Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Paypal confirms users may have been affected by security breach
https://consumerandsociety.com/2020/01/14/paypal-confirms-users-may-have-been-affected-by-security-breach/
According to a report by a security analyst, Alex Birsan, PayPal has put user passwords at risk to hackers. PayPal has confirmed the claims and admitted that weaknesses in its security could have put users at risk in early December 2019.
The issue was disclosed last week, and Birsan, the researcher, reportedly, was awarded $15,300 for discovering the issue. He said that he discovered the flaw in the site’s security when looking at the main authentication flow on the website itself.
He noticed that the JavaScript file on the website didn’t look right and contained what seemed like a cross-site request forgery (CSRF) token and a session ID. He noted that this means that revealing session data within a JavaScript file “usually allows it to be retrieved by attackers.”
In a public disclosure, he said that “This is the story of a high-severity bug affecting what is probably one of PayPal’s most visited pages.” Brisan says that there was a work-around to PayPal’s security measures that was easy to discover by hackers.
PayPal has since carried out its own investigations into the concerns. It says that “sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation,”
When using the site, in some cases, users are required to authenticate the page by solving a CAPTCHA challenge. If there are a number of failed attempts to log in, users may not be required to carry out the authentication challenge.
PayPal added that, in order for the security flaw to happen, users would have to follow a link from a malicious site and then be tricked into giving their login details and password. If they did this, hackers could obtain the information and complete the security test.
The company said in a statement, “This exposure only occurred if a user followed a login link from a malicious site, similar to a phishing page.”
==================================================================
5 reasons why Wave Knowd would be a great authentication solution for Paypal and its customers:
1. Wave and PayPal tested under NSTIC.
2. Wave Knowd would be simple to use and secure for PayPal and its customers.
3. CAPTCHAs would be a thing of the past.
4. PayPal would be uniquely and be better protected vs. other 2FA products.
5. Occurrences like in the article above wouldn't happen if Wave Knowd became available.
Please see previous post for more information on Wave Knowd!!
German Researchers Accessed Service Members’ Sensitive Medical Data—and One Lawmaker Wants Answers
https://www.nextgov.com/cybersecurity/2020/01/german-researchers-accessed-service-members-sensitive-medical-dataand-one-lawmaker-wants-answers/162497/
Sen. Mark Warner wants to know what the Defense Health Agency is doing to secure “a significant number” of medical images.
A Democratic lawmaker wants answers and actions taken to address unsecured servers at three military medical facilities that he said are putting service members’ personal information at risk.
Sen. Mark Warner, D-Va., penned a letter to the Defense Health Agency Thursday pressing it to eliminate the exposure of sensitive medical data belonging to military personnel that he said remains vulnerable due to risky practices at Fort Belvoir Medical Center, Ireland Army Health Clinic and the Womack Army Medical Center.
“The exposure of this information is an outrageous violation of privacy and represents a grave national security vulnerability that could be exploited by state actors or others,” Warner wrote.
DICOM is the standard format for medical images, and Warner—who co-chairs the bipartisan Senate Cybersecurity Caucus—recently learned that anyone with a DICOM web viewer can access service members’ personally identifiable and sensitive medical information from the three entities, due to unsecured Picture and Archiving Servers, or PACs. Last September, Warner wrote to health care entities that controlled the PACs after a comprehensive investigation detailed how the servers were leaving millions of Americans’ medical images up for grabs on the internet without their consent.
Following the first letter, the images were removed—but Warner said records belonging to 6 million Americans were still accessible online. In November, the lawmaker wrote to the Health and Human Services Department’s Office of Civil Rights about the information that remained exposed. Since then, the senator said 16 systems, 31 million images and 1.5 million exam records were removed from the internet.
“However, I recently learned that a significant number of medical records belonging to servicemembers remain online,” Warner wrote in the latest correspondence. That information, he noted, was discovered by German researchers who accessed the information using German IP addresses.
“This itself should have triggered alarms by the hospital information security systems,” he wrote.
In Thursday’s letter, the lawmaker presses the agency to remove the vulnerable PACs from open access to the internet and immediately mitigate the security issues. To understand the severity of exposure, Warner also asks officials to answer a series of questions regarding information security management practices at military medical hospitals. He asks whether full-disk encryption and authentication for PACs are required by the agency and whether hospitals are directed to hire chief information security officers, among other questions. Warner also added that he expects a response within two weeks due to the issue’s gravity.
“As a matter of national security, the sensitive medical information of our men and women of the armed services is particularly vulnerable and should be, at a minimum, protected by robust security controls and routine scans,” he wrote.
=================================================================
Facebook users will be notified when their credentials are used for third-party app logins
https://www.helpnetsecurity.com/2020/01/16/facebook-login-third-party-apps/
Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account.
At the same time, users will be able to react quickly if someone managed to compromise their Facebook accounts and is using their credentials to access other apps and websites.
Login Notifications
The new feature, called Login Notifications, will deliver notifications to users via the Facebook app and user’s associated email.
The sending of those notifications will be triggered every time a user (or attacker):
•Logs into a third-party app with Facebook Login and grants the app access to their information
•Re-uses Facebook Login to log into a third-party app after an app’s access to information has expired.
As you can see in the image above, each notification will include a list of the information the app/website pulls from the Facebook account to personalize the user’s experience, as well as offer a direct link to Facebook Settings > Apps and Websites, so users can limit the information shared with the app/service or remove the app altogether.
Privacy push
“The design and content of the Login Notifications remind users that they have full control over the information they share with 3rd party apps, with a clear path to edit those settings,” Puxuan Qi, a software engineer at Facebook, explained.
“We will continue to test additional user control features in early 2020, including bringing permissions to the forefront of the user experience when logging into a 3rd party app with Facebook Login.”
This new feature is part of Facebook’s broader attempt to show they care about user privacy and minimize the fallout of incidents such as the massive 2018 Facebook data breach (when attackers managed to steal access tokens of at least 50 million users, potentially allowing them to take over victims’ Facebook accounts and log into accounts the victims opened on third-party websites and apps by using Facebook Login) and the Cambridge Analytica scandal (CA used information collected through third-party apps without users agreeing to their data being used to fuel election campaigns or even knowing about it).
==================================================================
Wouldn't it be so much easier, more secure and better for the customer if government and Facebook and its customers were able to use 'Wave Knowd' for better authentication?!!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Trump says US 'better at cyber than anyone in the world’
https://www.fifthdomain.com/dod/2020/01/13/trump-says-us-better-at-cyber-than-anyone-in-the-world/
President Donald Trump said the United States “is better at cyber than anyone else in the world” in a Jan. 9 interview with a Toledo television station, marking one of the rare times during his administration he appears to be speaking about military cybersecurity operations.
Trump spoke about a possible cyberattack from Iran with 13ABC’s Lee Conklin while in Ohio for a rally. Conklin asked the president what the White House was doing to protect the nation’s computer systems from an attack.
“Cyber is a whole thing. It’s a whole new field. We have some tremendous people. We’re better at cyber than anybody else in the world," he said. "But we weren’t really using that power, that intellect, on cyber. We weren’t doing it. And now we are. And we have – I have – incredible people in charge of cyber. If we ever get hit, we’ll hit very hard. We’ll be able to hit very hard. But it’s a new form of war – warfare – and I think we have it very well under control.”
Trump appears to be referring to the White House’s new, more aggressive cybersecurity strategy and a revamped philosophy on cyber operations with the Department of Defense. In 2018, the Department of Defense began following a new philosophy for cyber operations to better protect U.S. networks and infrastructure. Known as “defend forward,” the approach allows U.S. cyber forces to be active in foreign network outside the United States to either act against adversaries or warn allies of impending cyber activity that they’ve observed on foreign networks.
Gen. Paul Nakasone is the head of U.S. Cyber Command. In recent years, Cyber Command appears to have conducted at least three operations according to reporting from the Washington Post, Yahoo News and Reuters. This includes disrupting internet access at a Russian troll factory to protect the integrity of U.S. elections and operations against Iran. On Jan. 11, the New York Times reported that earlier this year American officials considered conducting a cyberattack to “partly disable Iran’s oil and gas sector.”
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
Wave solutions could be a game-changer for cyber defense!!!
Android Trojan Steals Your Money to Fund International SMS Attacks
https://www.bleepingcomputer.com/news/security/android-trojan-steals-your-money-to-fund-international-sms-attacks/
==================================================================
Wave Endpoint Monitor would stop a Trojan such as the one in the article. Wave Knowd could better authenticate users to the banking sites!!! Both Wave solutions could provide better security to users in this article unlike many solutions!! Wave has many great solutions, and unfortunately some are not being used. Wave could be like a BIG WAVE since it really has been ahead of its time, and needs the collective energy and creativity of its current and former employees!
==================================================================
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
https://www.wavesys.com/
Microsoft contractors in China listened to Skype recordings with woefully bad levels of cybersecurity, report reveals
https://www.businessinsider.com/microsoft-contractors-listened-to-recordings-with-minimal-security-2020-1
==================================================================
WidePoint Partners with KoolSpan to Offer End-to-End Encryption for Phone Calls and Text Messages
https://www.widepoint.com/widepoint-partners-with-koolspan-to-offer-end-to-end-encryption-for-phone-calls-and-text-messages/
==================================================================
On Monday May 12, 2014, WidePoint Corporation (WYY) announced a collaboration with Wave Systems Corp. (WAVX) that will enable WidePoint to utilize Wave’s security software technology to secure digital certificates within a trusted platform module (TPM) chip on customer devices. The solution strongly binds certificates to an identity and protects the certificate private key within the TPM hardware module
https://www.wavesys.com/widepoint-collaborates-wave-secure-digital-certificates
The importance of cybersecurity: Protecting against cyber-attacks
https://www.openaccessgovernment.org/timportance-of-cybersecurity-against-cyber-attacks/80457/
Thorsten Stremlau, Trusted Computing Group’s Marketing Work Group Co-Chair, highlights the importance of cybersecurity, as well as the risks of cyber-attacks and how best to protect against them
The number of high-value breaches for companies is increasing every year, making cybersecurity a top priority for C-level executives. According to a Cisco study, there has been a 350% increase in ransomware attacks annually and the Ponemon Institute predicts that the average cost of a data breach is $4 million. Yet, around 80% of breaches are caused by bad system configurations and passwords which means that human error continues to be the biggest security threat for organisations. Further to this, up to 87% of senior managers have admitted to accidentally leaking business data. Cybersecurity needs to be a corporate priority, from senior executives throughout the rest of the company and implemented into everyday operational activities.
The Onion Skin model
The key to maximum cybersecurity protection is to take a multi-layered approach with security embedded into every layer. With several levels of defence in place, organisations can be fully prepared for the wide variety of security breaches that are possible, as well as being future-proofed as attacks become more advanced in the future. Protecting against human error and accidental leaks is also an integral part of this multi-layered approach.
At the core of the Onion Skin model is hardware; hardening the core of your cybersecurity is imperative to building a good cybersecurity model. Standards organisations such as the Trusted Computing Group (TCG) have set out to address the challenges that cybersecurity brings at every level. Every additional layer of cybersecurity is built on top of a strong hardware core to provide comprehensive cybersecurity that is able to defend against a multitude of attacks.
A critical solution that is currently available across the industry to ensure data and device protection is the Trusted Platform Module (TPM) – a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The TPM is an international standard for a secure cryptoprocessor which allows computer programmes to authenticate devices, since each TPM chip has a unique and secret RSA key burned in as it is produced. Pushing the security down to the hardware level provides more protection than a software-only solution.
TPMs can be used in computing devices other than PCs, such as mobile phones or network equipment and have been built into billions of devices worldwide. As a go-to solution for those looking to protect their embedded systems, a core feature of the TPM is the root of trust measurement. This means that a device can verify its own integrity and health by checking if any modifications have been made while it is off or not in use.
In addition to the root of trust measurement, encryption forms another layer of the onion skin model and it is absolutely vital for devices to have self-encrypting memory and storage abilities.
A new research report on “Trusted Computing” published by Aberdeen Group, a Harte-Hanks Company (NYSE:HHS), reveals that organisations that have deployed applications based on trusted computing infrastructure exhibit superior capabilities in security governance, risk management and compliance compared to other respondents. The term “trusted computing” refers to applications that leverage hardware-based “roots of trust” at the edge of the network and at the endpoints – sometimes referred to as “hardware anchors in a sea of untrusted software” – for higher assurance.
TPMs are a basic building block used in most other specifications, for providing an anchor of trust. They can be used for validating basic boot properties before allowing network access (TNC), or for storing platform measurements (PC Client), or for providing self-measurement to provide anchors of trust to hypervisors (Virtualization).
The four principles of cybersecurity
For optimised protection against a cybersecurity attack, organisations should aim to achieve the following four principles by building a strong Onion Skin model:
• Confidentiality: The data is seen or used only by people who are authorised to access it.
• Integrity: Any changes to the data by an unauthorised user are either blocked or detected and changes by authorised users are tracked.
• Availability: The platform must be available to authorised users when needed.
• Non-repudiation: The source of the data can be validated and verified.
Alongside these key principles, it is crucial that executives address the fact that they are responsible for driving the applications that this cybersecurity is built upon; without thorough cybersecurity education and policies, these extensive measures can be easily left irrelevant. Employees need to be made aware that they are responsible for their own data security and must take the necessary steps to ensure cybersecurity.
==================================================================
Great article!!!!
https://www.wavesys.com/
US Govt Says Iran's Cyberattacks Can Disrupt Critical Infrastructure
https://www.bleepingcomputer.com/news/security/us-govt-says-irans-cyberattacks-can-disrupt-critical-infrastructure/
==================================================================
With North Korea, China, Russia and Iran, it would appear that with these big potential problems, the use of Trusted Computing and Wave would be solutions that mitigate these problems like no other cybersecurity products. Given the potential problems from these four countries, isn't it time for Trusted Computing and Wave especially for critical infrastructure?! Using other cybersecurity products that aren't built in by design within computers has shown to not be as secure. But the TPM has to be turned on to get this strong security!! Wave with its solutions and the ability to turn on TPMs could solve a lot of problems for organizations!!! The support of Trusted Computing by the Trump Administration could save sensitive data from being stolen, data from being wiped, data from being leaked, and save lives!!!
Iranian hackers deploy new ZeroCleare data-wiping malware
https://www.zdnet.com/article/iranian-hackers-deploy-new-zerocleare-data-wiping-malware/
==================================================================
Wave Endpoint Monitor can catch customized malware unlike traditional anti-virus software. Should organizations rely on anti-virus software when their data could be wiped? Back ups provide protection, but wouldn't it be better to stop the malware at the front end before having to depend on back ups?! Wave's links to malware protection and Wave Endpoint Monitor, I believe are truly awesome descriptions of what malware protection should be and the Wave alternative is a great summary.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/malware-protection
Excerpts:
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Cyberwar with Iran: How vulnerable is America?
https://www.usatoday.com/story/tech/2020/01/03/how-much-damage-could-iran-cyber-attacks-do/2803599001/
Excerpt:
"It is known that the United States is not as cyber secure as it should be," said Adam Levin founder of the cybersecurity platform CyberScout. "We haven't made the investments that we need to make or the training that we need to. We are sitting ducks."
==================================================================
Why did the computer industry spend billions of dollars on built-in computer security (TPMs)?!! TPMs can be used in a myriad of ways and when TURNED ON they help provide better protection than software alone!! With Wave's software to turn on and manage these TPMs with their solutions, the U.S. doesn't have to be 'sitting ducks'!!! Approximately, 120 companies are behind the Trusted Computing movement (Trusted Computing Group) of which Wave was a founding member!! Here is an opportunity to protect America!! An activated TPM should be a standard in government and at least in critical industries!!!
==================================================================
https://www.wavesys.com/
When Malware Returns: Beating the Silent System Killer
https://www.infosecurity-magazine.com/opinions/malware-returns-silent-system/?utm_source=dlvr.it&utm_medium=twitter
Ransomware is the hacker “gift” that just keeps on giving, it seems. A 2017 study shows that more than half of ransomware victims got hit a second (or more) time, often with the same malware – and with ransomware attacks growing significantly since then, it's likely that many more organizations are getting hit multiple times.
It's a problem that especially affects enterprises. Half the companies in the study had 1,000 or more employees, a third had up to 10,000 employees, and 19% had more than 10,000. Enterprises are arguably in the best position to protect themselves from ransomware – they have the scale and resources to deploy the most advanced solutions – and yet they keep getting attacked – in “reruns,” to add insult to injury.
Why is that? Often it's because the companies that are attacked haven't hardened their systems sufficiently to keep hackers out altogether. While they may have remediated the weakness that enabled hackers to break through defense systems for the first attack, there are often other weaknesses that they can take advantage of for additional attacks. There are many paths into a system, and guarding all of them is a major challenge, to say the least.
Maybe there's another reason; if a hacker dispatches their malware in the form of a trojan that bides its time before attacking, it's very possible that the malware that attacked got recorded in a company backup – and when that backup is unrolled after a ransomware attack, it re-enters the system, and gives a return performance.
Is this feasible – or even possible? The answer to both those questions is - yes. With the plethora of malware that systems are subjected to daily, it’s unlikely that anti-virus software, firewalls, filters, and the like will catch everything. According to German software firm GData, a new piece of malware was released into the wild every 3.2 seconds during the first part of 2017; that's a figure that has likely grown. According to Malwarebytes, the use of trojans – malware that hides and bides its time before getting activated – has shot up in 2019.
Taking these two trends together, it's fair to say that the likelihood of malware hiding in a system and copied to a backup is rather high. When the backup is rolled out– because the working system got compromised by hackers – the same malware that brought the system down in the first place could be rolled out as well, enabling hackers to start in a “second act,” and enabling them to continue stealing data, extorting ransom, or causing losses for their victims.
The trick, then, is to ensure that malware doesn’t get into the backup - that they are “hygienic,” and are not infected with hidden security issues. To do that, organizations need to unleash the full force of anti-malware tools at their disposal.
Running these tools on the production data that gets backed up as well as on the backup themselves enables organizations to be as thorough as possible; because these are backups and not production systems, organizations can run a wide range of anti-malware tools without harming production performance.
Throughout the computer era, the mantra has been “back everything up” - or face significant losses because of missing data. Now, backups themselves could be the cause of losses. This is the kind of thing that could wreak havoc in the IT industry; if you can't trust your backup, then how can you trust the data in it, when that data may contain the seeds that will cause losses?
Too many organizations blindly rely on their backups, believing that backups are their insurance policy against a malware or ransomware attack. Indeed, a backup could, and should, provide that kind of insurance – but to ensure that the policy is active, organizations need to ensure that their backups are protected and malware-free.
==================================================================
Before the Trojan (malware) even gets to the back up, why not use Wave Endpoint Monitor to take care of the problem from the start. WEM spots that sneaky malware so this could stop the ransomware from happening in the first place!!! From post #245885 - Only Half of Malware Caught by Signature AV. Maybe Wave should charge $100 per year for Wave Endpoint Monitor since it adds tremendous value and is so great!!! (Please see the links below)
==================================================================
https://www.wavesys.com/malware-protection
Excerpts:
What is malware?
Malware is a general name for software that installs on your organization's computers and creates damage. It includes computer viruses, worms, Trojans, spyware, adware, rootkits, Advanced Persistent Threats and more. These malicious programs could be created by a tenacious adversary, or by financially motivated criminals and inserted into your organization's computers. They may lie there undetected for months or secretly do things like log your keystrokes, steal your passwords, harvest your address book, observe where you go on the Internet, report sensitive data to distant servers, or even wipe or encrypt your data. Recent high profile malware attacks on utilities and countries, even, introduced contaminated software reported to alter the working of physical devices, like uranium enrichment centrifuges, oil rig equipment and water pumps. Malware can be introduced through a web download, an email attachment or even a USB external device for networks that are not connected to the internet.
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
North Korean hackers stole 'highly sensitive information' from Microsoft users, company alleges
https://www.cnn.com/2019/12/30/tech/microsoft-hackers-lawsuit-north-korea/index.html
New York (CNN Business) — Microsoft is suing a mysterious North Korean hacking group for allegedly stealing "highly sensitive information" from computers in the United States.
A new lawsuit targets two unnamed people who Microsoft (MSFT) claims work for Thallium, which the suit describes as a "cybertheft operation" that has worked to gain access to "high-value" computer networks.
Thallium targeted government employees, think tanks, university staff and members of groups that work on issues including nuclear proliferation and human rights, the complaint states. Microsoft filed the lawsuit on December 18 and it was unsealed late last week.
It's not clear how many people Thallium may have hacked, though the complaint alleges the group "has been active since 2010, and it poses a threat today and into the future."
Microsoft is asking for companies that host website domains associated with Thallium to hand over control of the sites. It also wants compensation for damages in "an amount to be proven at trial." Microsoft did not immediately respond to a request for comment.
The complaint says the "precise identities and locations of those behind the activity are generally unknown but have been linked by many in the security community to North Korean hacking group or groups," the lawsuit states.
The complaint alleges Thallium hackers used a technique called "spearphishing," which seeks to gain passwords and other sensitive information from individual users through emails crafted specifically to look as if they're coming from a reputable Hotmail, Gmail or Yahoo account.
The emails attempt to lure users into providing login information by claiming that suspicious activity was identified on their accounts. Hackers may have used information gathered on victims' social media pages and elsewhere online to make the emails particularly convincing, according to the lawsuit. Individuals targeted by the emails may have been selected because of their affiliation with certain organizations, businesses or the government.
After obtaining login credentials, Thallium may have used it to gain access to contact lists, calendar appointments and other information stored on Microsoft users' accounts.
Hackers also used deceptive websites to trick users into believing they were on a legitimate Microsoft websites and email attachments to distribute malware. Specifically, malware identified in the complaint as "BabyShark" and "KimJongRAT" were used to "compromise systems and steal data from victim systems," the complaint says.
The suit was filed in a federal court in Virginia because Thallium uses internet domains registered in the state, according to court filings.
==================================================================
Wave could offer a package of solutions such as Wave VSC 2.0, Wave SED (Self Encrypting Drives) management and Scrambls and that is uniquely quite beneficial and could protect against attacks like these. Bad websites are going to continually crop up, and these three Wave solutions could protect companies from having their highly sensitive information stolen.
==================================================================
https://www.wavesys.com/
Happy New Year!
Ghosts in the Clouds: Inside China’s Major Corporate Hack
A Journal investigation finds the Cloud Hopper attack was much bigger than previously known
https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061
Excerpts: The hackers they learned, worked in teams. The "Tuesday team," as Mr. McConkey dubbed it, would come in one day to make sure all their stolen usernames and passwords still worked. Another group would often appear a few days later, whisking away targeted data.
The question is just what is it they're doing?" said McConkey. "They haven't disappeared. Just whatever they are doing at the minute isn't visible to us."
"I haven't seen many Chinese APT groups mocking researchers like that," said Mike McLellen a director of security research at Secureworks. He added that at times APT10 also laced their malware with phrases insulting researchers' abilities.
==================================================================
This article reveals some security lapses that Wave could solve with its solutions. Wave has had the solutions for some time, and the problems mentioned in the article have been reoccurring for years. Following the herd has left a lot of organizations facing APT10 and the result leaving them in difficult predicaments. Wave, a leader in trusted computing has successfully tested its software in well renowned organizations.
Better security at less than half the cost. The whole article is a good read, and Wave could have a big positive impact on situations like this.
==================================================================
https://www.wavesys.com/
Very Important reading below:
https://www.wavesys.com/wave-alternative
Happy New Year!
New Year’s Resolutions Federal Employees and Their Agencies Can Actually Keep
https://www.nextgov.com/ideas/2019/12/new-years-resolutions-federal-employees-and-their-agencies-can-actually-keep/162067/
Don't worry: Losing weight isn't one of them.
1. I promise to add multi-factor authentication to my networks and devices.
For individuals, adding multi-factor authentication is relatively easy for most devices. For example, if you own a modern Windows laptop, it comes with Windows Hello, which can be used as a biometric-based password. How it works is that the webcam can be trained to recognize valid users, only letting someone login after it verifies who they are. Lots of those same devices have fingerprint scanners, which can be a second verification method. And finally, the aging password can be used to add a third factor. Passwords are problematic, sure. You would not want a password to be the only gatekeeper these days. But as a third authentication factor behind two other stronger methods, it will do just fine.
For agencies, two-factor authentication has been the norm for a while now. But don’t forget that this resolution calls for multi-factor authentication, which in this case is more than two elements. For the most part, agencies have been achieving two-factor authentication by requiring users to login using both a password and some type of token, like a badge ID. That can work, but highly skilled hackers these days, especially those well-funded by nation-states, can sometimes find ways around that level of security. For example, they can launch a phishing attack against an active and already authenticated user. It’s no wonder that some agencies are thinking about moving past two-factor authentication.
Unfortunately for agencies, simply stacking up more front-end authentication methods probably won’t work. For one, it can bog down users just trying to log in and do their jobs. For another, it might not even be effective. In the above example of a user getting compromised through a phishing attack, it wouldn’t matter how many hoops they had to jump through before getting hacked.
For agencies, the solution might be continuing authentication, which is a process whereby user behavior is profiled while they work. It’s invisible to users, so it won’t get in the way but keeps the network safe even after they have logged in. This can be as simple as geofencing, ensuring that users are accessing assets from a specific office or at least from within the United States. Or it can be behavior-based. If a user who logs in to check their email every day and not much else suddenly starts downloading critical files or accessing a restricted database, there is a good chance that their identity has been hijacked.
This pairs well with zero-trust networking, whereby users are assigned the least privilege needed to do their jobs on a network. In any case, adding more protections is a fine resolution that is both achievable and sustainable.
==================================================================
If the government goes with MFA (Multi Factor Authentication) like Microsoft's Windows Hello, there will still be government Windows 7 computers presumably under ESU (Extended Security Updates) that need MFA such as Wave VSC 2.0!!! Wave VSC 2.0 works on Windows 7, 8, and 10. Wave could have many happy government customers!!
Windows 8 and 10 government computers should have the SED initialized for maximum effectiveness. Wave SED management could help organizations with that. Ransomware attackers that are attempting to leak data from the Windows 8 and 10 computers that have SEDs initialized will be foiled!!!
The links below show Wave technology solutions that could be very useful to the government and other organizations!!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Growth In Data Breaches Shows Need For Government Regulations
https://www.govexec.com/technology/2019/12/growth-data-breaches-shows-need-government-regulations/162089/
Failure of corporations to protect data means that government regulation is required to ensure corporation compliance.
Please see the above link for the rest of the article.
==================================================================
California (Post #245875) with its 'built in' IOT security should have the same 'built in' (activated) security for computers (TPMs), and would be a good combination for compliance to prevent data breaches mentioned in the above article. Wave VSC 2.0 uses this built in security, and it would be great for this potential future compliance!!! Please see previous posts for why Wave VSC 2.0 would be great for government #245878 and financial #245877 services organizations along with many other organizations!!!
Citrix Urges Firms to Harden Configurations After Flaw Report
https://www.darkreading.com/vulnerabilities---threats/citrix-urges-firms-to-harden-configurations-after-flaw-report/d/d-id/1336695
A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.
A vulnerability in two network appliances made by Citrix and used by an estimated 80,000 companies worldwide could be exploited to allow an attacker to gain access to a firm's local network from the internet, according to advisories published today.
The vulnerability (CVE-2019-19781), which affects the Citrix Application Delivery Controller and Citrix Gateway, allows an unauthenticated attacker to run arbitrary code on the appliances, according to Citrix's advisory on the issue. While few details of the vulnerability have been released, Citrix did document several mitigation steps that will protect users but has not yet released a patch.
Because it is so easy to exploit and does not require authentication, the vulnerability is the highest criticality, says Mikhail Klyuchnikov, one of the three vulnerability researchers credited with finding the issue and a Web-application security specialist with vulnerability assessment firm Positive Technologies.
"It's really easy to exploit, [and] it's very reliable," Klyuchnikov says. "[We don't] know if it is being used in the wild."
Citrix appliances are often used as gateways for application load balancing and remote access. Judging from the mitigation steps, the Citrix issue appears to affect the virtual private networking component of the appliances' software.
Of the 80,000 companies in 158 countries potentially at risk, the plurality — 38% — are based in the United States. An addition 9% are in Germany, 6% in the United Kingdom, 5% in the Netherlands, and 4% in Australia.
"Citrix applications are widely used in corporate networks," said Dmitry Serebryannikov, director of the security audit department with Positive Technologies, in a statement. "This includes their use for providing terminal access of employees to internal company applications from any device via the Internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat."
Positive Technologies reported the vulnerability to Citrix in early December, according to the firm. Citrix responded quickly with risk mitigation measures, the company said. An attack can be completed in less than a minute, and some Citrix products have been vulnerable for more than five years, Positive Technologies stated.
The appliance, many sold under the NetScaler brand, is a common way to gain remote access to networks or applications, Klyuchnikov says.
"Using Citrix NetScaler to access the internal network is common practice because this software has the ability to implement SSL VPN features," he says. "This feature, for example, can be used to access the corporate network by employees who work remotely."
In its advisory on the vulnerability, security firm Symantec recommends companies block external access at the edge of the network and use intrusion detection systems to monitor links that need to be accessible.
"If global access isn't needed, filter access to the affected computer at the network boundary," Symantec stated. "Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits."
This is not the first time Citrix has had to deal with a serious security weakness. In March, the FBI notified the company that attackers had breached its network and downloaded business documents.
With the latest security vulnerability, two other security experts — Gianlorenzo Cipparrone and Miguel Gonzalez of online betting service Paddy Power Betfair plc — are credited with the discovery of the issue.
Citrix did not respond to an e-mail requesting comment.
==================================================================
A 'Trusted computer' with Wave's help could really protect these 80,000 networks and many others as well!!! After using Wave solutions, the companies could have a great backup plan, and maybe the companies wouldn't even need the appliances!!
==================================================================
Merry Christmas and Happy Holidays!
78% of people forgot a password in the past 90 days
https://www.helpnetsecurity.com/2019/12/11/forgot-password/
Passwords are the dominant way online services manage access to our personal and work-related lives. But often times, they’re more of a headache than a security tool.
HYPR released the findings of a two and a half year Password Usage Study, which compiled data from over 500 full-time workers across the United States and Canada to better understand how individuals use, treat and manage their passwords.
According to the findings, 72% of individuals reuse passwords in their personal life while 49% of employees simply change or add a digit or character to their password when updating their company password every 90 days.
Forgot a password? Usage practices revealed
A majority of users recently require a password reset due to forgetting their password.
•78% of respondents required a password reset in their personal life within the last 90 days
•57% of respondents required a password reset in their work life within the last 90 days
A sizeable amount of users manage an overwhelming number of passwords.
•37% of respondents have over 20 passwords in their personal life
•19% of respondents have over 10 passwords in their work life
A majority of users depend on physical and digital lists to manage their passwords.
•65% of respondents use an app or keep a digital or physical list of passwords in their personal life
•58% of respondents use an app or keep a digital or physical list of passwords in their work life
“As a society, we’re so accustomed to using passwords and shared secrets that we tend to overlook just how important user experience is,” said George Avetisov, CEO of HYPR.
“As the world evolves beyond passwords, we believe that true passwordless security delivered through the enterprise will rapidly eliminate the need for users to reuse, manage, reset or even think about passwords.”
Conclusions
•People do not rely on technology that’s created to help them manage their passwords. This is due to a lack of knowledge of their existence, uncertainty of how to use them, and not trusting a third party to keep their passwords secure and not share them.
•The majority of individuals rely on their own memory that time and time again proves to fail, with constant password resets happening every time a user cannot recall a password to a service they are trying to access at any given moment.
•People still rely on traditional means of keeping important information out of memory but yet still accessible. This previously meant simple pieces of paper or notes, but have since transitioned with the digital revolution to Word docs, emails, spreadsheets, and so on.
==================================================================
The title of this article doesn't matter with Wave VSC 2.0 and Wave ERAS!!! Please see the excerpts below:
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
Merry Christmas and Happy Holidays!
Chinese hacker group caught bypassing 2FA
https://www.zdnet.com/article/chinese-hacker-group-caught-bypassing-2fa/?ftag=COS-05-10aaa0g&taid=5e00d69230ffb60001e67778&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
Chinese state-sponsored group APT20 has been busy hacking government entities and managed service providers.
Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks.
The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a report published last week.
The group's primary targets were government entities and managed service providers (MSPs). The government entities and MSPs were active in fields like aviation, healthcare, finance, insurance, energy, and even something as niche as gambling and physical locks.
Recent APT20 activity
The Fox-IT report comes to fill in a gap in the group's history. APT20's hacking goes back to 2011, but researchers lost track of the group's operations in 2016-2017, when they changed their mode of operation.
Fox-IT's report documents what the group has been doing over the past two years and how they've been doing it.
According to researchers, the hackers used web servers as the initial point of entry into a target's systems, with a particular focus on JBoss, an enterprise application platform often found in large corporate and government networks.
APT20 used vulnerabilities to gain access to these servers, install web shells, and then spread laterally through a victim's internal systems.
While on the inside, Fox-IT said the group dumped passwords and looked for administrator accounts, in order to maximize their access. A primary concern was obtaining VPN credentials, so hackers could escalate access to more secure areas of a victim's infrastructure, or use the VPN accounts as more stable backdoors.
Fox-IT said that despite what appears to be a very prodigious hacking activity over the past two years, "overall the actor has been able to stay under the radar."
They did so, researchers explain, by using legitimate tools that were already installed on hacked devices, rather than downloading their own custom-built malware, which could have been detected by local security software.
APT20 seen bypassing 2FA
But this wasn't the thing that stood out the most in all the attacks the Dutch security firm investigated. Fox-IT analysts said they found evidence the hackers connected to VPN accounts protected by 2FA.
How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.
Normally, this wouldn't be possible. To use one of these software tokens, the user would need to connect a physical (hardware) device to their computer. The device and the software token would then generate a valid 2FA code. If the device was missing, the RSA SecureID software would generate an error.
The Fox-IT team explains how hackers might have gone around this issue:
The software token is generated for a specific system, but of course this system specific value could easily be retrieved by the actor when having access to the system of the victim.
As it turns out, the actor does not actually need to go through the trouble of obtaining the victim's system specific value, because this specific value is only checked when importing the SecurID Token Seed, and has no relation to the seed used to generate actual 2-factor tokens. This means the actor can actually simply patch the check which verifies if the imported soft token was generated for this system, and does not need to bother with stealing the system specific value at all.
In short, all the actor has to do to make use of the 2 factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.
Wocao
Fox-IT said it was able to investigate APT20's attacks because they were called in by one of the hacked companies to help investigate and respond to the hacks.
More on these attacks can be found in a report named "Operation Wocao."
The Dutch company said it named the report "Wocao" after a response the Chinese hackers had after they've been detected and booted out of a victim's network.
In the screenshot below, you can view APT20 trying to connect to a (now-removed) web shell they installed on a victim's network.
The hackers try running several Windows commands. When the commands fail to execute, APT20 hackers understand they've been detected and thrown out of the network, and they type one last command in frustration -- wocao, which is the Chinese slang for "shit" or "damn."
==================================================================
This article discussing RSA SecurID reveals some of why Wave VSC 2.0 is better security at less than half the cost!!!
Wishing all the people reading a Merry Christmas and Happy Holidays!
Only Half of Malware Caught by Signature AV
https://www.darkreading.com/threat-intelligence/only-half-of-malware-caught-by-signature-av/d/d-id/1336577
Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.
For years, signature-based antivirus has caught about two-thirds of threats at the network edge — in the last quarter, that success rate has plummeted to only 50%, according to WatchGuard Technologies' latest quarterly report, published on December 11.
The network security firm found that the percentage of malware that successfully bypassed signature-based antivirus scanners at companies' network gateways has increased significantly, either by scrambling code — known as "packing" — using basic encryption techniques or by the automatic creation of code variants. In the past quarter, the share of malware using these obfuscation techniques has jumped to 50% of malicious programs detected at the edge of the network, bypassing common antivirus engines, the company found.
Dubbed "zero-day malware," these attacks demonstrate how attackers have adapted to the decades-old signature-based antivirus scanning technology, says Corey Nachreiner, chief technology officer at WatchGuard Technologies.
"The big change is that more and more malware is becoming evasive, so that signature-based protection is no longer sufficient," he says. "There is nothing wrong with having it, because it will catch 50% to two-thirds of the traffic, but you definitely need something more."
In the first quarter of 2019, the company saw signature antivirus catch 64% of malware. In the second quarter, that dropped only slightly to 62%. In 2017, antivirus firm Malwarebytes found that using two signature-based antivirus engines still only caught about 60% of threats.
While the statistic applies only to the BitDefender antivirus engine used in WatchGuard's product, Nachreiner argues that the scanner is better than average — based on VirusTotal detections — suggesting that malware is even more successful getting past other companies' products.
"The reason that we feel that we can extrapolate from a single engine is that we use VirusTotal all the time, and BitDefender is always one of the first to detect threats," he says. "We feel that extrapolation, while not exact, will be very representative, even conservatively, of the capabilities of signature-based engines."
Zero-day malware — not to be confused with zero-day exploits — need to be caught by technologies other than signature-based antivirus, he says. WatchGuard, for example, incorporate three different anti-malware services into its product, including machine learning-based pattern detection and a sandbox service to catch threats based on their execution behavior.
The rise in evasive malware is the most significant trend in WatchGuard's "Internet Threat Report: Q3 2019," but the company also saw a general rise in network attacks — those attempts that attempt to actually compromise a network — of about 8% from the previous quarter.
Attacks using SQL injection, cross-site scripting, and brute-force credential stuffing topped the list of attacks the company detected in the third quarter of 2019, but the top 10 network-based attacks also include exploits aimed at two older vulnerabilities in the Apache Struts web application framework, security issues that led to the massive breach of data-collection firm Equifax. The company missed patching key servers that were then compromised by attackers, leading to the leak of information on about 148 million Americans. The breach led to a $700 million fine and, because of his stock trading prior to public notification of the breach, the conviction of the former CIO on insider trading.
"With a 10 of 10 for severity in the National Vulnerability Database and the national attention the Equifax breach got from this vulnerability, we hope web admins have already upgraded their servers," WatchGuard stated in the report. "If you've patched, this attack won't work ... [but] vulnerable servers won't last long while connected to the Internet."
The increase in attacks on older vulnerabilities makes it even more important for companies to look to their patching processes and make sure that they are not missing any servers, Nachreiner says.
"After Equifax, you would have hoped that everyone had patched immediately, but the fact that the attackers are ramping up attacks could mean that they have seen some success," he says. "So, you need to ask, have you really patched the Apache Struts vulnerability? Check your environment to make sure that you are not vulnerable."
The WatchGuard report gathers data from users that have opted into its data-collection program, about 37,000 devices in the latest quarterly report.
=================================================================
Another interesting article with an AI-like remedy suggested, but see the description about malware by Wave below!! This article shows the need for a solution like Wave Endpoint Monitor!!! With all the virus and malware problems in the marketplace, Wave with Wave Endpoint Monitor could provide a strong layer that defends many organizations!!!
=================================================================
https://www.wavesys.com/malware-protection
Excerpts:
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Chinese Hacking Group, Quiet for Years, Resumes Global Attacks
https://finance.yahoo.com/news/chinese-hacking-group-quiet-years-060000466.html
Excerpts:
Free Rein
The hackers would place keylogger software on system administrators’ computers, which record keystrokes and can reveal passwords. The group was also able in at least one case to compromise a RSA SecurID two-factor authentication system, replicating its codes, which are designed to thwart hackers by providing an extra layer of security in addition to a password, according to Fox-IT.
RSA Security didn’t respond to a message seeking comment.
The hackers were effective at covering up their tracks, according to Fox-IT. They would routinely delete the tools they used to steal data from infected computers. But occasionally they slipped up. Fox-IT placed monitoring technology within one victim’s network and was able to gather data showing that the hackers were using a web browser that had its language set to Chinese.
==================================================================
With this article, Wave VSC 2.0 White Paper and along with other posts, it certainly seems like the obvious choice for enterprise two factor authentication is Wave VSC 2.0!!! Using an enterprise two factor authentication solution such as Wave's could be a great New Year's resolution for organizations when they go to battle the Chinese and stop breaches!!!
==================================================================
https://www.wavesys.com/
IT pros admit to frustration with firewalls
https://www.techrepublic.com/article/it-pros-admit-to-frustration-with-firewalls/?ftag=COS-05-10aaa0g&taid=5dfa461c86922500019b76f1&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard
The difficulties with firewalls range from budgeting to deployment to making rule changes, according to a new report from security segmentation firm Illumio.
Firewalls are one of the core tools that organizations use to segment and protect critical and sensitive devices, data, networks, and other business assets. But firewalls can definitely be troublesome. Hardware firewalls can be pricey. Implementation and deployment can be complicated. And making changes to firewall rules can be tricky and time-consuming.
Released on Wednesday, a new report from Illiumo illuminates how IT professionals deal with firewalls and reveals some of the challenges they face.
In an Illumio survey of more than 300 IT pros, 86% said they still use firewalls to segment their applications. Among the respondents, 66% said that the task of managing firewalls was extremely, very, or fairly challenging. Another 26% saw it as somewhat challenging. Only 8% didn't consider it a challenge.
Please see link for the rest of the article!!!!!
==================================================================
Based on the information in this article and post #245788, Wave's solutions could be more viable than firewalls!!! I believe that Wave has better solutions that continue to be overlooked hidden gems!!!
Ransomware: Cybercriminals are adding a new twist to their demands
Pay the ransom or we'll leak your data is the latest trend, warns cybersecurity company.
https://www.zdnet.com/article/ransomware-cybercriminals-are-adding-a-new-twist-to-their-demands/
Ransomware could be getting even nastier: a security firm is warning over a new trend among some ransomware attackers to not just encrypt data, but steal some of it and use it as leverage to ensure a target pays up.
In several recent cases it has been reported that the ransomware gang have not just encrypted data but also threatened to leak the data, too. Emsisoft says these attacks elevate the ransomware threat "to crisis level" and called on government organizations to immediately improve their security.
"If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked," the cybersecurity company said.
Please see the rest of the article at the above link.
==================================================================
New Orlean declares state of emergency following ransomware attack
https://techcrunch.com/2019/12/14/new-orleans-declares-state-of-emergency-following-ransomware-attack/2019/12/14/new-orleans-declares-state-of-emergency-following-ransomware-attack/
==================================================================
SEDs (Self encrypting drives) and Wave SED management could stop leaking of unencrypted data by the cybercriminals by also having the backup drives encrypted!!! Here is an opportunity for Wave to shine in the market by helping with the management of the encrypted drives and the sensitive data that is thus protected!!! Wave VSC 2.0 could also protect organizations by not allowing the bad guys (ransomware attackers) onto the network to get access to sensitive data.
==================================================================
Please see the links below for more information:
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
==================================================================
Federal council to Trump: Cyber threats pose 'existential threat' to the nation
https://thehill.com/policy/cybersecurity/473682-federal-council-to-trump-cyber-threats-pose-existential-threat-to-the
==================================================================
When an article like this is written, and cybersecurity continues down its path, it's a shame to see the consequences. Why doesn't the Trump administration strengthen the posture of the TPM and/or trusted computing in today's cybersecurity (especially for critical industries)??!! It could lead to many positive changes in cybersecurity, and keep unauthorized devices off organizations' networks!!!
=================================================================
https://www.wavesys.com/
Cybersecurity: This password-stealing hacking campaign is targeting governments around the world
https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/?ftag=COS-05-10aaa0g&taid=5df2a3afefe88c0001d5f595&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
Researchers uncover a phishing campaign attempting to steal login credentials from government departments across North America, Europe and Asia - and nobody knows who is behind it
A mysterious new phishing campaign is targeting government departments and related business services around the world in cyber attacks which aim to steal the login credentials from the victims.
In total, the phishing attacks have targeted at least 22 different potential victim organisations in countries including the United States, Canada, China, Australia, Sweden and more. All of the attacks involve emails claiming to be related to the targeted government agencies and all of them attempt to trick victims into clicking an email link which asks for their username and password.
Anyone who enters their login credentials into the spoofed government agency websites will give cyber criminals access to their account.
The campaign has been discovered and detailed by cyber security researchers at Anomali; but while it's clear a lot of work has gone into what researchers describe as a 'persistent' campaign, it's unclear who is behind the attacks or what their ultimate motivations are.It could be an effort to conduct corporate espionage.
"It could be that the adversaries are trying to gain access to potential bidders to undercut the competition or to compromise government suppliers for more long term gain," Sara Moore, cyber threat intelligence analyst at Anomali told ZDNet.
The majority of the attacks focus on government departments themselves, but a small percentage also target procurement and logistics firms related to the targets.
The country in which the largest number of these attacks have been seen is the United States with the U.S. Department of Energy, U.S. Department of Commerce, U.S. Department of Veterans Affairs among those targeted.
Those behind the attacks have been careful to create unique lures for each of their targets, using phishing emails containing a lure document purporting to be related to bidding and procurement activity of the department. In each case, the phishing email is written in the native language of the target department's country.
For example, a phishing email targeting the U.S. Department of Commerce claims to contain information related to bidding on commercial products and services, with the target encouraged to open a lure document. The document contains an embedded link which the target is encouraged to click through to – and it's this which leads to one of the phishing websites.
Like the email and document lures, the phishing website is designed to look like the real one used by the agency or company that's being targeted. These websites legitimate names, information and documents used by the target in an effort to appear more authentic and avoid suspicion by the user.
While it isn't known what sort of cyber criminal operation is behind the spoofed websites and associated phishing campaigns, the domains are being hosted in Turkey and Romania. However, although doesn't reveal who could be behind the attacks because the attackers could set up phishing sites from any county in the world – and could use any country to host the domains. During Anomali's investigation, a total of 62 domains and 122 phishing websites were uncovered.
Researchers have notified the relevant CERTs (Computer Emergency Response Teams), informing them about the attacks – although it's currently unknown if the attackers have managed to make away with any stolen credentials.
However, there a things which organisations in all sectors can do in an effort to protect themselves from this campaign or any other phishing attack.
"Organisations should make sure they have access to threat intelligence and research that provides details about the existence of these types of attacks. They should have the ability to integrate intelligence and research into their security infrastructures to enable detection, blocking, and response," said Moore.
"Security awareness training that teaches employees how to spot and report suspicious phishing email is also crucial," she added.
The full list of known targets as well as the Indicators of Compromise are detailed in the Anomali research paper about the campaign.
==================================================================
Given the article above, Wave VSC 2.0 could be a bright spot for governments around two factor authentication!!! Better security at less than half the cost!!!
==================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
Government Security News Singles out Wave’s Virtual Smart Card Solution for Homeland Security Award
https://www.wavesys.com/buzz/pr/government-security-news-singles-out-wave%E2%80%99s-virtual-smart-card-solution-homeland-security-aw
Lee, MA -
November 15, 2013 -
Wave Systems Corp. (NASDAQ:WAVX)’s Virtual Smart Card offering has been named winner of the Government Security News’ (GSN) Homeland Security Award competition in the “Best Smart Card Solution” category. This is the second consecutive year that Wave has won this award.
“We’re honored to be recognized by Government Security News as the only vendor offering a complete virtual smart card solution for today’s enterprise – and, importantly, one that is compatible with Windows 7, 8 and 8.1,” said Bill Solms, CEO of Wave Systems. “We see virtual smart cards as a disruptive technology in the user authentication market, offering a more secure and cost effective alternative over more mature technologies.”
Virtual smart cards emulate the functionality of traditional smart cards, but offer added security and cost benefits. Businesses do not incur added material or operational costs (such as the purchase and shipping of external physical smartcards and smart card readers) because virtual smart cards are built into the device itself. Because of an embedded security chip called a Trusted Platform Module (TPM), which is standard equipment on business PCs, virtual smart cards cannot be lost or stolen. Additionally, enterprises gain the added security afforded by hardware-based security, ensuring that only known devices and known users are allowed access to corporate resources. Convenience is another benefit – employees never have to type domain credentials into their devices, improving user experience and reducing the time IT spends resetting forgotten passwords, while offering protection against credential theft.
“We judged an outstanding group of entries this year,” said Adrian Courtenay, Managing Partner, Government Security News. “We’re proud to announce that this year’s winners will be showcased in a digital edition of Government Security News, which will reach more than 40,000 subscribers – a well-deserved honor for Wave Systems and all of this year’s award recipients.”
Sponsors for GSN’s 2012 homeland security awards program included BRS Labs, Cardinal Point Strategies, Objectivity, Vanguard Integrity Professionals and Wave. For a complete list of finalists and pre-emptive winners, visit: www.gsnmagazine.com.
RSA® and Yubico Partner to Address Growing Digital Risks of the Modern Workforce with Enterprise-Grade FIDO Authentication Solution
https://finance.yahoo.com/news/rsa-yubico-partner-address-growing-140000161.html
New FIDO2-enabled "YubiKey for RSA SecurID® Access" to deliver secure and convenient authentication and identity assurance for diverse user populations
RSA (@RSAsecurity), a global cybersecurity leader delivering Business-Driven Security™ solutions to help organizations manage digital risk, will extend its enterprise offering of modern authentication and identity assurance through a strategic partnership and joint solution with Yubico. The solution, YubiKey for RSA SecurID® Access, combines a FIDO2-enabled hardware device by Yubico with the benefits of enterprise-grade security, risk-based authentication and simplified credential lifecycle management delivered by RSA SecurID Access.
In today’s dynamic workforce, users expect a frictionless experience, regardless of where they are or what applications they are accessing. At the same time, organizations want to reduce the risk of security breaches, secure critical assets and minimize the costs associated with credential lifecycle management. Stolen identity is a critical security issue, and often the weakest link in security postures. In fact, 80 percent of breaches involve compromised and weak credentials1 and last year security breaches cost companies an average of $3.86 million per breach2.
"Our partnership with RSA demonstrates a shared commitment to protect millions of users from security breaches," said Jerrod Chong, Chief Solutions Officer, Yubico. "This collaborative effort combines RSA’s long-standing expertise in identity and access management, with Yubico’s proven leadership in standards and innovation, to bring forward a unified FIDO-based hardware authentication solution for enterprises, their partners and their customers."
As organizations continue to pursue digital transformation initiatives, identity management has become increasingly complex. Continuing leadership in authentication and identity assurance, the strategic partnership will add to the broad range of authentication methods offered in the RSA SecurID Access Suite. RSA and Yubico will address a variety of workforce use cases with a simple login experience enabled by the YubiKey for RSA SecurID Access and backed by the enterprise-grade security of RSA SecurID Access. The YubiKey complements the existing range of authentication methods of RSA SecurID Access including push notification, one-time password, SMS and biometrics to enable the broadest support for diverse user populations and use cases. FIDO authentication is uniquely suited for use cases like passwordless logon to PCs and laptops and mobile-restricted environments (e.g., call centers). The joint solution will also provide identity insights, threat intelligence, and business context for user access, devices, applications and behavior to provide businesses with the confidence that users are who they say they are.
"With ongoing support for FIDO, RSA continues to deliver modern authentication solutions and identity assurance to help enterprises meet business needs, provide a range of authentication options for users and protect their most valuable assets," said Jim Ducharme, VP of Identity and Fraud & Risk Intelligence Products, RSA. "Now, we’re enabling our customers to combine the robust, enterprise-grade identity assurance of RSA SecurID Access with YubiKey hardware devices, for secure and convenient authentication. The strategic partnership extends our support for FIDO in RSA SecurID Access allowing integration with applications from ground to cloud to address the evolving threats and challenges in today’s dynamic workforce."
Today, RSA SecurID Access provides the backend software and services required for a full range of authentication options like the YubiKey for RSA SecurID Access to be successfully deployed, managed and used across an enterprise environment. RSA SecurID Access bridges islands of identity, and with one of the strongest partner ecosystems in the industry (RSA Ready), RSA SecurID Access provides a unified platform for secure enrollment, access control, policy enforcement and lifecycle management across all of an enterprise’s applications from data center, endpoint and network perimeter to the cloud. For customers, this enables features like secure (multi-factor) enrollment, self-service, emergency access, and a single FIDO registration across all enterprise applications. It also provides broader compatibility and a consistent user experience for YubiKeys within the enterprise.
=================================================================
The 'worthwhile' cyber insurance products should have Wave VSC 2.0 as part of the 17 products replacing RSA Securid. With Wave VSC 2.0, there aren't double the keys to lose. Better security at even less than half the cost (vs. Yubikey and Securid costs combined). The article below sums up why Wave VSC 2.0 should be a leader in enterprise 2FA!!!
=================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Bypass discovered to allow Windows 7 Extended Security Updates on all systems
https://www.zdnet.com/article/bypass-discovered-to-allow-windows-7-extended-security-updates-on-all-systems/?ftag=COS-05-10aaa0g&taid=5dee5023ee0d2300017cbc8e&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
Windows hobbyists discover a way to enable (paid) Windows 7 Extended Security Updates on all systems.
The community of My Digital Life, an online tech support forum, has found a way to bypass Microsoft's restrictions and allow the installation of Windows 7 Extended Security Updates on all systems, and not just those who paid Microsoft's fee.
The official Windows 7 end-of-support date is January 14, 2020, just a few weeks away.
The Windows 7 Extended Security Updates (ESU) is a paid Microsoft service that will deliver security updates to businesses that are still running Windows 7 computers, past this deadline and until 2023, but for a substantial fee.
ESU updates cost between $25 to $200 per workstation, depending on the Windows 7 version a company is running (Enterprise or Pro) and the amount of time they'll need the updates.
But not everybody is eligible for ESU. Only companies with volume-licensing agreements and small-and-midsize businesses (SMBs) can sign up for an ESU license.
BypassESU tool
Last month, Microsoft released a test Windows 7 ESU update (KB4528069) so administrators can verify if their systems are compatible with the upcoming ESU process.
When users install this update, they also need to provide an ESU license key, which will authorize future ESU updates for the respective system.
Similar to how modders have bypassed Windows OS installation key checks for the past decades, the community at My Digital Life created a tool that circumvents the ESU key check operation and enables the installation of the test ESU.
As the crew at Deskmdoder pointed out over the weekend, Microsoft is very likely to change this check to account for the new BypassESU tool.
However, it is also worth mentioning that Microsoft was never able to fully secure its Windows license key system in the past. Windows license key cracks have always existed, allowing for the installation of pirated Windows versions.
=================================================================
What if Microsoft required an activated TPM to get the Windows 7 Extended Security Update? Someone would have to manage the TPMs, and Microsoft would have a way of stopping users from getting free Windows 7 Extended Security Updates!! California IOT Law in the previous post should help with activated TPMs!!
==================================================================
https://www.wavesys.com/
California's IoT Security Law: Why It Matters And The Meaning Of 'Reasonable Cybersecurity'
https://www.forbes.com/sites/forbestechcouncil/2019/11/20/californias-iot-security-law-why-it-matters-and-the-meaning-of-reasonable-cybersecurity/#67fcf4071e2d
==================================================================
Given this law goes into effect January 1, 2020, the computer devices with inactivated TPMs should be activated to have control over hardware assets (CIS Cybersecurity Control #1) and essentially keep unauthorized devices off the network. Wave ERAS can activate these TPMs and have California organizations in compliance. Please see article above for more information, and why activated TPMs should become an even more important part of better cybersecurity!!! If IOT security is becoming law in California, shouldn't activated TPMs as well?!
==================================================================
https://www.wavesys.com/
'Evil Corp': Feds charge Russians in massive $100 million bank hacking scheme
https://www.cnbc.com/2019/12/05/russian-malware-hackers-charged-in-massive-100-million-bank-scheme.html
The U.S. Justice and Treasury departments took action Thursday against a Russian hacking group known as "Evil Corp.," which stole "at least" $100 million from banks using malicious software that swiped banking credentials, according to a joint press release.
"Evil Corp." is a name reminiscent of the nickname for the key malevolent corporation in the popular television drama "Mr. Robot."
In all, the action targets 17 individuals associated with the organization, including Evil Corp.'s leader, Maksim Yakubets. The State Department has offered a $5 million reward for information on Yakubets.
The U.S. Justice and Treasury departments took action Thursday against a Russian hacking group known as "Evil Corp.," which stole "at least" $100 million from banks using malicious software that swiped banking credentials, according to a joint press release.
"Evil Corp.," a name reminiscent of the nickname for the key malevolent corporation in the popular television drama "Mr. Robot," is "run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other," according to a Treasury Department press release.
The criminal group used a type of malware known as "Dridex," which worked to evade common anti-virus software and spread through emailed phishing campaigns. Once infected, the malware was able to steal login credentials and empty the accounts of bank employees and bank customers, forwarding the proceeds to offshore accounts held by Evil Corp., according to the press release. The group also stole an estimated $70 million using a similar malware known as "Zeus."
The federal agencies say Evil Corp.'s criminal proceeds likely are "significantly higher" than the estimated $100 million stolen, making the enterprise one of the biggest hacking groups ever, according to the release.
The Justice Department announced indictments against key ringleaders of the group, while the Treasury Department announced sanctions against Evil Corp. under the department's Office of Foreign Assets Control (OFAC).
"Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world's most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group," said Steven Mnuchin, secretary of the Treasury, in a statement. "OFAC's action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the 'money mule' network used to transfer stolen funds, and ultimately to protect our citizens from the group's criminal activities."
The group targeted major corporations in addition to bank accounts using a variety of methods. Penneco Oil allegedly lost millions of dollars to Evil Corp., which were then transferred to a bank in Minsk, Belarus. The group also took aim at, apparently unsuccessfully, the Sharon City School District in western Pennsylvania, among other targets outside the financial services sector.
In all, the action targets 17 individuals associated with the organization, including Evil Corp.'s leader, Maksim Yakubets. The State Department has offered a $5 million reward for information on Yakubets.
In addition to his alleged cybercriminal activities, Yakubets, "also provides direct assistance to the Russian government's malicious cyber efforts, highlighting the Russian government's enlistment of cybercriminals for its own malicious purposes," according to the Treasury Department.
OFAC, Treasury and the Justice Department have been focused on taking action to spotlight the Russian government's persistent use of known criminals in state-sponsored activity, which they have said blurs the lines between whether the activity is the work of strictly a criminal enterprise or of Russian President Vladimir Putin's government itself.
However, it is rare for the U.S. government to successfully extradite alleged criminals it has indicted from Russia, where most of those named in Thursday's action currently reside. Two Ukrainian co-conspirators named in the indictments, Yuriy Konovaleko and Yevhen Kulibaba, were extradited from the U.K. and pleaded guilty to conspiracy and racketeering charges in 2015. Both have already completed their sentences.
In addition to Yakubets, the actions name Denis Gusev "a senior member of Evil Corp," who serves as the director of several other businesses based in Russia, including Biznes-Stolitsa, Optima, Treid-Invest, TSAO, Vertikal and Yunikom, which are involved in several different industries, among them trade, wholesale goods and forestry. The companies are also subject to OFAC sanctions, according to Treasury.
"Evil Corp relies upon a cadre of core individuals to carry out critical logistical, technical, and financial functions such as managing the Dridex malware, supervising the operators seeking to target new victims, and laundering the proceeds derived from the group's activities." Some of the other members cited for allegedly "providing material assistance" in this way, according to Treasury, are Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy and Kirill Slobodskoy.
==================================================================
With laptop and desktop antivirus usage between 80 and 90% even a couple of years ago, there was still $100 million emptied out of bank accounts as outlined in the article above. If these individuals were using Wave Endpoint Monitor to battle this malware, these individuals could still have their money and have an excellent deterrent to sneaky malware!!!
Another strong defense against a group like 'Evil Corp' would be for users to have Wave 'Knowd', which is currently on hiatus, to keep attackers from effectively using phished credentials to empty individuals' bank accounts. Wave could be having a major positive impact on cybersecurity for organizations and users by them using Wave Endpoint Monitor and/or Wave 'Knowd'!!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-endpoint-monitor
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
‘Highly Competitive’ Buer Loader Emerges in Underground Markets
https://threatpost.com/buer-loader-underground-markets/150807/
A previously undocumented loader has been discovered in several recent malware campaigns and being sold on underground markets.
A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution.
Researchers say they have spotted the loader being actively sold in prominent underground marketplaces since August 2019. Consequently, Buer has made an appearance in several malicious email campaigns and via exploit kits, to then download various strains of malware – from the TrickBot banking trojan to the KPOT information stealer.
“The new loader has robust geotargeting, system profiling and anti-analysis features and is currently being marketed on underground forums with value-added setup services,” said researchers with Proofpoint on Wednesday.
Buer in the Wild
Researchers first came across Buer in the wild in a slew of malicious August email messages, purporting to be replies to earlier legitimate email messages. The emails contained Microsoft Word attachments that used macros to download a next-stage payload.
Upon further analysis, researchers found the naming convention for this payload (verinstere222.xls or verinstere33.exe), was frequently associated with the Dreambot variant of Ursnif. However, they were surprised to find that the payload instead droppe Buer, an undocumented loader not previously observed in the wild.
“In the following weeks over September and October, Proofpoint researchers and other members of the infosec community observed several campaigns from the same actor dropping either the Dreambot variant of Ursnif or this new loader,” they said.
For instance, later in October researchers observed the loader being distribute via the Fallout exploit kit (EK), as part of a malvertising campaign in Australia. Once downloaded as part of this campaign, Buer then drop several second-stage malware payloads including KPOT stealer, Amadey malware and the Smoke Loader malware.
And, at the end of October, Buer was seen being spread via malicious email messages with subject lines such as “Penalty Notice # PKJWVBP” containing Microsoft Word attachments. These attachments contained macros that, if enabled, would execute Ostap, which would then download Buer. Buer would then in turn load TrickBot, a popular banking trojan, from its command-and-control (C2) server.
Technical Deep-Dive
Buer’s prevalence in multiple campaigns led researchers to conclude it was being sold in an underground marketplace to multiple actors. This was confirmed when they discovered an advertisement from August 16 on an underground forum describing a loader named “Buer” that matched the functionality of the malware. The advertisement described Buer’s simple and easy setup services which make it a lucrative buy for cybercriminals.
“We retrieved text from a bulletin-board posting by the author, in Russian, requesting a payment of $400 for the malware, and offering their services to set up the software for prospective customers in order to get it up and running,” researchers said. “The author also notes that updates and bug fixes are free of charge, but there is a $25 surcharge for ‘rebuilding to new addresses.'”
The advertisement also gave researchers an idea of some of Buer’s features and a description of its control panel, from which payloads and arbitrary commands can be executed.
The downloader is written in C, while its control panel is written in .NET core, a free and open-source software framework for Windows, Linux and macOS operating systems.
Researchers said that this programming enables the ability to easily install the control panel on Linux servers: “Built-in support for Docker containers will further facilitate its proliferation on rented hosts used for malicious purposes, and potentially, compromised hosts as well. The latter capability is included in its advertised features and release notes.”
Once downloaded, and before executing additional payloads, Buer has anti-analysis capabilities to avoid detection by researchers, which allow it to check for debuggers (programs used to test and debug other programs) and virtual machines. The loader also checks the locale of the system to make sure that the malware is not running in specific countries.
“This malware specifically checks for most CIS countries, including Russia,” Chris Dawson, threat intelligence lead at Proofpoint, told Threatpost. “This is relatively common for Russian-speaking actors operating in CIS countries or selling malware to actors in those countries.”
Finally, the loader achieves persistence by configuring a Registry RunOnce entry after download, researchers said. These are keys that cause programs to run each time that a user logs on (or be scheduled); so, the registry entry would either execute the malware directly or schedule a task to execute it.
Researchers warn that going forward, Buer’s author is constantly changing the loader, making it a fast-developing threat ripe for future use.
“The Russian-speaking author(s) is actively developing the downloader with sophisticated control panels and a rich feature set, making the malware competitive in underground markets,” they said.
==================================================================
Wave Endpoint Monitor, a whitelisting anti-malware solution, appears to be well designed to tackle this custom malware which could be missed by many blacklisting anti-virus software!!!
==================================================================
Wave has a unique set of cybersecurity solutions that could be saving organizations a lot of stress and money!!! Please see Wave Endpoint Monitor below, and the excellent information on Wave's website!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/wave-alternative
TCG and IETF further cement interoperability in attestation with long-term partnership
https://securityboulevard.com/2019/12/tcg-and-ietf-further-cement-interoperability-in-attestation-with-long-term-partnership/
Beaverton, OR, USA, December 2, 2019 – Pioneering work to guarantee more accountability and ownership in the Internet of Things (IoT) era is underway, as Trusted Computing Group (TCG) and the Internet Engineering Task Force (IETF) work to standardize the format for structuring attestation in connected devices.
Through their ongoing work on the definition and architecture of how attestation works, TCG and the IETF are enabling higher levels of security within the operating systems of mobile devices and tablets. Working together, the two global standards organizations are defining a structure for the assurances that are input into application codes and setting specific rules so that they can be interpreted and ran interchangeably and interoperably – regardless of the type of operating system.
This is to address challenges within the current infrastructure which was built with a premium on openness and interoperability. While this has paid huge dividends in terms of creativity and innovation, the same openness is problematic for security with evidence showing that the access control model of some operating systems is inadequate against many types of attacks – particularly in the hands of inexpert users. With the new standards being developed by TCG and IETF, device manufacturers can build up from a Trusted Platform Module (TPM) and chain attestation all the way from the hardware root of trust to an application – completely changing the model as to how security works.
“Endpoint security is at a point of evolution. Control assessment capabilities coupled with the assertions on the state of installed software provide a way to shift security control management and posture assessment to the solution source,” said Kathleen Moriarty, Chair of the IETF’s Remote ATtestation procedureS (RATS) Work Group. “With customer resource constraints, vendors are working together on solutions across standards bodies to provide a root of trust and methods to securely update firmware and software in order to deliver intrinsic control assessment capabilities and chained attestations on software modules.”
In a tightly managed operating system, the applications that are available to download entail specific attestation that has been approved by the device manufacturer. The device then checks the digital signature and makes sure everything is correct before it installs the code – increasing the levels of assurance and ownership and giving consumers the trust in terms of who the application is from and the code validation that has been carried out on it.
When an operating system has ties to the application and is not tightly managed, catastrophic consequences can occur as the applications have the ability to get down to the main operating system level where it is open to exploitation and numerous security problems.
In order to ensure the highest levels of security, whether the device contains a tightly managed operating system or not, device manufacturers need to consider the attestation in their connected devices. With the introduction of one set of standards, the industry is able to guarantee higher levels of assurance and ownership and ensure that there is more accountability when a problem occurs – putting onus on the owner who signed the application code. Since the application is responsible to sign the code, the manufacturer is providing an assurance that they believe that the code is secure, if a vulnerability is then found, they are ultimately responsible for removing the issue and updating or patching the application.
“Following years of developing standards separately, we realized that there was an overlap with attestation and in reality TCG and IETF were working together due to cross membership, with a number of individuals in TCG actively working in the IETF as well,” said Joerg Borchert, President and Chairman of TCG. “Since then, TCG and the IETF have built upon key endpoint standards and streamlined the work, driving forward its success and increasing momentum for full-scale adoption.”
Vendors worldwide, both members of TCG and participants in the IETF, have been collaborating on the development of attestation standards and technologies to ensure the capability with a variety of use cases.
“There will always be new claims to define and new use cases that emerge,” concluded Moriarty. “By setting the formats and protocols now, interlocking the efforts between TCG and the IETF, we aim to make it intrinsic and flexible to meet any use case, allowing for the creation of very specific extensions and thus possible for wider adoption to be achievable.”
Moriarty recently highlighted the developments of the partnership between TCG and the IETF at the TCG October Annual Members Meeting in Toronto, Ontario, Canada. In her keynote presentation entitled ‘RATS! Navigating the Maze of Assessment Standards,’ Moriarty emphasized the relationship between standards in development including the interlocking efforts underway between TCG and the IETF.
==================================================================
Interesting article - Wave can manage these TPMs with the other TPMs in a corporate computer fleet. Increasing the usage of TPMs as in this article could help re-launch Wave from obscurity to a renowned company!!!
==================================================================
https://www.wavesys.com/
The overlooked part of an infosec strategy: Cyber insurance underwriting
https://www.helpnetsecurity.com/2019/11/26/cyber-insurance-underwriting/
When a data breach or cyber attack hits the headlines one of the last things businesses are likely to consider is how cyber insurance could helped. Outside of a general awareness that cyber insurance is an easy to purchase , some companies struggle to effectively manage their processes and , security to ensure they qualify for the protection that is just as important to keeping their business operating and with a strong reputation.
According to an October 2019 commissioned Forrester survey, nearly half of the 350+ SMBs surveyed had a cyber attack in the last year. The survey also revealed that 63% of respondents expect to fall victim to a cyber attack in the next year along with 70% that said a cyber attack would seriously cripple their business.
As one of the world’s leading insurers, we were one of the early pioneers in offering cyber insurance to businesses of diverse sizes internationally. Through a partnership with cloud insurance platform provider Slice Labs we became one of the first insurers in the U.S. to offer, on-demand cyber insurance specifically built for SMBs who typically do not have the financial, staff, or time resources of a large enterprise to protect themselves from threats.
In order to strengthen the case for underwriting of SMBs and large enterprises, we would like to provide some insights into how cyber insurance underwriting works, common vulnerabilities that we see when underwriting and protecting companies, and tips for preparing for the application process.
The underworking of the cyber insurance underwriting process
On average we provide between $500K – $1M in limits for cyber insurance coverage for SMBs. In order for a business to secure this coverage we evaluate potential risk by leveraging data and analytics to provide a forensics-level report on current and predictive risk. Our focus is to have an outside-in perspective to build a comprehensive predictive model that not only evaluates the business, but also benchmarks the company against the industry and its peer group.
By having a prediction of potential vulnerabilities, we are able to reduce risk to the client and our cyber insurance underwriting operations. There have been occasions where the assessment has resulted in our business being unable to underwrite a client. The main reasons for this are due to companies being unwilling to enhance their security protocols or unaware of that
For those that we have not underwritten we find the most common vulnerabilities relate to human error leading to phishing attacks, and not having an incident response plan.
Vulnerabilities businesses need to be aware of when moving to the cloud
While no business will likely argue about the overall business benefits of migrating to the cloud, as we’ve seen from the headlines this doesn’t make a business immune to threat. For those that are in process of moving to the cloud they should be sure to maintain on-premises redundancies in the event the cloud has an outage or a security breach.
Companies also need to be aware contractually that their cloud vendor may not indemnify them for a data breach or exposure of data. Also, the cloud vendor may be relying on other 3rd party vendors to ensure their services are up and running. This means cloud vendors are not immune to physical or digital risks that could impacted by the supply chain.
While there are vulnerabilities to using the cloud, our on-demand cyber insurance is hosted in the cloud and it has allowed us to be more efficient and intelligent when providing coverage and ongoing security health monitoring for our clients. However, this doesn’t mean businesses should put their guard down with weak protocols after they secure coverage or when they purchase a cloud technology product.
What can businesses do to fix vulnerabilities before applying for cyber insurance?
The first major area businesses need to shore up is their employee training. The greatest technology and insurance cannot protect against businesses that neglect to continuously train their employees on how to protect company and customer information.
Businesses should also ensure their antivirus programs haven’t been exposed to vulnerabilities along with ensuring that they are updated. Customer trust is something that cannot be won back after it is gone. We recommend companies only maintain PII for as minimal time as necessary.
Lastly, businesses, and especially SMBs need to have proper security controls in place for employees remotely accessing their on-premises networks and assets in the cloud.
==================================================================
AXA shapes cyber insurance policy. If AXA did very successful testing of Wave VSC 2.0, shouldn't Wave be having rapid success with the solutions with many more companies?! The existing 2FA enterprise solutions (ie. RSA Securid) have seen 6,500+ breaches over the last year!! With RSA potentially up for sale, there are 30,000 organizations needing a better solution with one company that is 'better security at less than half the cost'!!! This 2FA market could be better served by using Wave VSC 2.0!!!
==================================================================
BETTER SECURITY AT LESS THAN HALF THE COST!!
https://www.wavesys.com/
New Chrome Password Stealer Sends Stolen Data to a MongoDB Database
https://www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/
==================================================================
Below is a cool and secure way of protecting credentials and definitely worth a second look!!!
https://www.wavesys.com/virtual-smart-card-2.0-from-wave
In the above article Wave Endpoint Monitor could also be a big help as well!
https://www.wavesys.com/products/wave-endpoint-monitor
Dell to Explore Sale of RSA Cybersecurity Unit
https://www.bloomberg.com/news/articles/2019-11-25/dell-is-said-to-explore-sale-of-rsa-cybersecurity-unit
Microsoft to apply California's privacy law for all US users
https://www.zdnet.com/article/microsoft-to-apply-californias-privacy-law-for-all-us-users/
Microsoft's chief privacy officer promises to apply the CCPA to all US users, not just Californians.
In a surprising announcement, Microsoft said in a blog post today that it would apply California's upcoming strict privacy legislation to all its US users, and not just Californians.
The California Consumer Privacy Act, or CCPA, is currently set to go into effect on January 1, 2020. The upcoming law is considered one of the most restrictive privacy legislations in the world world.
Under the CCPA, companies must be transparent about the type of data they collect from users and how they use it. In addition, companies must also provide users with the option to prevent their personal information from being sold.
As you can imagine, the CCPA didn't go well with all the California-based tech companies, most of which get a large part of their yearly revenue from selling customer data to advertisers.
Ever since it was announced, the CCPA came under heavy fire from companies and lobby groups alike. Most efforts focused on delaying the law as much as possible and asking Congress to pass a federal, US-wide, legislation instead, to supersede the much stricter CCPA.
However, California officials ignored all pressure and opted to go through with enforcing the CCPA starting next year.
"We are strong supporters of California's new law and the expansion of privacy protections in the United States that it represents," said today Julie Brill, Microsoft's chief privacy officer.
"Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual. This is why, in 2018, we were the first company to voluntarily extend the core data privacy rights included in the European Union's General Data Protection Regulation (GDPR) to customers around the world, not just to those in the EU who are covered by the regulation," she added.
"Similarly, we will extend CCPA's core rights for people to control their data to all our customers in the U.S."
If Microsoft actually enforces the CCPA as it's supposed to be enforced remains to be seen. Even if Microsoft applied the GDPR legislation to all of its users across the globe, that doesn't mean the company is doing a good job about it. Currently, the company is under investigation in the EU for skirting some of the GDPR terms for its cloud services.
=================================================================
With organizations soon to be under CCPA and Microsoft and others following, Wave's solutions (Wave VSC 2.0 and Wave SED management) could help these organizations protect every individual's data!!! CCPA goes into effect Jan. 1st, 2020 so Wave would be able to help a lot of organizations. These excellent solutions have already been successfully used in well renowned organizations!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Why are cyber insurers incentivizing clients to invest in specific vendors?
https://www.cyberscoop.com/cyber-insurance-marsh-cyber-catalyst-forrester/
==================================================================
RSA Securid is one of 17 products on the cyber insurance 'worthwhile products'. There are constant headlines of unauthorized access to companies' networks and then the fallout from that. If RSA Securid is providing good protection from these hacks, why are there 6,500 breaches in the last year? Wave VSC 2.0 could have stopped MANY of this unauthorized access (breaches) from happening!!! Shouldn't this be the 2FA solution that the insurance companies are recommending!! Wave VSC 2.0 would be better for the bottom line!!!
==================================================================
https://www.wavesys.com/
The Cold Truth about Cyber Insurance
https://www.darkreading.com/risk/the-cold-truth-about-cyber-insurance/a/d-id/1336234
There is no premium that will recover the millions of dollars your company spends on R&D if your intellectual property is hacked and stolen.
Cyber insurance policies are designed to cover the costs of security incidents and breaches such as system forensics, data recovery, and legal and customer reparations costs. Typical incident types that are covered include invoice fraud, cryptolocker recovery, and insider threats. While cyber insurance has its place in a holistic approach to security, its place is misunderstood.
To start, it is imperative that organizations understand their critical digital assets and risks since the planful adoption of a cyber insurance policy is vitally important for managing premium costs and ensuring appropriate coverage. But cyber insurance is a post-fail risk offset and it should never replace a proper security program. When businesses overinvest in cyber insurance and underinvest in security controls, they are showing that they expect to be breached and have their insurers solve the problem, even though they won't. Yes, it is true that the frequency at which data breaches are reported is astounding, and hefty fines under data privacy laws are being issued more frequently. But the better approach for organizations is to pursue a proactive security strategy that is properly balanced with cyber insurance.
Cyber insurance is a relatively new and rapidly growing industry that did not really start catching on until 2005. A recent report by Adroit Market Research claims that the cyber insurance market will exponentially increase from approximately $4 billion in premiums around the globe in 2019 to a value of over $23 billion by 2025. Fueling this prediction is companies' reaction to recently enacted data privacy regulations around the world, such as the European Union's General Data Protection Regulation (GDPR) in May 2018.
Organizations legitimately fear the hefty fines and costs of reparations that suffering a breach can cause, such as the penalties levied upon British Airways and Marriott, and look to their insurers for plans that can help offset the costs associated with breach notifications and other recovery expenses. Yet, overreliance on cyber insurance without investing in proper controls shows that an organization is prepared to suffer a data breach and not effectively defend against it. While insurers can offset some costs, they cannot repair a company's reputation after a security incident or regain lost intellectual property (IP). The unfortunate truth is that if a company spends millions on research and development (R&D) and that IP is stolen, there is no premium that can recover the costs of that investment.
The Cloud
Another factor contributing to the popularity of cyber insurance is the rapid adoption of the cloud. But too often, businesses use cyber insurance as a security blanket to cover their cloud migration and configuration mistakes, as opposed to developing a proactive security program that benchmarks and continuously tests the efficacy of its controls.
Organizations must also understand that cyber insurance providers are for-profit businesses that do not want to pay premiums for breaches that could have been avoided with a proper security program. Similar to how the long-term care insurance industry will deny coverage to applicants that fail a health assessment, it would not be surprising if insurers become more restrictive about claims and even deny coverage to companies that lack the proper controls. For example, an insurer may choose to not pay or reduce the amount paid on a premium for a business that suffers an email compromise attack that could have been mitigated by multifactor authentication (MFA).
The FUD Factor
In today's constantly changing data privacy climate, there is no shortage of fear, uncertainty, and doubt surrounding insurers policies and claims classifications. One of the most famous examples of this involved Sony cyber insurer (Zurich American Insurance Co.)'s refusal to compensate the multinational conglomerate for an estimated $2 billion in losses from a 2011 data breach of 77 million users' personally identifiable information. Even after Sony brought Zurich to court, Zurich let Sony know that its policy did not cover any third-party hacking incidents.
At the end of the day, cyber insurance cannot and should not be seen as a replacement for a properly developed cybersecurity program. Cyber insurance can help offset post-fail costs, but it will not cover the costs of losing IP and it will give no comfort if a security program is not properly designed. Not only will an effective security strategy help a business obtain cyber insurance in the first place, but choosing to test the efficacy of the controls will help organizations identify flaws before an attacker can find them. This method will also allow companies to improve the return on investment of their cybersecurity budgets by identifying and getting rid of overlapping controls while demonstrating to all stakeholders that they actually take security seriously.
==================================================================
Wave's solutions could protect against IP theft that is mentioned in this article which cyber insurance doesn't cover!! Please see the important excerpts below.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Kamerka OSINT tool shows your country's internet-connected critical infrastructure
https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/
Kamerka lets you see what a hacker sees. It plots maps with SCADA equipment, webcams, and printers that have been left exposed on the internet inside any given country.
A Polish security researcher has created an open-source intelligence (OSINT) gathering tool that indexes information about sensitive internet-connected devices and plots their approximate location on a map.
The researcher says he created the tool as a way to allow organizations to scan their networks and identify vulnerable equipment, but the tool also has its dark side, as it can be used by attackers to target organizations with less effort than ever before.
Kamerka
Named Kamerka ("camera" in Polish), the tool was released last year. The tool works on user-provided search queries. Kamerka takes these queries and uses search engines like Shodan and BinaryEdge to search for common brands of a particular device, and plot results on a Google Map.
While in its initial version Kamerka scanned only for security cameras -- hence the Kamerka name -- the tool has received several updates in the past year. Current versions can scan and identify:
•Internet-connected security cameras
•Internet-connected printers
•Internet-connected ICS/SCADA industrial equipment
•Systems and sensors that work on top of the MQTT protocol
•Devices that broadcast an RTSP-based live video stream
•Tweets, Instagram posts, and Flicker images that contain geolocation details
Kamerka gathers this information, collects it in an Elasticsearch database, and then plots it on a Google Map. For each device plotted on the map, users can click and see a tooltip with exposed ports and various other metadata.
Until this week, you could only run Kamerka searches via a shoddy Python command-line script that was hard to use.
But the tool's creator, a researcher going by the name of Wojciech, told ZDNet that the tool will receive a fully-functional web-based dashboard. The new web dashboard, scheduled for release later this week, will make installing and searching for devices with Kamerka a lot easier.
Please see the rest at the link above.
Another excerpt:
If that sounds scary, it's because it is scary. Kamerka effectively lets a user see what a hacker sees when searching or studying a target.
=================================================================
What if this tool could tell if a TPM was inactivated? Critical infrastructure should have activated TPMs in their computer fleets before they are targeted for having inactivated TPMs!! Please see Wave's website below for their TPM based solutions that could help organizations immensely!!!
https://www.wavesys.com/
From big data to risky data: Will companies dump their liabilities?
https://www.zdnet.com/article/from-big-data-to-risky-data-rising-costs-and-liabilities/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5dbeef0d4c15b80001498570&utm_medium=trueAnthem&utm_source=twitter
Opinion: Do you know where your data is? Tough new laws are on their way. Consumer data is fast becoming an expensive liability, and it could even lead to jail for executives.
FOREMSKI'S TAKE
It's only a few weeks before California's strict data law takes effect January 2020, and there are others in the pipeline in other states including proposals to jail executives that fail to protect people's data from a breach. Data is fast becoming a business liability rather than a benefit.
I go to a lot of media roundtables organized by computer security companies, and they all say that 100% protection is not possible and that every company has to prepare for a security breach. Yet that's assuming that the organization knows where all its data is located, which is unlikely.
Companies are constantly making copies of their production database for many reasons and especially for their developers so that they can to test software. These database copies often are not stripped of sensitive data because it is needed for testing. And the data is often used outside of the main IT environment and with different access controls. Developer testing setups are often easy entry points for intruders with nefarious intent.
If you don't need to store the data, why collect it and collect the legal liabilities?
Companies have been collecting mountains of personal data, but few of them have figured out what to do with it. They assume data is valuable -- like oil -- but like oil, it becomes a slippery thing to work with, and if you slip up and leak your data, you'll face massive fines and damage to brand reputation.
BIG DATA BIG LIABILITIES
The past couple of years the IT industry talked about the value that can be found in big data -- now it's better described as risky data. Companies will ask themselves, "What's the point of having it and risk losing it if we aren't using it?" The boards of companies and investors will likely recommend dumping any data that increases legal liabilities.
Unless the lobbyists for Google, Facebook, and other tech companies manage to persuade Washington to pass weak federal data laws to trump strict state laws.
RISKY AD TECH
There is currently a big clash of ideas around consumer data privacy and security. Politicians, the media, and the tech industry are trying to define the problem and how best to mitigate problem activities.
Data breaches by hackers are certainly a big problem, but there's a much bigger issue at play: Allowing ad technologies to collect and create massive data warehouses of highly sensitive personal data. If the personal data isn't there, there's nothing for hackers to steal. Ad tech makes it all possible.
Ad technology is in danger of being severely restricted. Marketers use people's data to save a few cents on the costs of selling services and products. This exact same data is used to judge people's beliefs and leave them exposed to hidden political and ideological manipulation by unknown parties.
WHY DOES YOUR SOAP POWDER NEED TO KNOW SO MUCH ABOUT YOU?
Procter & Gamble used to sell plenty of soap powder without using targeted data. Contextual advertising is very effective, and it doesn't require collecting personal information.
Contextual advertising enables media sites to reclaim their readers from the programmatic dashboards that steal them and follow them wherever they go. It would increase advertising revenues for publishers creating original content and allow them to reinvest rather than layoff people.
Over the short term, the winners will be Google and Facebook, because they don't have to sell people's data directly, and they can afford the costs of complying with any new legal regulations. They will essentially become vendors of metadata about personal data. That way they shelter ad clients from any data liabilities because they don't need to handle sensitive data themselves.
But over the long term, there are serious problems: Trying to persuade people to buy a product is the same as trying to persuade people to buy an idea -- advertising works and targeted messages work even better for political and ideological ends. It's why it's inevitable that societies will place strict limits on ad technologies and the use and collection of personal data, in my opinion.
==================================================================
Why not have double the protection for company data in Scrambls and Wave VSC 2.0? Why dump it when you could scramble it, and only have known and approved devices accessing your network? What if you delete something you weren't supposed to under what is being proposed in the article? Wave has great solutions for the problem in this article!!!! -- Wave VSC 2.0 and a potentially out on hiatus - Scrambls for Files!!
https://www.wavesys.com/
At least 13 managed service providers were used to push ransomware this year
https://www.zdnet.com/article/at-least-13-managed-service-providers-were-used-to-push-ransomware-this-year/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5dbc79c98021ed000132e8ce&utm_medium=trueAnthem&utm_source=twitter
Once hackers compromise an MSP's network, they can use its remote access tools to deploy ransomware to hundreds of companies and thousands of computers.
A new report published this week by threat intelligence firm Armor puts the number of managed service providers (MSPs) that got hit with ransomware this year at 13, possibly more.
For those unfamiliar with the term, a managed service provider is a company that manages a customer's IT infrastructure using remote administration tools.
MSPs have been around since the 90s, with the dawn of large computer fleets; however, they've been catching on with more and more companies in recent years.
By hiring an MSP, a company can cut costs by ditching classic system administrator roles, and outsource all IT (server and/or desktop) maintenance to a remote team of highly-trained professionals for a fraction of the cost, usually billed on a monthly subscription basis.
Using an MSP typically involves installing the MSP's software that provides its staff with remote access to a company's resources. However, this very same software can also be a curse.
Starting this year, ransomware gangs have realized that they could compromise the network of an MSP, and then use their remote access tools to deploy ransomware on the MSP's customer networks, infecting hundreds of companies and thousands of computers, all at once, with the push of a few buttons.
The trend had been noticeable to keen infosec observers. ZDNet reported on some of these MSP-based ransomware incidents when they first happened, in February, June, July, and August.
However, in a report published this week, Armor took a deeper look at the entire MSP ecosystem and unearthed several other incidents. In total, the company found 13, but many more could be unreported. See the list below: see link
Besides MSPs, ransomware gangs have also gone after a wide variety of targets this year, focusing on the US in particular. Previous Armor reports found that ransomware gangs encrypted files and crippled operations at more than 500 US schools and almost 80 US municipalities this year alone.
==================================================================
Wave could provide better protection for these MSPs and its customers from ransomware through the use of Wave SED management and Wave VSC 2.0. On Trusted Computing's Twitter site; mixing hardware-based technologies like SED's with Trusted Platform Modules can provide even stronger security benefits to enterprises against future threats.
Together, anything is possible!!
https://www.wavesys.com/
Microsoft Users Hit with Phishing Kits Hosted on Thousands of Domains
https://www.bleepingcomputer.com/news/security/microsoft-users-hit-with-phishing-kits-hosted-on-thousands-of-domains/
Excerpts:
"During the first half of 2019 three out of four phish we saw in customers' environments were credential phish" says Cofense. With stolen user names and passwords, a threat actor has access to a corporate network and can pass for a legitimate user."
==================================================================
Needing the user's computer with the TPM makes it extremely difficult to penetrate the network by the threat actor. Wave VSC 2.0 with its two factors of authentication (TPM and PIN) could make these phishing attacks not worthwhile, and have the threat actor look elsewhere!
==================================================================
BUY better security, BUY Wave VSC 2.0!!
https://www.wavesys.com/
UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity
https://threatpost.com/unicredit-suffers-third-breach/149617/
UniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017.
Despite investing 2.4 billion euros since 2016 to upgrade its cybersecurity profile, Italian banking institution UniCredit has suffered its third recent data breach, this time impacting 3 million customers.
The company said in a short data breach announcement on its website that names, telephone numbers, email addresses and cities where clients were registered were exposed via unauthorized access to a file generated in 2015. Bank account details were not included. UniCredit told Reuters that it wouldn’t release information on how the access occurred, but it did say that has launched an internal investigation and has informed all the relevant authorities, including the police.
UniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017, affecting 400,000 Italian customers. Those hacks were carried out via the network of a commercial partner, the bank said at the time.
“The incident at UniCredit shows that spending money alone isn’t enough to safeguard an organization from data breaches,” Jelle Wieringa, technical evangelist at KnowBe4, said via email. “After the breach in 2016, the bank invested an additional Euro 2.4 billion in its security. That is an awful lot of money to spend only to find out it wasn’t enough to stop the bad guys from getting in and stealing information.”
Its cybersecurity investment, which it calls “Transform 2019,” included the June 2019 implementation of a strong identification process featuring two-factor authentication (via a onetime password or biometric identification) for access to its web and mobile services, as well as for payment transactions.
“There isn’t very much known about the way the UniCredit breach took place. But there is still a lesson which can be learned from this. Even at this early stage,” Wieringa said. “In this instance, a file from 2015 was stolen. Under GDPR, it counts as a data breach, since it’s likely that most of the data is still valid. People tend to forget the value of data over time, especially if they are confronted with large amounts of it every day, and information fatigue is a real thing.”
ZeroFOX’ recent Financial Services Digital Threat Report showed a 56 percent annual increase in digital threat activity targeting the financial services sector this year. System and information exploitation specifically grew 26 percent within the past year.
“Attackers are increasingly adept at compromising systems, and social media has increasingly become the conduit,” according to the report. “They also blatantly market their heists both publicly and privately, across all digital channels. Malicious domains top the list of attack techniques at 57 percent share, with another 18 percent coming from information disclosures found on paste sites, most of which are accessible to the public.”
=================================================================
This article shows more unauthorized access to the network AGAIN!! Wave solutions could prevent unauthorized access like this!! Only 'known and approved' (authorized) access to the data on the network would be one of the great features that Wave VSC 2.0 could provide!!!
The article below from Wave points out how Wave won against the competition with its Wave VSC 2.0 solution. Companies like Unicredit could benefit in a BIG WAY by using it!!
=================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips