesterday's war". In practice, this means relying on strategies that have worked in the past but that might not be appropriate in the current environment. The same logic applies to cybersecurity, not that many businesses seem to know it. For example, an all-machine hacking contest sponsored by DARPA in 2016 proved that AI and ML-based attacks are not only possible – but inevitable. Conversely, AI and ML will need to be put to use by businesses seeking to defend themselves from such threats. Still, a recent survey found that just 26% of business security policymakers had plans to invest in AI and ML cybersecurity technologies in the next two years. By the time many come around to the need for doing so, it's likely that their organizations will already be under attack by better-equipped opponents. To make sure they remain safe from such future-oriented threats, businesses should re-evaluate their plans to invest in AI and ML network and data security technology in the near term, so they'll have the right infrastructure in place once those kinds of attacks become common. The perils of overconfidence At this point, it should be very clear that there are quite a few vulnerabilities that the average business must attend to if they hope to remain secure from both current and emerging cyber threats. The various surveys and data referenced here should also be more than enough proof that the confidence many decision-makers have in their current strategies is foolhardy at best – and pure hubris at worst. More importantly, all signs point to the situation getting far worse before it gets better. Every major study on cybersecurity indicates that the pace, scale, and scope of attacks is growing by the day. In the coming years, the rapid expansion of new technologies like the IoT and the hyper-connectivity driven by 5G cellular data networks is going to amplify the current risks to an almost unimaginable level. That means businesses whose security is lacking now don't have much time left to get up to speed. The bottom line here is that when it comes to cybersecurity, nothing is more expensive than regret. It's a dangerous thing for business leaders to be too overconfident in their preparations or to underestimate the size of the security challenges they face. It's a situation where there's no such thing as being too prepared, and they should never be satisfied with the status quo in their efforts to stay protected. Would-be attackers and data thieves will never rest on their laurels – and neither should businesses. Author Bio Andrej Kovačević is a cybersecurity editor at TechLoot, and a contributing writer for a variety of other technology-focused online publications. He has covered the intersection of marketing and technology for several years and is pursuing an ongoing mission to share his expertise with business leaders and marketing professionals everywhere. You can also find him on Twitter. Glen Singh on why Kali Linux is an arsenal for any cybersecurity professional [Interview] CNCF announces Helm 3, a Kubernetes package manager and tool to manage charts and libraries Puppet’s 2019 State of DevOps Report highlight security integration into DevOps practices result into higher business outcome  

Just this year, several high-profile cyber breaches exposed confidential information and resulted in millions of dollars in damages. Cybersecurity is more important than ever — a big problem for employers facing millions of unfilled cybersecurity positions and a shortage of talented workers. As for the exact number of openings, the estimates vary — but none of them look good. There may be as many as 3.5 million unfilled cybersecurity positions by 2021. As a result, cybersecurity professionals currently in the field are facing serious pressure and long working hours. At cybersecurity conferences, it's not uncommon to see entire tracks about managing mental health, addiction, and work stress. A kind of feedback loop may be forming — one where skilled professionals under major pressure burn out and leave the field, putting more strain on the workers that remain. The cycle continues, pushing talent out of cybersecurity and further widening the skills gap. Some experts go further and call the gap a crisis, though it's not clear we've hit that level yet. Employers are looking at different ways to handle this — by broadening the talent pool and by investing in tools that take the pressure off their cybersecurity workers. Cybersecurity skills gap is on the rise When asked about the skills their organization is most likely to be missing, cybersecurity nearly always tops the list. In a survey conducted by ESG this year, 53% of organizations reported they were facing a cybersecurity shortage. This is 10% more than in 2016. In every survey between this year and 2016, the number has only trended up. There are other ways to look at the gap — by worker hours or by the total number of positions unfilled — but there's only one real conclusion to draw from the data. There aren't enough cybersecurity workers, and every year the skills gap grows worse. Despite pushes for better education and the increasing importance of cybersecurity, there are no signs it's closing or will begin to close in 2020. The why of the skills gap is unclear. The number of graduates from cybersecurity programs is increasing. At the same time, the cost and frequency of cyberattacks are also rising. It may be that schools can't keep up with the growing levels of cybercrime and the needs of companies, especially in the wake of the past few years of high-profile breaches. Employers look for ways to broaden the Talent Pool One possible reason for the skills gap may be that employers are looking for very specific candidates. Cybersecurity can be a difficult field to break into if you don't have the resources to become credentialed. Even prospective candidates with ideal skill sets — experience with security and penetration testing, communication and teamwork skills, and the ability to train nontechnical staff — can be filtered out by automatic resume screening programs. These may be looking for specific job titles, certificates, and degrees. If a resume doesn't pass the keyword filter, the hiring team may never get a chance to read it at all. There are two possible solutions to this problem. The first is to build a better talent pipeline — one that starts at the university or high school level. Employers may join with universities to sponsor programs that encourage or incentivize students to pick up technical certificates or switch their major to cybersecurity or a related field. The high worth of cybersecurity professionals and the strong value of cybersecurity degrees may encourage schools to invest in these programs, taking some of the pressure off employers. This solution isn't universally popular. Some experts argue that cybersecurity training doesn't reflect the field — and that a classroom may never provide the right kind of experience. The second solution is to broaden the talent pool by making it easier for talented professionals to break into cybersecurity. Hiring teams may relax requirements for entry-level positions, and companies may develop training programs that are designed to help other security experts learn about the field. This doesn't mean companies will begin hiring nontechnical staff. Rather, they'll start looking for skilled individuals with unconventional skill sets and a technical background that they can be quickly brought up to speed — like veterans with security or technology training. It's not clear if employers will take the training approach, however. While business leaders find cybersecurity more important every year, companies can be resistant to spending more on employee training. These expenditures increased in 2017 but declined last year. AI tools may help cybersecurity workers Many new companies are developing AI antiviruses, anti-phishing tools and other cybersecurity platforms that may reduce the amount of labor needed from cybersecurity workers. While AI is quite effective at pattern-finding and could be useful for cybersecurity workers, the tech isn't guaranteed to be helpful. Some of these antiviruses are susceptible to adversarial attacks. One popular AI-powered antivirus was defeated with just a few lines of text appended to some of the most dangerous malware out there. Many cybersecurity experts are skeptical of AI tech in general and don't seem fully committed to the idea of a field where cybersecurity workers rely on these tools. Companies may continue to invest in AI cybersecurity technology because there doesn't seem to be many other short-term solutions to the widening skill gap. Depending on how effective these technologies are, they may help reduce the number of cybersecurity openings that need to be filled. Future of the Cybersecurity skills gap Employers and cybersecurity professionals are facing a major shortage of skilled workers. At the same time, both the public and private sectors are dealing with a new wave of cyberattacks that put confidential information and critical systems at risk. There are no signs yet that the cybersecurity skills gap will begin to close in 2020. Employers and training programs are looking for ways to bring new professionals into the field and expand the talent pipeline. At the same time, companies are investing in AI technology that may take some pressure off current cybersecurity workers. Not all cybersecurity experts place their full faith in this technology, but some solutions will be necessary to reduce the pressure of the growing skill gap. Author Bio Kayla Matthews writes about big data, cybersecurity, and technology. You can find her work on The Week, Information Age, KDnuggets and CloudTweaks, or over at ProductivityBytes.com. How will AI impact job roles in Cybersecurity 7 Black Hat USA 2018 conference cybersecurity training highlights: Hardware attacks, IO campaigns, Threat Hunting, Fuzzing, and more. UK’s NCSC report reveals significant ransomware, phishing, and supply chain threats to businesses

In an online world infested with hackers, we need more ethical hackers. But all around the world, hackers have long been portrayed by the media and pop culture as the bad guys. Society is taught to see them as cyber-criminals and outliers who seek to destroy systems, steal data, and take down anything that gets in their way. There is no shortage of news, stories, movies, and television shows that outright villainize the hacker. From the 1995 movie Hackers, to the more recent Blackhat, hackers are often portrayed as outsiders who use their computer skills to inflict harm and commit crime. Read this: Did you know hackers could hijack aeroplane systems by spoofing radio signals? While there have been real-world, damaging events created by cyber-criminals that serve as the inspiration for this negative messaging, it is important to understand that this is only one side of the story. The truth is that while there are plenty of criminals with top-notch hacking and coding skills, there is also a growing and largely overlooked community of ethical (commonly known as white-hat) hackers who work endlessly to help make the online world a better and safer place. To put it lightly, these folks use their cyber superpowers for good, not evil. For example, Linus Torvalds, the creator of Linux was a hacker, as was Tim Berners-Lee, the man behind the World Wide Web. The list is long for the same reason the list of hackers turned coders is long – they all saw better ways of doing things. What is ethical hacking? According to the EC-Council, an ethical hacker is “an individual who is usually employed with an organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a malicious hacker.” Listen: We discuss what it means to be a hacker with Adrian Pruteanu [Podcast] The role of an ethical hacker is important since the bad guys will always be there, trying to find cracks, backdoors, and other secret ways to access data they shouldn’t. Ethical hackers not only help expose flaws in systems, but they assist in repairing them before criminals even have a shot at exploiting said vulnerabilities. They are an essential part of the cybersecurity ecosystem and can often unearth serious unknown vulnerabilities in systems better than any security solution ever could. Certified ethical hackers make an average annual income of $99,000, according to Indeed.com. The average starting salary for a certified ethical hacker is $95,000, according to EC-Council senior director Steven Graham. Ways ethical hacking benefits the software industry Nowadays, ethical hacking has become increasingly mainstream and multinational tech giants like Google, Facebook, Microsoft, Mozilla, IBM, etc employ hackers or teams of hackers in order to keep their systems secure. And as a result of the success hackers have shown at discovering critical vulnerabilities, in the last year itself there has been a 26% increase in organizations running bug bounty programs, where they bolster their security defenses with hackers. Other than this there are a number of benefits that ethical hacking has provided to organizations majorly in the software industry. Carry out adequate preventive measures to avoid systems security breach An ethical hacker takes preventive measures to avoid security breaches, for example, they use port scanning tools like Nmap or Nessus to scan one’s own systems and find open ports. The vulnerabilities with each of the ports is studied, and remedial measures are taken by them. An ethical hacker will examine patch installations and make sure that they cannot be exploited. They also engage in social engineering concepts like dumpster diving—rummaging through trash bins for passwords, charts, sticky notes, or anything with crucial information that can be used to generate an attack. They also attempt to evade IDS (Intrusion Detection Systems), IPS (Intrusion Prevention systems), honeypots, and firewalls. They carry out actions like bypassing and cracking wireless encryption, and hijacking web servers and web applications. Perform penetration tests on networks at regular intervals One of the best ways to prevent illegal hacking is to test the network for weak links on a regular basis. Ethical hackers help clean and update systems by discovering new vulnerabilities on an on-going basis. Going a step ahead, ethical hackers also explore the scope of damage that can occur due to the identified vulnerability. This particular process is known as pen testing, which is used to identify network vulnerabilities that an attacker can target. There are many methods of pen testing. The organization may use different methods depending on its requirements. Any of the below pen testing methods can be carried out by an ethical hacker: Targeted testing which involves the organization's people and the hacker. The organization staff will be aware of the hacking being performed. External testing penetrates all externally exposed systems such as web servers and DNS. Internal testing uncovers vulnerabilities open to internal users with access privileges. Blind testing simulates real attacks from hackers. Testers are given limited information about the target, which requires them to perform reconnaissance prior to the attack. Pen testing is the strongest case for hiring ethical hackers. Ethical hackers have built computers and programs for software industry Going back to the early days of the personal computer, many of the members in the Silicon Valley would have been considered hackers in modern terms, that they pulled things apart and put them back together in new and interesting ways. This desire to explore systems and networks to find how it worked made many of the proto-hackers more knowledgeable about the different technologies and it can be safeguarded from malicious attacks. Just as many of the early computer enthusiasts turned out to be great at designing new computers and programs, many people who identify themselves as hackers are also amazing programmers. This trend of the hacker as the innovator has continued with the open-source software movement. Much of the open-source code is produced, tested and improved by hackers – usually during collaborative computer programming events, which are affectionately referred to as "hackathons." Even if you never touch a piece of open-source software, you still benefit from the elegant solutions that hackers come up with that inspire or are outright copied by proprietary software companies. Ethical hackers help safeguard customer information by preventing data breaches The personal information of consumers is the new oil of the digital world. Everything runs on data. But while businesses that collect and process consumer data have become increasingly valuable and powerful, recent events prove that even the world’s biggest brands are vulnerable when they violate their customers’ trust. Hence, it is of utmost importance for software businesses to gain the trust of customers by ensuring the security of their data. With high-profile data breaches seemingly in the news every day, “protecting businesses from hackers” has traditionally dominated the data privacy conversation. Read this: StockX confirms a data breach impacting 6.8 million customers In such a scenario, ethical hackers will prepare you for the worst, they will work in conjunction with the IT-response plan to ensure data security and in patching breaches when they do happen. Otherwise, you risk a disjointed, inconsistent and delayed response to issues or crises. It is also imperative to align how your organization will communicate with stakeholders. This will reduce the need for real-time decision-making in an actual crisis, as well as help limit inappropriate responses. They may also help in running a cybersecurity crisis simulation to identify flaws and gaps in your process, and better prepare your teams for such a pressure-cooker situation when it hits. Information security plan to create security awareness at all levels No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program which is framed by information security professionals. Primarily the IT security team devises the security program but if done in coordination with the ethical hackers, they can provide the framework for keeping the company at a desired security level. Additionally by assessing the risks the company faces, they can decide how to mitigate them, and plan for how to keep the program and security practices up to date. To summarize… Many white hat hackers, gray hat and reformed black hat hackers have made significant contributions to the advancement of technology and the internet. In truth, hackers are almost in the same situation as motorcycle enthusiasts in that the existence of a few motorcycle gangs with real criminal operations tarnishes the image of the entire subculture. You don’t need to go out and hug the next hacker you meet, but it might be worth remembering that the word hacker doesn’t equal criminal, at least not all the time. Our online ecosystem is made safer, better and more robust by ethical hackers. As Keren Elazari, an ethical hacker herself, put it: “We need hackers, and in fact, they just might be the immune system for the information age. Sometimes they make us sick, but they also find those hidden threats in our world, and they make us fix it.” 3 cybersecurity lessons for e-commerce website administrators Hackers steal bitcoins worth $41M from Binance exchange in a single go! A security issue in the net/http library of the Go language affects all versions and all components of Kubernetes

Last week, the UK’s National Cyber Security Centre (NCSC) published a report on cyber incident trends in the UK from October 2018 to April 2019. The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has recommended this report to better understand and know how to defend against most prevalent cyber security threats. The NCSC report reveals five main threats and threat vectors that affected UK organizations: cloud services (Office 365 in particular); ransomware; phishing; vulnerability scanning; and supply chain attacks. The NCSC report examined each of these, presented specific methods used by threat actors and provided tips for preventing and mitigating incidents. NCSC report reveals Cloud services and Office 365 as primary targets The NCSC report highlights the primary target of the attackers as Cloud services, and Office 365. The large scale move to cloud services has put the IT infrastructure of many enterprises within reach of internet-based attacks as these services are only protected by a username and password.  Tools and scripts to try and guess users’ passwords are abundant. And a successful login gives access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange could be compromised, as well as any third-party services an enterprise has linked to Azure AD. Another common way of attacking Office 365 mentioned in the report is password spraying. In this method the attackers attempt a small number of commonly used passwords against multiple accounts. In most cases, they aren’t after just one specific account as this method can target a large number of accounts in one organisation without raising any suspicions.  Other than this, credential stuffing is another common approach to attack Office 365. Credential stuffing takes pairs of usernames and passwords from leaked data sets and tries them against other services, such as Office 365. According to the report it is difficult to detect the vulnerability in logs as an attacker may only need a single attempt to successfully log in if the stolen details match those of the user's Office 365 account. The report further suggests a few remediation strategies to prevent compromising Office 365 accounts. Ransomware attacks among enterprises continue to rise Since the WannaCry and NotPetya attacks of 2017, ransomware attacks against enterprise networks have continued to rise in number and sophistication. The NCSC report mentions that historically, ransomware were delivered as a standalone attack. But today, attackers are using their network access to maximise the impact of the ransomware attack.  Ransomware tools such as Cybercrime botnets like Emotet, Dridex and Trickbot are commonly used as an initial infection vector, prior to retrieving and installing the ransomware. The report also highlights the use of Pen-testing tools such as Cobalt Strike. Ransomware such as Ryuk, LockerGoga, Bitpaymer and Dharma were seen to be prevalent in recent months. Cases observed in the NCSC report often tend to have resulted from a trojanised document, sent via email. The malware will exploit publicly known vulnerabilities and macros in Microsoft Office documents. Some of the remediation strategies to prevent ransomware include: Reducing the chances of the initial malware reaching devices Considering the use of URL reputation services including those built into a web browser, and Internet service providers. Using email authentication via DMARC and DNS filtering products is highly recommended Making it more difficult for ransomware to run, once it is delivered. Having a tested backup of your data offline, so that it cannot be modified or deleted by ransomware.  Effective network segregation to make it more difficult for malware to spread across a network and thereby limit the impact of ransomware attacks. Phishing is the most prevalent attack delivery method in NCSC report According to the NCSC report, phishing has been the most prevalent attack delivery method over the last few years, and in recent months. Just about anyone with an email address can be a target. Specific methods observed recently by the NCSC include: targeting Office 365 credentials - the approach here is to persuade users to follow links to legitimate-looking login pages, which prompt for O365 credentials. More advanced versions of this attack also prompt the user to use Multi Factor Authentication. sending emails from real, but compromised, email accounts - quite often this approach will exploit an existing email thread or relationship to add a layer of authenticity to a spear phish. fake login pages - these are dynamically generated, and personalised, pulling the real imagery and artwork from the victim’s Office 365 portal. using Microsoft services such as Azure or Office 365 Forms to host fake login pages - these give the address bar an added layer of authenticity. Remediation strategies to prevent phishing attacks include implementing a multi-layered defence against phishing attacks. This will reduce the chances of a phishing email reaching a user and minimises the impact of those that get through. Additionally you can configure Email anti-spoofing controls such as Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and Domain-Keys Identified Mail (DKIM). Vulnerability scanning is a common reconnaissance method NSCS report mentions that vulnerability scanning is a common reconnaissance method used to search for open network ports, identify unpatched, legacy or otherwise vulnerable software and to identify misconfigurations, which could have an effect on security. It further details that attackers identify known weaknesses in Internet-facing service which they then target using tested techniques or 'exploits'. This approach means the attack is more likely to work for the first time, making its detection less likely when using traditional Intrusion prevention systems (IPS) and on-host security monitoring. Once an attacker has a foothold on the edge of your infrastructure, they will then attempt to run more network scans and re-use stolen credentials to pivot through to the core network. For vulnerability remediation NSCS suggests to ensure that all internet-facing servers that an attacker might be able to find should be hardened, and the software running on them must be fully patched. They also recommend penetration test to determine what an attacker scanning for vulnerabilities could find, and potentially attack. Supply chain attacks & threat from external service providers Threats introduced to enterprise networks via their service providers continue to be a major problem according to the report. Outsourcing – particularly of IT – results in external parties and their own networks being able to access and even reconfigure enterprise services. Hence, the network will inherit the risk from these connected networks.  NSCS report also gives several examples of attackers exploiting the connections of service providers to gain access to enterprise networks. For instance, the exploitation of Remote Management and Monitoring (RMM) tooling to deploy ransomware, as reported by ZDNet. And the public disclosure of a “sophisticated intrusion” at a major outsourced IT vendor, as reported by Krebs on Security. Few remediation strategies to prevent supply chain attacks are: Supply chain security should be a consideration when procuring both products and services. Those using outsourced IT providers should ensure that any remote administration interfaces used by those service providers are secured. Ensuring the way IT service provider connects to, or administers the system, meets the organisation’s security standards. Take appropriate steps to segment and segregate the networks. Segmentation and segregation can be achieved physically or logically using access control lists, network and computer virtualisation, firewalls, and network encryption such as Internet Protocol Security. Document the remote interfaces and internal accesses in use by your service provider to ensure that they are fully revoked at the end of the contract. To read the full report, visit the official NSCS website. What’s new in security this week? A new Stuxnet-level vulnerability named Simjacker used to secretly spy over mobile phones in multiple countries for over 2 years: Adaptive Mobile Security reports Lilocked ransomware (Lilu) affects thousands of Linux-based servers Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack  

German public broadcasters, Bavarian Radio & Television Network (BR) and Norddeutscher Rundfunk (NDR), have published a joint investigation report on a hacker group spying on certain businesses since years. Security researchers, Hakan Tanriverdi, Svea Eckert, Jan Strozyk, Maximilian Zierer and Rebecca Ciesielski have contributed to this report. They shed light on how this group of hackers operate and how widespread they are. The investigation started with one of the reporters receiving this code daa0 c7cb f4f0 fbcf d6d1 which eventually led to the team discovering a hacking group with Chinese origins operating on Winnti Malware. BR and NDR reporters, in collaboration with several IT security experts, have analyzed the Winnti malware. Moritz Contag of Ruhr University Bochum extracted information from different varieties of the malware and wrote a script for this analysis. Silas Cutler, an IT security expert with US-based Chronicle Security, confirmed it. The report analyses cases from the below listed targeted companies: Gaming: Gameforge, Valve Software: Teamviewer Technology: Siemens, Sumitomo, Thyssenkrupp Pharma: Bayer, Roche Chemical: BASF, Covestro, Shin-Etsu Hakan Tanriverdi one of the reporters wrote on Twitter, “We looked at more than 250 samples, wrote Yara rules, conducted nmap scans.” Yara rules is a tool primarily used in malware research and detection. Nmap is a free and open source network scanner used to discover hosts and services on a computer network. Additionally in the report, the team has presented ways to find out if one is infected by the Winnti malware. To learn about these methods in detail, check out the research report. Winnti malware is complex, created by “digital mercenaries” of Chinese origin Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers. IT security experts like to call them digital mercenaries. According to a Kasperky Lab research held in 2011, the Winnti group has been active for several years and in their initial days, specialized in cyber-attacks against the online video game industry. However, according to this investigation the hacker group has now honed in on Germany and its blue-chip DAX corporations. BR and NDR reporters analyzed hundreds of malware versions used for unsavory purposes. They found that the hacker group has targeted at least six DAX corporations and stock-listed top companies of the German industry. In October 2016, several DAX corporations, including BASF and Bayer, founded the German Cyber Security Organization (DCSO). The job of DCSO’s IT security experts was to observe and recognize hacker groups like Winnti and to get to the bottom of their motives. In Winnti’s case, DCSO speaks of a “mercenary force” which is said to be closely linked with the Chinese government. The reporters of this investigation also interviewed few company staff, IT security experts, government officials, and representatives of security authorities. An IT security expert who has been analyzing the attacks for years said, “Any DAX corporation that hasn’t been attacked by Winnti must have done something wrong.” A high-ranking German official said to the reporters, “The numbers of cases are mind-boggling.” And claims that the group continues to be highly active—to this very day. Winnti hackers are audacious and “don’t care if they’re found out” The report points out that the hackers choose convenience over anonymity. Working with Moritz Contag the reporters found that the hackers wrote the names of the companies they want to spy on directly into their malware. Contag has analyzed more than 250 variations of the Winnti malware and found them to contain the names of global corporations. According to reporters, hackers usually take precautions, which experts refer to as Opsec. But the Winnti group’s Opsec was dismal to say the least. Somebody who has been keeping an eye on Chinese hackers on behalf of a European intelligence service believes that they didn’t really care: “These hackers don’t care if they’re found out or not. They care only about achieving their goals." The reporters believed that every hacking operation leaves digital traces. They also believe that if you notice hackers carefully, each and every step can be logged. To decipher the traces of the Winnti hackers, they took a closer look at the program code of the malware itself. They used a malware research engine known as “VirusTotal” created by Google. The hacker group initially attacked the gaming industry for financial gain In the early days, the Winnti group of hackers were mainly interested in money making. Their initial target was Gameforge, a gaming company based in the German town of Karlsruhe. In 2011, an email message found its way into Gameforge’s mailbox. A staff member opened the attached file and unaware to him started the Winnti program. Shortly afterwards, the administrators became aware that someone was accessing Gameforge’s databases and raising the account balance. Gameforge decided to implement Kaspersky antivirus software and  arranged for Kaspersky's IT security experts to visit the office.The security experts found suspicious files and analyzed them. They noticed that the system had been infiltrated by hackers acting like Gameforge’s administrators. It turned out that the hackers had taken over a total of 40 servers. “They are a very, very persistente group,” says Costin Raiu, who has been watching Winnti since 2011 and was in charge of Kaspersky’s malware analysis team. “Once the Winnti hackers are inside a network, they take their sweet time to really get a feel for the infrastructure,” he says. The hackers will map a company’s network and look for strategically favorable locations for placing their malware. They keep tabs on which programs are used in a company and then exchange a file in one of these programs. The modified file looks like the original, but was secretly supplemented by a few extra lines of code. Thereafter the manipulated file does the attackers’ bidding. Raiu and his team have been following the digital tracks left behind by some of the Winnti hackers. “Nine years ago, things were much more clear-cut. There was a single team, which developed and used Winnti. It now looks like there is at least a second group that also uses Winnti.” This view is shared by many IT security companies. And it is this second group which is getting the German security authorities worried. One government official says, “Winnti is very specific to Germany. It is the attacker group that's being encountered most frequently." Second group of Winnti hackers focused on industrial espionage The report says that by 2014, the Winnti malware code was no longer limited to game manufacturers. The second group’s job was mainly industrial espionage. Hackers targeted high-tech companies as well as chemical and pharmaceutical companies. They also attacked companies in Japan, France, the U.S. and Germany. The report sheds light on how Winnti hackers broke into Henkel’s network in 2014. The reporters present three files containing the website belonging to Henkel and the name of the hacked server. For example, one starts with the letter sequence DEDUSSV. They realized that server names can be arbitrary, but it is highly probable that DE stands for Germany and DUS for Düsseldorf, where the Henkel headquarters are located. The hackers were able to monitor all activities running on the web server and reached systems which didn't have direct internet access: The company also confirmed the Winnti incident and issued the following statement: “The cyberattack was discovered in the summer of 2014 and Henkel promptly took all necessary precautions.” Henkel claims that a “very small portion” of its worldwide IT systems had been affected— the systems in Germany. According to Henkel, there was no evidence suggesting that any sensitive data had been diverted. Other than Henkel, Winnti also targeted companies like Covestro, manufacturers of adhesives, lacquers and paints, Japan’s biggest chemical company, Shin-Etsu Chemical, Roche, one of the largest pharmaceutical companies in the world. Winnti hackers also penetrated the BASF and Siemens networks. A BASF spokeswoman says that in July 2015, hackers had successfully overcome “the first levels” of defense. “When our experts discovered that the attacker was attempting to get around the next level of defense, the attacker was removed promptly and in a coordinated manner from BASF’s network.” She added that no business relevant information had been lost at any time. According to Siemens, they were penetrated by the hackers in June 2016. “We quickly discovered and thwarted the attack,” Siemens spokesperson said. Winnti hackers also involved in political espionage The hacker group also is interested in penetrating political groups and there were several such indicators according to the report. The Hong Kong government was spied on by the Winnti hackers. The reporters found four infected systems with the help of the nmap network scan, and proceeded to inform the government by email. The reporters also found out a telecommunications provider from India had been infiltrated, the company happens to be located in the region where the Tibetan government has its headquarters. Incidentally, the relevant identifier in the malware is called “CTA.” A file which ended up on VirusTotal in 2018 contains a straightforward keyword: “tibet”. Other than this the report also throws light on attacks which were not directly related to political espionage but had connection among them. For example, the team found out Marriott hotels in USA was attacked by hackers. The Indonesian airline Lion Air networks were also penetrated by them. They wanted to get to the data of where people travel and where they were located, at any given time. The team confirmed this by showing the relevant coded files in the report. To read the full research report, check out the official German broadcsaster’s website. Hackers steal bitcoins worth $41M from Binance exchange in a single go! VLC media player affected by a major vulnerability in a 3rd library, libebml; updating to the latest version may help An IoT worm Silex, developed by a 14 year old resulted in malware attack and taking down 2000 devices

The decision to which information security measures should be used across the company’s IT infrastructure and which ones should be left out may be a tough one for midsized companies. The financial resources of a midsized company cannot allow applying all the existing cybersecurity elements to protect the network. At the same time, midsized businesses are big enough to be targeted by cybercriminals. In this article, our information security consultants describe cybersecurity measures a midsized business can’t do without if it wants to ensure an appropriate network protection level and show how to implement them and arrange their management. Basic information security measures Among the range of existing cybersecurity measures the following ones are essential for all mid sized businesses irrespective of the type of business: A firewall is responsible for scanning incoming and outgoing network traffic. If set properly, the firewall prevents malicious traffic from reaching your network and possibly damaging it. Antivirus software checks each file your company’s employees download from external resources like the internet or USB flash drives for virus signatures. Regular updates to your antivirus will give an alarm each time ransomware, viruses, Trojan horses, and other types of malware tries to reach your company’s network. Network segmentation implies the division of the entire company’s network into separate fragments. As a result, the networks of your company’s departments are separated from each other. In case hackers reach the computer in one segment, they won’t be able to access the computers in the other network segments separated from the infected network. Thus, cyberattacks can’t move between the network segments and damage them, and you significantly reduce the risk of facing corporate data theft or leakage. Email security techniques include filtering spam and applying password rotations. An email security solution is designed to make sure that only verified letters reach their addresses in the process of communication between interacting parties. It aims at keeping corporate data secure from malware, spoofing attacks, and other cyberthreats in the communication happening both inside and outside the company’s network. Intrusion detection (IDS) and intrusion prevention system (IPS) are responsible for analyzing all the incoming and outgoing network traffic. Using pattern matching or anomaly detection, IDS identifies possible cybersecurity threats, while IPS blocks the identified information security attacks, thus not allowing them to turn into major threats and spread across the entire network. Advanced information security measures To strengthen the protection of a midsized company operating in a regulated industry (such as banking, healthcare) and having the need to comply with security regulations and standards like PCI DSS, HIPAA, SOX, GDPR, the following information security measures can’t be omitted: Endpoint security is responsible for defending each entry point like desktops or mobile devices connecting to the company’s network from attacks before harmful activities spread all over the network. When installed both on the corporate network management server and end users’ devices, endpoint security software provides your company’s system administrators with transparency over the actions that can potentially damage the network. Data loss prevention (DLP) allows to avoid the leakage of confidential data, such as clients’ bank account details. DLP systems scan the data passing through a network to ensure that no sensitive information was leaked and got into the hands of cybercriminals’. DLP is designed to avoid the cases when your employees deliberately or unintentionally send an email with proprietary corporate data outside the corporate network. Security information and event management (SIEM) software gathers and aggregates the logs from the servers, domain controllers, and all other sources located in your network to analyze them and provide you with a report highlighting suspicious activities. Thus, you can use these reporting results to know whether your systems need special attention and curative measures. Implementing and managing information security measures There are three options to implement and manage information security measures. The choice will depend on the nature of industry you operate in (regulated/non-regulated) and available financial and human resources. Arranging your own information security department This method provides you with transparency of security activities happening within your network. However, it implies large expenses on organizing the work of a skilled security team, as well as buying necessary cybersecurity software. Thus, this option is most suitable for a midsized company that is rapidly expanding. Turning to a managed security service provider (MSSP) Deciding to work with an MSSP may be a more time and cost-effective option than arranging your own information security department. You entrust your company’s information security protection to a third party and stay within your financial capabilities. However, this option is not suitable for companies in regulated industries since they may find it risky to give a third-party security services provider control over all aspects of their corporate network security. Joining the efforts of your security department and an MSSP This option is an apt choice for those midsized companies that have to comply with security regulations and standards. While a reliable MSSP will provide you with a security monitoring service and report on suspicious activities or system errors happening across the network, your information security department can focus on eliminating the detected information security issues that can damage the corporate confidential data and customer personal information. Ensuring the robustness of information security measures Regardless of the set of measures applied to protect your IT infrastructure and their management option, your information security strategy should provide for the ongoing assessment of their efficiency. Vulnerability assessment that is usually followed by penetration testing should be conducted quarterly or annually (depending on the necessity of a company to comply with security regulations and standards). When combined, they not only help you to stay constantly aware of any security gap in your company’s network but also assist in reacting to the detected information security issues promptly. As a supplementary practice necessary for midsized businesses from regulated industries, threat monitoring must be ensured to check the network for indicators of cyber protection breaches like data exfiltration attempts. You’ll also need a structured incident response (IR) plan to identify the root causes of the cyber protection incidents that have already happened and remediate them rapidly not to cope with system outages or data losses in the future. Finally, train your staff regularly to increase their cybersecurity consciousness, and determine the appropriate behavior for your employees, such as an obligatory use of complex passwords and an awareness of how to dodge spamming or phishing attacks. In a nutshell Midsized companies can ensure effective cyber protection within their limited budget by employing such cybersecurity measures as antiviruses, firewalls, and email security. In case they need to stay compliant with security standards and regulations, they should also implement such protection measures as network segmentation, install IDS/IPS, SIEM and DLP, and ensure endpoint security. Either the company’s information security department and/or an MSSP can organize these measures in the network. Last but not least, the CIOs of CISOs of midsized companies must ensure that the security of their networks is monitored and regularly assessed to identify suspicious activities and cybersecurity breaches, and close security gaps. Author Bio Uladzislau Murashka is a Certified Ethical Hacker at ScienceSoft with 5+ years of experience in penetration testing. Uladzislau’s spheres of competence include reverse engineering, black box, white box and gray box penetration testing of web and mobile applications, bug hunting and research work in the area of Information Security. An attack on SKS Keyserver Network, a write-only program, poisons two high-profile OpenPGP certificates How Verizon and a BGP Optimizer caused a major internet outage affecting Amazon, Facebook, CloudFlare among others Amazon launches VPC Traffic Mirroring for capturing and inspecting network traffic

In large part, the security of an ecommerce company is the responsibility of its technical support team and ecommerce software vendors. In reality, cybercriminals often exploit the security illiteracy of the staff to hit a company. Of all the ecommerce team, web administrators are often targeted for hacker attacks as they control access to the admin panel with lots of sensitive data. Having broken into the admin panel, criminals can take over an online store, disrupt its operation, retrieve customer confidential data, steal credit card information, transfer payments to their own account, and do more harm to business owners and customers. Online retailers contribute to the security of their company greatly when they educate web administrators where security threats can come from and what measures they can take to prevent breaches. We have summarized some key lessons below. It’s time for a quick cybersecurity class! Lesson 1. Mind password policy Starting with the basis of cybersecurity, we will proceed to more sophisticated rules in the lessons that follow. The importance of secure password policy may seem obvious, it's still shocking how careless people can be with choosing a password. In e-commerce, web administrators set credentials for accessing the admin panel and they can “help” cybercriminals greatly if they neglect basic password rules. Never use similar or alike passwords to log into different systems. In general, sticking to the same patterns when creating passwords (for example, using a date of birth) is risky. Typically, people have a number of personal profiles in social networks and email services. If they use identical passwords to all of them, cybercriminals can steal credentials just to one social media profile to crack the others. If employees are that negligent about accessing corporate systems, they endanger the security of the company. Let’s outline the worst-case scenario. Criminals take advantage of the leaked database of 167 million LinkedIn accounts to hack a large online store. As soon as they see the password of its web administrator (the employment information is stated in the profile just for hackers’ convenience), they try to apply the password to get access to the admin panel. What luck! The way to break into this web store was too easy. Use strong and impersonalized passwords. We need to introduce the notion of doxing to fully explain the importance of this rule. Doxing is the process of collecting pieces of information from social accounts to ultimately create a virtual profile of a person. Cybercriminals engage doxing to crack a password to an ecommerce platform by using an admin’s personal information in it. Therefore, a strong password shouldn’t contain personal details (like dates, names, age, etc.) and must consist of eight or more characters featuring a mix of letters, numbers, and unique symbols. Lesson 2. Watch out for phishing attacks With the wealth of employment information people leave in social accounts, hackers hold all the cards for implementing targeted, rather than bulk, phishing attacks. When planning a malicious attack on an ecommerce business, criminals can search for profiles of employees, check their position and responsibilities, and conclude what company information they have access to. In such an easy way, hackers get to know a web store administrator and follow with a series of phishing attacks. Here are two possible scenarios of attacks: When hackers target a personal computer. Having found a LinkedIn profile of a web administrator and got a personal email, hackers can bombard them with disguised messages, for example, from bank or tax authorities. If the admin lets their guard down and clicks a malicious link, malware installs itself on their personal computer. Should they remotely log in the admin panel, hackers steal their credentials and immediately set a new password. From this moment, they take over the control over a web store. Hackers can also go a different way. They target a personal email of the web administrator with a phishing attack and succeed in taking it over. Let’s say they have already found out a URL to the admin panel by that time. All they have to do now is to request to change the password to the panel, click the confirmation link from the admin’s email and set a new password. In the described scenario, the web administrator has made three security mistakes of using a personal email for work purposes, not changing the default admin URL, and taking the bait of a phishing email. When hackers target a work computer. Here is how a cyberattack may unfold if web administrators have been reckless to disclose a work email online. This time, hackers create a targeted malicious email related to work activities. Let’s say, the admin can get a legitimate-looking email from FedEx informing about delivery problems. Not alarmed, they open the email, click the link to know the details, and compromise the security of the web store by giving away the credentials to the admin panel to hackers. The main mistake in dealing with phishing attacks is to expect a fraudulent email to look suspicious. However, phishers falsify emails from real companies so it can be easy to fall into the trap. Here are recommendations for ecommerce web administrators to follow: Don’t use personal emails to log in to the admin panel. Don’t make your work email publicly available. Don’t use work email for personal purposes (e.g., for registration in social networks). Watch out for links and downloads in emails. Always hover over the link prior to click it – in malicious emails, the destination URL doesn’t match the expected destination website. Remember that legitimate companies never ask for your credentials, credit card details or any other sensitive information in emails. Be wary of emails with urgent notifications and deadlines – hackers often try to allay suspicions by provoking anxiety and panic among their victims. Engage two-step verification for an ecommerce admin panel. Lesson 3.  Stay alert while communicating with a hosting provider Web administrators of companies that have chosen a hosted ecommerce platform for their e-shop will need to contact the technical support of their hosting provider now and then. Here, a cybersecurity threat comes unexpected. If hackers have compromised the security of the web hosting company, they can target its clients (e-commerce websites) as well. Admins are in serious danger if the hosting company stores their credentials unencrypted. In this case, hackers can get direct access to the admin panel of a web store. Otherwise, more sophisticated attacks are developed. Cybercriminals can mislead web administrators by speaking for tech support agents. When communicating with their hosting provider, web administrators should mind several rules to protect their confidential data and the web store from hacking. Use unique email and password to log in your web hosting account. The usage of similar credentials for different work services or systems leads to a company security breach in case the hosting company has been hacked. Never reveal any credentials on request of tech support agents. Having shared their password to the admin panel, web administrators can no longer authenticate themselves by using it. Track your company communication with tech support. Web administrators can set email notifications to track requests from team members to the tech support and control what information is shared. Time for an exam As a rule, ecommerce software vendors and retailers do their best for the security of ecommerce businesses. Thus, software vendors take the major role in providing for the security of SaaS ecommerce solutions (like Shopify or Salesforce Commerce Cloud), including the security of servers, databases and the application itself. In IaaS solutions (like Magento), retailers need to put more effort in maintaining the security of the environment and system, staying current on security updates, conducting regular audits and more (you can see the full list of Magento security measures as an example). Still, cybercriminals often target company employees to hack an online store. Retailers are responsible for educating their team what security rules are compulsory to follow and how to identify malicious intents. In our article, we have outlined the fundamental security lessons for web administrators to learn in order to protect a web store against illicit access. In short, they should be careful with personal information they publish online (in their social media profiles) and use unique credentials for different services and systems. There are no grades in our lessons – rather an admin’s contribution to the security of their company can become the evaluation of knowledge they have gained. About the Author Tanya Yablonskaya is Ecommerce Industry Analyst at ScienceSoft, an IT consulting and software development company headquartered in McKinney, Texas. After 2+ years of exploring the cryptocurrency and blockchain sphere, she has shifted the focus of interest to ecommerce industry. Delving into this enormous world, Tanya covers key challenges online retailers face and unveils a wealth of tools they can use to outpace competitors. The US launched a cyber attack on Iran to disable its rocket launch systems; Iran calls it unsuccessful All Docker versions are now vulnerable to a symlink race attack 12,000+ unsecured MongoDB databases deleted by Unistellar attackers

News about Russian hackers creating chaos in the European Union or Chinese infiltration of a US company has almost become routine. In March 2019, a Russian hacking group was discovered operating on Czech soil by Czech intelligence agencies. Details are still unclear, however, speculations state that the group is part of a wider international network based out of multiple EU countries and was operating under Russian diplomatic cover. The cybercriminal underground is complex, multifaceted, and by its nature, difficult to detect. On top of this, hackers are incentivized not to put their best foot forward in order to evade detection. One of the most common tactics is to disguise an attack so that it looks like the work of another group. These hackers frequently prefer to use the most basic hacking software available because it avoids the unique touches of more sophisticated software. Both of these processes make it more difficult to trace a hack back to its source. Tracing high-level hacking is not impossible; however, there are some clear signs investigators use to determine the origin of a hacking group. Different hacker groups have distinct motivations, codes of conduct, tactics, and payment methods. Though we will be using Russian and Chinese hacking as our main examples, the tips we give can be applied to protecting yourself from any state-sponsored attack. Chinese and Russian hacking – knowing the difference Russian speaking hacker forums are being exposed with increasing frequency, revealing not just the content shared in their underground network, but the culture that members have built up. They first gained notoriety during the 90s when massive economic changes saw the emergence of vast criminal networks – online and offline. These days, Russian hacks typically have two different motivations: geopolitical and financial. Geopolitical attacks are generally designed to create confusion. The role of Russian hackers in the 2016 US election was one of the most covered stories by international media. However, these attacks are most effective and most common in countries with weak government institutions. Many of them are also former Soviet territories where Russia has a pre-existing geopolitical interest. For example, the Caucasus region and the Baltic states have long been targeted by state-sponsored hackers. The tactics of these “active measures” are multivariate and highly complex. Hacking and other digital attacks are just one arm of this hybrid war. However, the hacks that affect average web users the most, tend to be financially motivated. Russian language forums on the dark web have vast sections devoted to “carder” communities. Carder forums are where hackers go to buy and sell everything from identity details, credit card details, data dumps, or any other information that has been stolen. For hackers looking to make a quick buck, carder forums are bread and butter. These forums and subforums include detailed tutorials on how to spoof a credit card number. The easiest way to steal from unsuspecting people is to buy a fake card. However, card scanners that steal a person’s credit card number and credentials are becoming increasingly popular. Unlike geopolitical hacks, financial attacks are not necessarily state-sponsored. Though individual Western hackers may be more skilled when it comes to infiltrating more complex system, Russian hackers have several distinct advantages. Unlike in Western countries, Russian authorities tend to turn a blind eye to hacking that targets either Western countries or former Soviet states. This allows hackers to work together in groups, something they’re discouraged from doing in countries that crack down on cyber attacks. This means Russian hackers can target more people at a greater speed than individual bad actors working in other countries. Why the Chinese do it? There are a number of distinct differences when it comes to Chinese hacking projects. The goal of state-sponsored Chinese attacks is to catch up to the US and European level of technological expertise in fields ranging from AI, biomedicine, alternative energy to robotics, and space technology. These goals were outlined in Xi Jinping's Made in China 2025 announcement. This means, the main target for Chinese hackers is economic and intellectual property, which can be corporate or government. In the public sector, targeting US defense forces yields profitable designs for state-of-the-art technology. The F-22 and F-35, two fighter aircraft developed for the US military, were copied and produced almost identically by China’s People’s Liberation Army. In the private sector, Chinese agents target large scale industries that use and develop innovative technology, like oil and gas companies. For example, a group might attack an oil firm to get details about exploration and steal geological assessments. This information would then be used to underbid their US competitor. After a bilateral no-hacking agreement between the US and Chinese leaders was signed in 2016, attacks dropped significantly. However, since mid-2018, these attacks have begun to increase again. The impact of these new Chinese-sponsored cyber attacks has been farther reaching than initially expected. Chinese hacking groups aren’t simply taking advantage of system vulnerabilities in order to steal corporate secrets. Many top tech companies believed they were compromised by a possible supply chain attack that saw Chinese microchips secretly inserted into servers. Though Chinese and Russian hackers may have different motivations, one thing is certain: they have the numbers on their side. So how can you protect yourself from these specific hacking schemes? How to stay safe – tips for everyday online security Cyber threats are a part of life connected to the internet. While there’s not a lot you can do to stop someone else from launching an attack, there are steps you can take to protect yourself as much as possible.  Of course, no method is 100% foolproof, but it’s likely that you can be protected. Hackers look for vulnerabilities and flaws to exploit. Unless you are the sole gatekeeper of a top-secret and lucrative information package that you’ve placed under heavy security, you may find yourself the target of a hacking scheme at some point or another.  Nevertheless, if a hacker tries to infiltrate your network or device and finds it too difficult, they will probably move onto an easier target. There are some easy steps you can take to bolster your safety online. This is not an exhaustive list. Rather, it’s a round-up of some of the best tools available to bolster your security and make yourself a difficult – and therefore unattractive – target. Make use of security and scanning tools The search tool Have I Been Pwned is a great resource for checking if your accounts have been caught up in a recent data breach. You can enter your email address or your password for any account to see whether either has been exposed. You can also set up notifications on your accounts or domains that will tell you immediately if they are caught in a data breach. This kind of software can be especially helpful for small business networks, which are more likely to find themselves on the receiving end of a Chinese hack. Hackers know that small businesses have fewer resources than large corporations, which can make their attacks even more devastating. Read Also: ‘Have I Been Pwned’ up for acquisition; Troy Hunt code names this campaign ‘Project Svalbard’ Manage your passwords One of the most common security mistakes is also one of the most dangerous. You should use a unique, complicated password for each one of your accounts. The best way to manage a lot of complicated passwords is with a password manager. There are browser extensions but they have an obvious drawback if you lose your device. It’s best to use a separate application. Use a passphrase, rather than a password, to access your password manager. A passphrase is exactly what it sounds like. Rather than trusting that hackers won’t be able to figure out a single word, using multiple words to create a full phrase is both easier to remember and harder to hack. If your device offers biometric access (like fingerprint), switch it on. Many financial apps also offer an additional layer of biometric security before you send money. Use a VPN A VPN encrypts your traffic, making it unreadable to outsiders. It also spoofs your IP address, which conceals your true location. This prevents sensitive information from falling into the hands of unscrupulous users and prevents your location details being used to identify you. Some of the premium VPNs integrate advanced security features into their applications. For example, malware blockers will protect your device from malware and spyware. Some also contain ad-blockers. Read Also: How to protect your VPN from Data Leaks Keep in mind that free VPNs can themselves be a threat to your online privacy. In fact, some free VPNs have been used by the Chinese government to spy on their citizens. That’s why you should only use a high-quality VPN like CyberGhost to protect yourself from hackers and online trackers. If you’re looking for the fastest VPN on the market, ExpressVPN has consistently been the best competition in speed tests. NordVPN is our pick for best overall VPN when comparing it based on price, security, and speed. VPNs are an important tool for both individuals and businesses. However, because Russian hackers prefer individual targets, using a VPN while dealing with any sensitive data, such as a bank, will help keep your money in your own account. Learn to identify and deal with phishing Phishing for passwords is one of the most common and most effective ways to extract sensitive information from a target. Russian hackers were famously able to sabotage Hillary Clinton’s presidential campaign when they leaked emails from campaign manager John Podesta. Thousands of emails on that server were stolen via a phishing scam. Phishing scams are an easy way for hackers to infiltrate companies especially. Many times, employee names and email addresses are easy to access online. Hackers then use those names for false email accounts, which tricks their coworkers into open an email that contains a malware file. The malware then opens a direct line into the company’s system. Crucially, phishing emails will ask for your passwords or sensitive information. Reputable companies would never do that. One of the best ways to prevent a phishing attack is to properly train yourself, and everyone in your company, on how to detect a phishing email. Typically – but not always – phishing emails use badly translated English with grammatical errors. Logos and icons may also appear ill-defined. Another good practice is to simply hover your mouse over the email, which will generally reveal the actual sender. Check the hosting platform and the spelling of the company name as these are both techniques used by hackers to confuse unwitting employees. You can also use a client-based anti-phishing software, like one from avast! or Kaspersky Labs, which will flag suspicious emails. VPNs with an anti-malware feature also offer reliable protection against phishing scams. Read Also: Using machine learning for phishing domain detection [Tutorial] Keep your apps and devices up-to-date Hackers commonly take advantage of flaws in old systems. Usually, when an update is released, it fixes these vulnerabilities. Make a habit of installing each update to keep your devices protected. Disable Flash Flash is a famously insecure piece of software that hackers can infiltrate easily. Most websites have moved away from flash, but just to be sure, you should disable it in your browser. If you need it later you can give Flash permission to run for just video at a time. What to do if you have been hacked If you do get a notice that your accounts have been breached, don’t panic. Follow the steps given below: Notify your workplace Notify your bank Order credit reports to keep track of any activity Get identity theft insurance Place a credit freeze on your accounts or a fraud alert Chinese and Russian hackers may seem impossible to avoid, but the truth is, we are probably not protecting ourselves as well as we should be. Though individuals are less likely to find themselves the target of Chinese hacks, most hackers are out for financial gain above all else. That makes it is more crucial to protect our private data. The simple tips provided above are a great baseline to secure your devices and protect your privacy, whether you want to protect against state-sponsored hacking or individual actors. Author Bio Ariel Hochstadt is a successful international speaker and author of 3 published books on computers and the internet. He’s an ex-Googler where he was the Global Gmail Marketing Manager and today he is the co-founder of vpnMentor and an advocate of online privacy. He’s also very passionate about traveling around the world with his wife and three kids.   Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns How to beat Cyber Interference in an Election process The most asked questions on Big Data, Privacy, and Democracy in last month’s international hearing by Canada Standing Committee

Industrial organizations are prime targets for spies, criminals, hacktivists and even enemy countries. Spies from rival organizations seek ways to access industrial control systems (ICS) so they can steal intelligence and technology and gain a competitive advantage. Criminals look for ways to ransom companies by locking down IT systems. Hacktivists and terrorists are always looking for ways to disrupt and even endanger life through IT and international antagonists might want to hack into a public system (e.g. a power plant) to harm a country's economic performance. This article looks at a number of areas where CTOs need to focus their attention when it comes to securing their organizations from cyber attacks. Third Party Collaboration The Target breach of November 2013 highlighted the risks of poor vendor management policies when it comes to cybersecurity. A third party HVAC (Heating, Ventilation, and Air Conditioning) provider was connected into the retailer's IT architecture in such a way that, when it was hacked, cybercriminals could access and steal credit card details from their customers. Every third party given access to your network–even security vendors–need to be treated as possible accidental or deliberate vectors of attack. These include catering companies, consultants, equipment rental firms, maintenance service providers, transport providers and anyone else who requests access to the corporate network. Then there are sub-contractors to think about. The IT team and legal department need to be involved from the start to risk assess third-party collaborations and ensure access if granted, is restricted to role-specific activities and reviewed regularly. Insider and Outsider Threat An organization's own staff can compromise a system's integrity either deliberately or accidentally. Deliberate attacks can be motivated by money, revenge, ideology or ego and can be among the most difficult to detect and stop. Organizations should employ a combination of technical and non-technical methods to limit insider threat. Technical measures include granting minimum access privileges and monitoring data flow and user behavior for anomalies (e.g. logging into a system at strange hours or uploading data from a system unrelated to their job role). One solution which can be used for this purpose is a privileged access management system (PAM). This is a centralized platform usually divided into three parts: an access manager, a session manager, and a password vault manager. The access manager component handles system access requests based on the company’s IAM (Identity and Access Management) policies. It is a good practice to assign users to specific roles and to limit access for each user to only those services and areas of the network they need to perform their role. The PAM system automates this process with any temporary extra permissions requiring senior authorization. The session manager component tracks user activity in real time and also stores it for future audit purposes. Suspicious user activity can be reported to super admins who can then terminate access. The password vault manager component protects the root passwords of each system and ensures users follow the company’s user password policy. Device management also plays an important part in access security. There is potentially a big security difference between an authorized user logging on to a system from a work desktop and the same user logging on to the same system via their mobile device. Non-technical strategies to tackle insider threat might include setting up a confidential forum for employees to report concerns and ensuring high-quality cyber security training is provided and regularly reviewed. When designing or choosing training packages, it is important to remember that not all employees will understand or be comfortable with the technical language, so all instructions and training should be stripped of jargon as far as possible. Another tip is to include plenty of hands-on training and real-life simulations. Some companies test employee vulnerability by having their IT department create a realistic phishing email and recording how many clicks it gets from employees. This will highlight which employees or departments need refresher training. Robust policies for any sensitive data physically leaving the premises are also important. Employees should not be able to take work devices, disks or flash drives off the premises without the company’s knowledge and this is even more important after an employee leaves the company. Data Protection Post-GDPR, data protection is more critical than ever. Failure to protect EU-based customer data from theft can expose organizations to over 20 million Euros worth of fines. Data needs to be secure both during transmission and while being stored. It also needs to be quickly and easily found and deleted if customers need to access their data or request its removal. This can be complex, especially for large organizations using cloud-based services. A full data audit is the first place to start before deciding what type of encryption is needed during data transfer and what security measures are necessary for stored data. For example, if your network has a demilitarized zone (DMZ), data in transit should always end here and there should be no protocols capable of spanning it. Sensitive customer data or mission-critical data can be secured at rest by encrypting it and then applying cryptographic hashes. Your audit should look at all components of your security provider. For example, problems with reporting threats can arise due to insufficient storage space for firewall logs. VPN Vulnerabilities Some organizations avoid transmitting data over the internet by setting up a VPN (Virtual Private Network). However, this does not mean that data is necessarily safe from cybercriminals. One big problem with most set-ups is that data will be routed over the internet should the VPN connection be dropped. A kill switch or network lock can help avoid this. VPNs may not be configured optimally and some may lack protection from various types of data leaks. These include DNS leaks, WebRTC, and IPV6 leaks. DNS leaks can occur if your VPN drops a connection and your browser defaults to default DNS settings, exposing your IP address. WebRTC, a fairly new technology, enables browsers to talk to one another without using a server. This requires each browser to know the other’s public IP address and some VPNs are not designed to protect from this type of leak. Finally, IPV6 leaks will happen if your VPN only handles IPV4 requests. Any IPV6 requests will be sent on to your PC which will automatically respond with your IP address. Most VPN leaks can be checked for using free online tools and your vendor should either be able to solve the issue or you may need to consider a different vendor. If you can, use L2TP (layer 2 tunneling protocol) or, OpenVPN rather than the more easily compromised PPTP (Point-to-Point Tunneling Protocol). Network Segmentation Industrial organizations tend to use network segmentation to isolate individual zones should a compromise happen. For example, this could immediately cut off all access to potentially dangerous machinery if an office-based CRM is hacked. The Purdue Model for Industrial Control Systems is the basis of ISA-99, a commonly referenced standard, which divides a typical ICS architecture into four to five zones and six levels. In the most basic model, an ICS is split into various area or cell zones which sit within an overall industrial zone. A demilitarized zone (DMZ) sits between this industrial zone and the higher level enterprise zone. Network segmentation is a complex task but is worth the investment. Once it is in place, the attack surface of your network will be reduced and monitoring for intrusions and responding to cyber incidents will be quicker and easier. Intrusion Detection Intrusion detection systems (IDS) are more proactive than simple firewalls, actively searching the network for signs of malicious activity. An IDS can be a hardware device or a software application and can use various detection techniques from identifying malware signatures to monitor deviations from normal traffic flow. The two most common classes of IDS are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). While NIDS focus on incoming traffic, HIDS monitor existing files, and folders. Alarm filtering (AF) technology can help to sort genuine threats from false positives. When a system generates a warning for every anomaly it picks up, agents can find it hard to connect failures together to find the cause. This can also lead to alarm fatigue where the agent becomes desensitized to system alarms and misses a real threat. AF uses various means to pre-process system alarms so they can be better understood and acted upon. For example, related failures may be grouped together and then assigned to a priority list. System Hardening and Patch Management System hardening means locking down certain parts of a network or device or removing features to prevent access or to stop unwanted changes. Patching is a form of system hardening as it closes up vulnerabilities preventing them from being exploited. To defend their organization, the IT support team should define a clear patch management policy. Vendor updates should be applied as soon as possible and automated where they can. Author Bio Brent Whitfield is CEO of DCG Technical Solutions, Inc. DCG provides a host of IT services Los Angeles businesses depend upon whether they deploy in-house, cloud or hybrid infrastructure. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. RSA Conference 2019 Highlights: Top 5 cybersecurity products announced Cybersecurity researcher withdraws public talk on hacking Apple’s Face ID from Black Hat Conference 2019: Reuters report 5 lessons public wi-fi can teach us about cybersecurity

At FOSDEM 2019, Belgium, Maximilian Blochberger talked about preventing cryptographic pitfalls by avoiding mistakes while integrating cryptographic mechanisms correctly. Blochberger is a research associate at the University of Hamburg. FOSDEM is a free and open event for software developers with thousands of attendees, this year’s event took place on second and third February. The goal of this talk is to raise awareness of cryptographic misuse. Preventing pitfalls in cryptography is not about cryptographic protocols but about designing better APIs. Consider a scenario where a developer that values privacy intends to add encryption. This is about integrating cryptographic mechanisms into your application. Blochberger uses a mobile application as an example but the principles are no specific to mobile applications. A simple task is presented—to encrypt a string which is actually difficult. A software developer who doesn't have any cryptographic or even security background would search it online. They will then copy paste a common answer snippet available on StackOverflow. Even though it had warnings of not being secure, but had upvotes and probably worked for some people. Readily available code like that has words like “AES” or “DES” and the software developer may not know much about those encryption algorithms. Using the default algorithms listed in such template code, and using the same keys is not secure. Also, the encryption itself is not CPA (chosen-plaintext attack) secure, the key derivation can be unauthenticated, among other things. 98% of security-related snippets are insecure according to many papers. It’s hard to get encryption right. The vulnerability is high especially if the code is copied from the internet. Implementing cryptographic mechanisms should be done by cryptographic engineers who have expertise in the field. The software developer does not need to develop or even know about the details of the implementation. Doing compiler checks instead of runtime checks is better since you don’t have to wait for something to go wrong before identifying the problem. Cryptography is harder than it actually looks. Many things can and do go wrong exposing encrypted data due to incorrect choices or inadequate measures. He demonstrates an iOS and macOS example using Tafelsalz. For more details with the demonstration of code, you can watch the video. Introducing CT-Wasm, a type-driven extension to WebAssembly for secure, in-browser cryptography Sennheiser opens up about its major blunder that let hackers easily carry out man-in-the-middle attacks Tink 1.2.0: Google’s new multi-language, cross platform, cryptographic library to secure data

The ongoing World Economic Forum meeting 2019 has seen a vast array of discussions on political, technological and other industrial agendas. The meeting brings together the world’s foremost CEOs, government officials, policy-makers, experts and academics, international organizations, youth, technology innovators and representatives of civil society with an aim to drive positive change in the world on multiple facets. This article will focus on the talk ‘Computing Technology at a Tipping Point’ that was moderated by Nicholas Carlson from Business Insider with a panel consisting of Antonio Neri, president and Chief Executive Officer of Hewlett Packard Enterprise, Jeremy O’Brien, CEO of PsiQuantum  and Amy Webb, Adjunct Assistant Professor of NYU Stern School of Business. Their discussion explored questions of today's age, ranging from- why this is an important time for technology, the role of governments in encouraging a technological revolution, role of the community and business in optimizing tech and the challenges faced as we set out to utilize the next generation computing technologies like quantum computing and AI. Quantum Computing - The necessity of the future The discussion kicked off with the importance of Quantum computing at the present as well as the future. O’Brien defined Quantum computing as “Nothing short of a necessary tool that humans need to build their future”. According to him, QC is a “genuinely exponentially powerful technology”, due to the varied applications that quantum computing can impact if put to use in the correct way - from human health, energy, to molecular chemistry among others. Webb calls the year 2019 as the year of divergence, where we will move from the classic Von Neumann architecture to a more diversified Quantum age. Neri believes we are now at the end of Moore’s law that states overall processing power for computers will double every two years. He says that two years from now we will generate twice the amount of data as generated today and there will be a major divergence between the data generated and the computation power. This is why we need to focus on solving architectural problems of processing algorithms and computing data rather than focussing on the amount of data. Why is this an exciting time for tech? O’Brien: Quantum Computing, Molecular simulation for Techno-Optimism O’Brien expresses his excitement in the Quantum Computing and molecular simulation field where developers are just touching the waters with both these concepts. He has been in the QC field for the past 20 years and says that he has faith in Quantum computing and even though it's the next big thing to watch out for, he assures developers that it will not replace conventional computing.  Quantum computers can be used in fact to improve the performance of classical computing systems to handle the huge amounts of data and information that we are faced with today. In addition to QC, another concept he believes that ‘will transform lives’ is molecular simulation. Molecular simulation will design new pharmaceuticals, new chemicals and help build really sophisticated computers to solve exponentially large problems. Webb: The beginning of the end of smartphones “We are in the midst of a great transformation. This is an explosion happening in slow motion”. Based on data-driven models she says this is the beginning of the end of smartphones. 10 years from now, as our phones retrieve biometric information to information derived from what we wear and we use, the computing environments will look different. Citing an example of MagicLeap who creates spatial glasses, she mentions how computable devices we wear will turn our environment into a computable space to visualize data in a whole different way. She advises business' to rethink how they function;  even between the current cloud V/s edge and computer architectures change. Companies should start thinking in terms of 10 years rather than short term, since decisions made today will have long term consequences. While this is the positive side, Webb is pessimistic that there is no global alignment on the use of data. On the basis of GDPR and other data laws, systems have to be trained. Neri: continuous re-skilling to stay relevant Humans should continuously re-skill themselves with changing times and technologies to avoid an exclusion from new jobs as and when they arrive. He further states that, in the field of Artificial intelligence, there should not be a concentration of power in a few entities like Baidu, Alibaba, Tencent Google, Microsoft, Facebook, Apple and others. While these companies are at the foremost while deciding the future of AI, innovation should happen at all levels. We need guidelines and policy  for the same- not to regulate but to guide the revolution. Business, community and Government should start thinking about ethical and moral codes. Government’s role in Technological Optimism The speakers emphasized on the importance of the government's’ involvement in these ‘exciting times’ and how they can work towards making citizens feel safe against the possible abuse of technology. Webb: Regulation of AI doesn't make sense We need to have conversations on optimizing Artificial Intelligence using available data. She expresses her opinion that the regulation of AI doesn't make sense. This is because we shift from a group of people understanding and implementing optimization to lawmakers who do not understand technical know-how. Nowadays, people focus on regulating tech instead of optimizing it because most don’t understand the nitty-gritties of a system, nor do they understand a system’s limitations. Governments play a huge role in this optimization or regulation decision making. She emphasizes on the need to get hold of the right people to come to an agreement ,“ where companies are a hero to their shareholders and the government to their citizens” . Governments should start talking about and exploring Quantum computing such that its benefits are distributed equitably in a shortest amount of time. Neri: Human centered future of computing He adds that for a human centered future of computing, it is we who need to decide what is good or bad for us. He agrees with Webb’s point that since technology evolves in a way we cannot think of, we need to come to reasonable conclusions before a crisis arrives. Further, he adds that governments should inculcate moral ethics while adopting and implementing technology and innovation. Role of Politicians in technology During the discussion, a member of the European Parliament stated that people have a common notion that politicians do not understand technology and cannot keep up with changing times. Stating that many companies do not think about governance, human rights, democracy and possible abuse of their products; the questioner says that we need a minimum threshold to protect human rights and safeguard humans against abuse. Her question was centered around ways to invite politicians to understand tech better before it's too late. Expressing her gratitude that the European Parliament is asking such a thoughtful question, Webb suggested that creating some kind of framework that the key people on all sides of the spectrum can agree to and a mechanism that incentivises everyone to play fairly- will help parliaments and other law making bodies to feel inclusive in understanding technology. Neri also suggested a guiding principle to think ethically before using any technology without stopping innovation. Technological progress in China and its implications on the U.S. Another question that caught our attention was the progress of technology in China and its implications on the US. Webb says that the development of tools, technologies, frameworks and  data gathering mechanisms to mine, refine and monetize data have different approaches in US and China. In China, the activities related to AI and activities of Baidu, Alibaba and Tencent are under the leadership of the Chinese communist Party. She says that it is hard to overlook what is happening in Chain with the BRI (Belt to Road Initiative), 5G, digital transformation, expansion in fibre and expansion in e-commerce  and a new world order is being formed because of the same. She is worried that the US and its allies will be locked out economically from the BRI countries and AI will be one of the factors propelling the same . Role of the Military in technology The last question pointed out that some of the worst abuses of technology can be done by governments and the military has the potential to misuse technology. We need to have conversations on the ethical use of technology and how to design technology to fit ethical morals. Neri says that corporations do have a point of view on the military using technology for various reasons and the governments are consulting them on the impacts of technology on the world as well. This is a hard topic and the debate is ongoing even though it is not visible to the people. Webb says that the US always had ties with the government. We live in a world of social media where conversations spiral out of control because of the same.  She advises companies to meet quarterly to have conversations along this line and understanding how their work with the military/ government align with the core values of their company. Sustainability and Technology Neri states that 6% of the global power is used to power data centers. It is important to determine how to address this problem. The solutions proposed for the same are: Innovate in different ways. Be mindful the entire supply chain--->from the time you procure minerals to build the system and recycle it. We need to think of a circular economy. Consider if systems can be re-used by other companies, check parts to be re-cycled and reused. We can use synthetic DNA to back up data - this could potentially use less energy. To sustain human life on this planet, we need to optimise how we ruse resources- physical and virtual, QC tool will invent the future. Materials can be built using QC. You can listen to the entire talk at the World Economic Forum’s official page. What the US-China tech and AI arms race means for the world – Frederick Kempe at Davos 2019 Microsoft’s Bing ‘back to normal’ in China Facebook’s outgoing Head of communications and policy takes the blame for hiring PR firm ‘Definers’ and reveals more

The following news story was reported by the Nine Network just a week after New Year's Day: an English teacher from Sydney was surprised when she found that her Facebook account was changing in strange ways. Jennifer Howell first noticed that her profile photo had changed, thus prompting her to change her password; however, she was abruptly logged out and locked out of her account upon attempting to do so. Later, she noticed that her profile had been hijacked by someone from the Middle East for the purpose of spreading radical propaganda. Nine Network journalists tracked down another Facebook user in Melbourne whose account had been similarly hijacked by hackers in the Middle East, and the goal was essentially the same. Even though both cases were reported to the Australian Cybercrime Online Reporting Network, nothing could be done about the hijacking, which may have been facilitated by password sniffing over unsecured connections. The Need for VPN Protection [Image courtesy of CNET.com] Seeing such worrisome reports about hacking is prompting many people to use virtual private networking (VPN) technology to secure their internet connections; however, these connections must be checked for potential leaks or they could be a waste of money. In essence, VPN connections protect online privacy by creating a secure tunnel between the client (who typically uses a personal computing device to connect to the internet) and the internet. A reliable VPN connection masks the user's geographical location by means of providing a different internet protocol (IP) address, which is the calling card of every online connection. Moreover, these connections encrypt data transmitted during sessions and provide a form of anonymous browsing. Like with almost all internet tools, VPN connections can also be subjected to certain vulnerabilities that weaken their reliability. Data leaks are a concern amongst information security researchers who focus on VPN technology, and they have identified the following issues: WebRTC Leaks Web Real-Time Communication (WebRTC) is an evolution of the Voice over Internet Protocol (VoIP) for online communications. VoIP is the technology that powers popular mobile apps such as Skype and WhatsApp; it has also replaced the legacy PBX telephone systems at many businesses. Let's say a company is looking to hire a new personnel. With WebRTC enabled on their end, they can direct applicants to a website they can access on their desktop, laptop, tablet, or smartphone to conduct job interviews without having to install Skype. The problem with WebRTC is that it can leak the IP address of users even when a VPN connection is established. DNS Hijacking The hijacking of domain name system (DNS) servers is an old malicious hacking strategy that has been appropriated by authoritarian regimes to enact internet censorship. The biggest DNS hijacking operation in the world is conducted by Chinese telecom regulators through the Great Firewall, which restricts access to certain websites and internet services. DNS hijacking is a broad name for a series of attacks on DNS servers, a common one involves taking over a router, server or even an internet connection for the purpose of redirecting traffic. In other words, hackers can impersonate websites, so that when you intend to check ABC News you will instead be directed to a page that resembles it, but in reality has been coded to steal passwords, compromise your identity or install malware. Some attacks are even more sophisticated than others. There is a connection between WebRTC and DNS hijacking: a malware attack known as DNS changer that can be injected into a system by means of JavaScript execution followed by a WebRTC call that you will not be aware of. This call can be used to determine your IP address even if you have connected through a VPN. This attack may be enhanced by a change of your DNS settings for the purpose of enlisting your computer or mobile device into a botnet to distribute spam, launch denial-of-service attacks or simply hijack your system without your knowledge. Testing for Leaks [Image courtesy of HowToGeek.com] In addition to WebRTC leaks and DNS queries, there are a few other ways your VPN can betray you: public IP address, torrents, and geolocation. The easiest way to assess if you’ve got a leakage is to visit IPLeak.net with your VPN turned off. Let this nifty site work its magic and make note of the information it offers. Leave the site, then turn your VPN on, and repeat the tests. Now compare the results. The torrents and geolocation tests are interesting but probably not as useful or as likely a culprit as the DNS. Your device navigates the internet by communicating with DNS servers that translate web URLs into numeric IP addresses. Most of the time, you’ll have defaulted through your ISP servers, which often leak like cheesecloth. The bad news is that, even with a VPN in place, leakage through your local servers can give up your physical location to spying eyes. To combat this, VPN services route their customers through servers separate from their ISP. Now that you’ve proven your data is leaking, what can you do about it? Preventing Leaks and Choosing the Right VPN Something you can do even before installing a VPN solution is to disable WebRTC in your browser. Some developers have already made this a default configuration, but many still ship with this option enabled. If you search for "WebRTC" within the help file of your browser, you may be able to find instructions on how to modify the flags or .config file. However, proceed with caution. Take the time to read and understand reliable guides such as this one from security researcher Paolo Stagno. Here are other preventative measures: When configuring your VPN, go with the servers it suggests, which will likely not be those of your ISP but rather servers maintained by the VPN company. Not all VPN companies have their own servers, so be aware of that when considering your options.  Be aware that the internet is transitioning its IP address naming system from IPv4 to IPv6. Without diving too deep into this topic, just be aware that if your VPN has not upgraded its protocols, then any site with a new IPv6 address will leak. Look for a VPN service compatible with the new format.  Make sure your VPN uses the newest version of the OpenVPN protocol.  Windows 10 has an almost impossible to change default setting that chooses the fastest DNS server, resulting in the chance it might ignore your VPN server and revert back to the ISP. The OpenVPN plugin is a good way to fight this. Final Thoughts In the end, using a leaky VPN defeats the security purpose of tunneled connections. It is certainly worth your while to evaluate VPN products, read their guides and learn to secure your system against accidental leaks. Keep in mind this is not a ‘set it and forget it’ problem. You should check for leakage periodically to make sure nothing has changed with your system. The winds of change blow constantly online and what worked yesterday might not work tomorrow. As a final suggestion, make sure the VPN you use has a kill-switch feature that breaks your connection in the event it detects a data leak. Author Bio Gary Stevens is a front-end developer. He’s a full-time blockchain geek and a volunteer working for the Ethereum foundation as well as an active Github contributor. Dark Web Phishing Kits: Cheap, plentiful and ready to trick you How to stop hackers from messing with your home network (IoT) Privacy Australia - can you be tracked if you use a VPN? What you need to know about VPNFilter Malware Attack

If black hats were sharks, then our emails would be a school of innocent, unsuspecting guppies nonchalantly drifting along. For black hats or malicious hackers, getting into the average person’s email is as challenging as overeating at a buffet. After all, e-mail is the most successful federated communication system ever built, with over 281 billion emails sent per day and growing. We’re helpless without email. Most people cannot imagine an hour going by without checking and answering emails, let alone a day. Over email, you send updates on your address and banking information to your service providers or clients, health information to your university or insurance agent, and more. Despite this, email traffic generally does not have end-to-end encryption, leaving it highly vulnerable. And 91% of cyber attacks are carried out through e-mail. Fish, meet barrel. And for whatever e-mail scanners or antivirus you have running, know that black hats are developing their own predatory tools at a much faster rate. Social engineering, baiting, and placing malicious links in places as seemingly harmless as unsubscribe buttons are just a few items from their arsenal of tricks. Cybersecurity companies are getting better at detecting threats and identifying suspicious emails or links, but most people are just not tech savvy enough to avoid these pitfalls. Many think that they don’t even need to bother, which you have to realize is like walking blindfolded through the Temple of Doom and expecting to get out of there unscathed. Don’t be that person. Don’t be in that school of fish just waiting to be a shark snack. It’s time to understand why protecting your email is so important and how black hats are plotting your demise. Data exploitation and ransom With the amount of conversation happening lately about the importance of having control over your data, it should be clear how valuable data can be. Data can be used for consumer and marketing purposes or misused to fraudulently conduct purchases on e-commerce sites. It can be sold to other parties who will use it for illicit or illegal purposes, or even just to steal even more data from your friends and family. Equifax was one of the more famous data breaches that occurred recently. It affected over 200,000 people and compromised their credit card information, social security numbers, credit scores, and other very sensitive information. Now if you’re not in the 1%, you probably think you’re not the type to be subject to be a ransom attack, but you’d be wrong. You don’t need to be famous or powerful for people to try to bleed you dry in this way. Ransomware attacks, or attacks that are meant to hold on to your data in return for ransom money, rose by 250% in 2017. WannaCry is an example of an infamous ransomware attack, which caused an estimated $1B in damage or more. Identity Theft The dangers of identity theft may be obvious, but many people don’t understand to what extent it can really affect their future. Identity theft may actually be the worst thing a hacker can do with your information. In 2017, the direct and indirect cost of identity theft in the US was estimated at $16.8 billion. Identity theft harmed 16.7 million people,  which is about 7% of American adults! And one weakness leads to another - back in 2014, the Department of Justice estimated that about ⅓ of Americans who suffered a data breach subsequently became victims of financial fraud. Now in 2018, this is only likely to have increased. Here are just a few things thieves can do with your identifying information: Open credit cards or take out loans Aside from your name, if black hats also obtain your Social Security number, birthdate, and address, they can open credit cards and apply for loans in your name. Intercept your tax refund The tax refund you are excited about may not come after all if you get hacked. People who wait until the last moment to declare are more vulnerable and thieves may counterfile a fake tax return using your identity. Use it to receive medical treatment By obtaining your SSN and health insurance account numbers, black hats can use or sell your information in order to receive medical treatment. According to a study from Michigan State University, there were nearly 1,800 incidents of medical data breaches with patients’ information from October 2009 to December 2016. These breaches can be used to receive treatments, prescriptions, and even put your own health at risk if the thief’s medical information is now mixed up with yours. Travel with your airline miles Airline miles can be exchanged for cash, gift cards, and products or upgrades. Millions of miles have been stolen easily through phishing emails and other simple email scams. Open utility accounts 13% of 2016’s fraud incidents were related to phone and utility accounts. Thieves can open an account with a gas, phone, or electric company using your stolen SSN and then run up huge bills in your name, right under your nose. Outsmarting the sharks The first and simplest step you can take to defend against email fraud is to learn to avoid phishing schemes. A phishing scheme is when someone emails you pretending to be someone they’re not. (Think Nigerian princes or friends who suddenly find themselves abroad without a wallet when you could have sworn they were at the bar Friday night.) They could also be pretending to be from your email or healthcare provider asking you to log in. These e-mails often include links to phishing sites that will collect your passwords and personal information. You may have heard that using passphrases instead of passwords can help protect you, and it’s true that they are more secure. They’re even stronger when you include special characters like quotation marks, and use languages other than English. This is the best known practice for generating strong passwords. But these passphrases can still be stolen through phishing, just like any password. So don’t let a clever passphrase lull you into a false sense of security. Phishing is extremely prevalent. About 1.4 million of these fake sites are created each month, and around 135 million phishing attempts are made via email every single day. Here are some main rules of thumb to avoid phishing, and all they take are common sense: Don’t follow any links that don’t have https in the URL. Avoid links that lack the S. Don’t enter your password after following any link from any e-mail. Even if it really looks legit. If it’s from your bank, for example, just enter your banking app normally to complete whatever the e-mail is asking you to do. Do not follow the e-mailed link. Chances are, you’ll discover your account is normal and requires no attention at all. Bullet dodged. Keep your accounts secure with two factor authentication - that means adding an extra step to your login process, like receiving a security code to your phone. This is annoying for sure, but it does help keep predators out until a better solution is offered to the masses. We’re looking at you, e-mail security industry! We’re in dangerous waters these days, and the hacker sharks are circling, but you’re not helpless if you pay attention. Treat your e-mail with the same careful consideration with which you’d (hopefully) treat your wallet or other tangible assets, and you’ll go a long way towards avoiding the worst. Good luck out there! Author Bio Georg Greve is the Co-founding Chairman and Head of Product Development at Vereign, an intuitive software platform on a mission to bring authenticity and privacy to day-to-day online communication. Georg is also a software developer, physicist, and entrepreneur, with two decades of experience working closely with Red Hat, IBM, and Google as well as the United Nations, European Commission and various countries. His interest in information security dates back even further. He previously worked on the secure messaging platform Kolab, and as Founding President of the Free Software Foundation Europe (FSFE), where he received the German Federal Cross of Merit on Ribbon for his groundbreaking work on Open Standards and Free Software. Dark Web Phishing Kits: Cheap, plentiful and ready to trick you. Using machine learning for phishing domain detection [Tutorial] Meet ‘Gophish’, the open source Phishing Toolkit that simulates real-world phishing attacks

Keren Elazari, a world renowned cybersecurity analyst and senior researcher at the Tel Aviv University Interdisciplinary Cyber Research Center, author and speaker spoke earlier this year at Six, about the future of cybersecurity and a range of real world attacks in recent years. She also dived into the consequences as well as possible motivations behind such attacks. The Six event covers various press conferences and hackathons. The Six event organizes around one billion security events on a daily basis. The cybersecurity events organized by Six has international experts who answer various questions and give insights on various topics. This article highlights few insights from this year’s Six on Cybersecurity talk by Keren Elazari on The Future of Cybersecurity from a hacker’s perspective. How hackers used Starbucks’ free WiFi to use customer CPU resources for crypto mining “What if I told you that in 10 seconds I could take over your computer, generate thousands of dollars worth of cryptocurrencies all while you are drinking your morning coffee? You might think it’s impossible, by this is exactly what happened in Argentina earlier this year.” - Keren Elazari Earlier this year, the Starbucks customers  at Argentina experienced a slight delay of 10 seconds after logging into the website for free Wi-Fi. So what exactly happened? A security researcher discovered that the computer was running Coinhive, a type of distributed cryptocurrency mining software for those ten seconds. It was running on all the machines in Argentinian Starbucks that logged in for free Wi-Fi and the software generated a lot of  monero, the cryptocurrency (money). The hacker didn’t even have to code a JavaScript for this attack as he just had to buy the code from Coinhive. The business model of the company behind Coinhive allows anyone to monetize the user’s CPU. Cyber criminals can earn a lot of money from technologies like Coinhive. There are actually some news sites in the US that are looking at using such coinhiving solution as an alternative to paying for the news. This is an example of how creative technologies made by cybercriminals can even generate completely new business models. IoT brings a whole new set of vulnerabilities to your ecosystem “According to the Munich security conference report, they are expecting this year double the amount of devices than there are humans on this planet. This is not going to change. We definitely need an immune system for new digital universe because it is expanding without a stop.”   Devices like cameras, CCTVs, webcams etc could be used by potential hackers to spy of users. But even if measures such as blocking its vision with tape is taken, web cams can be hacked, not with an intention to steal pictures but to hack of other devices. How the Mirai DDoS attack used webcams to bring down the likes of Airbnb and Amazon This is what happened 2 years ago, when the massive internet DDoS attack - Mirai took place. Over the course of a weekend it took down websites all over the world. Websites like Amazon, Airbnb, and large news sites etc were down, due to which these companies faced losses. This attack was supercharged by the numerous devices in people’s homes. These devices where for DDoS attack because they were using basic internet protocols such as DNS which can be easily subverted. Even worse, many of the devices used default username password combinations. It’s important to change the passwords for the newly purchased devices. With shodan, a search engine, one can check the internet connected devices in their organizations or at home. This is helpful as it improves protection for the organizations from getting hacked. How hackers used a smart fish tank to steal data from a casino and an AI caught it “Hackers have found very creative, very fast automatic ways to identify devices that they can use and they will utilize any resource online. It would just become a part of their digital army. Speaking of which even an aquarium, a fish tank was hacked recently.” Recently, a smart fish tank in a US Casino was hacked. It had smart sensors that would check the temperature and the feeding schedule of the fish and the salinity of the water. While, hacking a fish tank does not appear to have any monetary incentive to a hacker, its connection to the internet make it a valuable access point.. The hackers, who already had access to the casino network, used the outgoing internet connection of the aquarium to send out 10 gigabytes of data from the casino. As the data was going of this connection, there was no firewall and it got noticed by none. The suspicious activity was flaggedby a self learning algorithm which realized that there was something fishy as the outgoing connection had no relation with the fish tank setup. How WannaCry used Ransomware attacks to target organizations “I don’t think we should shame organizations for having to deal with ransomware because it is a little bit like a flu in a sense that these attacks are designed to propagate and infect as many computers as they can.”- Keren Elazari In May 2017, the WannaCry ransomware attack by the WannaCry ransomware cryptoworm, affected the computers running the Microsoft Windows operating system by encrypting data and the criminals demanded ransom payments in the Bitcoin cryptocurrency. This attack affected the UK National Health Service the most as according to NHS, 30% of that national health services were not functioning. 80 out of the 236 trusts got affected in England. As per the UK government, North Korea was behind this attack as they are need of money because they are under sanctions. The Lazarus Group, a cybercrime group from North Korea attacked the Swift infrastructure and also attacked the central bank of Bangladesh last year. NotPetya - The Wiper attack “Whoever was hacking the tax company in the Ukraine wanted to create an effective virus that would destroy the evidence of everything they have been doing for two years in a bunch of Ukrainian companies. It might have been an accident that it infected so many other companies in the world.” In June, 2017, NotPetya, a wiper attack affected enterprise networks across Europe. The Ukrainian companies got highly affected. This attack appeared like a ransomware attack as it demanded some payment but it actually was a wiper attack. This attack affected the data and wiped off the data stored for two years. Maersk, the world's largest container shipping company got highly affected by this attack. The company faced a heavy loss of amount $300 million and was a collateral damage. Out-of-life operation systems were most affected by this virus. The software vulnerability used in both of these attacks, ransomware and wiper was a code named, EternalBlue, a cyber weapon which was discovered and developed by National Security Agency (NSA). The NSA couldn’t keep a track of EternalBlue and the criminals took advantage of this and attacked using using this cyber weapon. Earlier this year, a cyber attack was made on the German government IT network. This attack affected the defence and interior ministries' private networks. Why might motivate nation state actors back cyber-attacks? “The story is never simple when it comes to cyber attackers. Sometimes the motivations of a nation or nation state actors can be hidden behind what seems like a financial or criminal activity.” One of the reasons behind a nation or state backing a cyber-attack could be the the financial aspect, they might be under sanctions and need money for developing nuclear weapons. Another reason could be that the state or country is in a state of chaos or confusion and it is trying to create a dynamic from which they could benefit. Lastly, it could be an accident, where the cyber attack sometimes gets more effective than what the state has ever imagined of. What can organizations do to safeguard themselves from such cyberattacks? Consider making hundreds of security decisions everyday while putting personal details like credit card on a website, downloading a software that cause trouble to the system, etc. Instead of using a recycled password, go for a new one. Educating employees in the organizations about penetration testing. Sharing details of the past experience with regards to hacking, will help in working towards it. Developing a cybersecurity culture in the organization will bring change. Invite a Red team to the organizations to review the system. Encourage Bug Bounty Programs for reporting bugs in organization. Security professionals can work in collaboration with programs like Mayhem. Mayhem is an automated system that helps in finding the bugs in a system. It won the hacking challenge in 2016 but beaten by humans the next year. “Just imagine you are in a big ball room and you are looking at the hacking competition between completely automated supercomputers  and this (Mayhem) ladies and gentlemen is the winner and I think is also the future.” Just two years ago, Mayhem, a machine won in a hacking competition organized by United  States Defense Advanced Research Projects Agency (DARPA), Las Vegas, where seven machines (supercomputers) competed against each other. Mayhem is the first non-human to win a hacking competition. In 2017, Mayhem competed against humans, though humans won it. But we can still imagine how smart are smart computers. What does the Future of Cybersecurity look like? “In the years to come, automation, machine learning, algorithms, AI will be an integral part, not just of every aspect of society, but [also an] integral part of cybersecurity. That’s why I believe we need more such technologies and more humans that know how to work alongside and together with these automated creatures. If you like me think that friendly hackers, technology, and building  an ecosystem will a good way to create a safer society, I hope you take the red pill and wake up to this reality,” concludes Elazari. As 2018 comes to a close plagued with security breaches across industries, Keren’s insightful talk on cybersecurity is a must watch for everyone entering 2019. Packt has put together a new cybersecurity bundle for Humble Bundle 5 lessons public wi-fi can teach us about cybersecurity Blackberry is acquiring AI & cybersecurity startup, Cylance, to expand its next-gen endpoint solutions like its autonomous cars’ software

Spam email is a part of daily life on the internet. Even the best junk mail filters will still allow through certain suspicious looking messages. If an illegitimate email tries to persuade you to click a link and enter personal information, then it is classified as a phishing attack. Phishing attackers send out email blasts to large groups of people with the messages designed to look like they come from a reputable company, such as Google, Apple, or a banking or credit card firm. The emails will typically try to warn you about an error with your account and then urge you to click a link and log in with your credentials. Doing so will bring you to an imitation website where the attacker will attempt to steal your password, social security number, or other private data. These days phishing attacks are becoming more widespread. One of the primary reasons is because of easy access to cybercrime kits on the dark web. With the hacker community growing, internet users need to take privacy seriously and remain vigilant against spam and other threats. Read on to learn more about this trend and how to protect yourself. Dark Web Basics The dark web, sometimes referred to as the deep web, operates as a separate environment on the internet. Normal web browsers, like Google Chrome or Mozilla Firefox, connect to the world wide web using the HTTP protocol. The dark web requires a special browser tool known as the TOR browser, which is fully encrypted and anonymous. Image courtesy of Medium.com Sites on the dark web cannot be indexed by search engines, so you'll never stumble on that content through Google. When you connect through the TOR browser, all of your browsing traffic is sent through a global overlay network so that your location and identity cannot be tracked. Even IP addresses are masked on the dark web. Hacker Markets Much of what takes place in this cyber underworld is illegal or unethical in nature, and that includes the marketplaces that exist there. Think of these sites as blackmarket versions of eBay, where anonymous individuals can buy and sell illegal goods and services. Recently, dark web markets have seen a surge in demands for cybercrime tools and utilities. Entire phishing kits are sold to buyers, which include spoofed pages that imitate real companies and full guides on how to launch an email phishing scam. Image courtesy of Medium.com When a spam email is sent out as part of a phishing scam, the messages are typically delivered through dark web servers that make it hard for junk filters to identify. In addition, the "From" address in the emails may look legitimate and use a valid domain like @gmail.com. Phishing kits can be found for as less as two dollars, meaning that inexperienced hackers can launch a cybercrime effort with little funding or training. It’s interesting to note that personal data prices at the Dark Web supermarket range from a single dollar (Social Security card) to thousands (medical records). Cryptocurrency Scandal You should be on the lookout for phishing scandals related to any company or industry, but in particular, banking and financial attacks can be the most dangerous. If a hacker gains access to your credit card numbers or online banking password, then can commit fraud or even steal your identity. The growing popularity of cryptocurrencies like Bitcoin and Ether have revolutionized the financial industry, but as a negative result of the trend, cybercriminals are now targeting these digital money systems. MyEtherWallet website, which allows users to store blockchain currency in a central location, has been victim to a number of phishing scams in recent months. Image courtesy ofMyEtherWallet.com Because cryptocurrencies do not operate with a central bank or financial authority, you may not know what a legitimate email alert for one looks like. Phishing messages for MyEtherWallet will usually claim that there is an issue with your cryptocurrency account, or sometimes even suggest that you have a payment pending that needs to be verified. Clicking on the link in the phishing email will launch your web browser and navigate to a spoofed page that looks like it is part of myetherwallet.com. However, the page is actually hosted on the hacker's network and will feed directly into their illegitimate database. If you enter your private wallet address, which is a unique string of letters and numbers, the hacker can gain access to all of the funds in your account. Preventative Measures Phishing attacks are a type of cybercrime that targets individuals, so it's up to you to be on guard for these messages and react appropriately. The first line of defense against phishing is to be skeptical of all emails that enter your inbox. Dark web hackers are getting better and better at imitating real companies with their spam and spoofing pages, so you need to look closely when examining the content. Always check the full URL of the links in email messages before you click one. If you do get tricked and end up navigating to a spoofed page in your web browser, you still have a chance to protect yourself. All browsers support secure sockets layer (SSL) functionality and will display a lock icon or a green status bar at the top of the window when a website has been confirmed as legitimate. If you navigate to a webpage from an email that does not have a valid SSL certificate, you should close the browser immediately and permanently delete the email message. The Bottom Line Keep this in mind. As prices for phishing kits drop and supply increases, the allure of engaging in this kind of bad behavior will be too much to resist for an increasing number of people. Expect incidents of phishing attempts will increase. The general internet-browsing public should stay on high alert at all times when navigating their email inbox. Think first, then click. Author Bio Gary Stevens is a front-end developer. He’s a full-time blockchain geek and a volunteer working for the Ethereum foundation as well as an active Github contributor. Packt has put together a new cybersecurity bundle for Humble Bundle Malicious code in npm ‘event-stream’ package targets a bitcoin wallet and causes 8 million downloads in two months Why scepticism is important in computer security: Watch James Mickens at USENIX 2018 argue for thinking over blindly shipping code