Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Only 14% of organizations have completed migration to Windows 10
https://www.helpnetsecurity.com/2019/05/10/organizations-windows-10-migration/
Almost a quarter of organizations will not be ready for Microsoft to terminate public delivery of Windows 7 security updates on January 14, 2020, the official end of support date.
They will be increasingly vulnerable to cyberattack until they move to a secure, supported OS, according to the Adaptiva 2019 Windows 10 Enterprise Impact Survey.
“Our survey shows that although companies have made progress in their migration process over the past year, less than 15% have completed the move to Windows 10,” said Jim Souders, CEO of Adaptiva.
“Security ramifications for not meeting the deadline are significant, and Microsoft shows no signs of extending support for Windows 7 past January. The clock is ticking and IT departments are exploring all of their options, particularly how automated solutions can help them meet their goal.”
Over 450 people completed the survey. More than a third of the respondents come from enterprises with more than 10,000 endpoints, and another 21% come from organizations with over 30,000 endpoints. This year’s survey yielded a number of key insights into Windows 10 migration.
The state of migration
•Surprisingly, only 14% of organizations have completed the migration process to Windows 10.
•Twenty-two percent of respondents expect their companies to have systems still running Windows 7 after January 14, 2020.
•Large organizations will have the option of purchasing Extended Security Updates (ESUs) for Windows 7, which Microsoft offers as a last resort option that includes Critical and/or Important updates for up to three years.
How much longer?
•Forty-five percent of respondents indicated that their company will complete Windows 10 migration in six months or less, while another 29% expect it to take six months to a year.
•Just over a quarter (27%) plan to take more than a year to move all their systems to the new OS.
Hurdles to migration completion
•More respondents than ever indicated that their staff is stretched thin, an increase of approximately 6% from last year (28% in 2019 vs. 22% in 2018).
•The time-consuming nature of the migration process along with cost are also significant barriers to new OS adoption.
Migration motivators
•Windows 10 offers a number of enhanced security features that help IT teams, which figured prominently in migration decisions (72%).
•Organizations are primarily moving to Windows 10, however, because it is the only Windows OS that will be supported by Microsoft in the future (89%).
•As companies try to shore up systems and reduce vulnerabilities, they realize that unsupported systems pose far greater security risks.
•Interest in features like the touch interface and Cortana are waning slightly.
=================================================================
The intermediate transition from Windows 7 to Windows 10 could be helped by using Wave VSC 2.0 and Wave ERAS to protect Windows 7 and the other Windows versions before these organizations can make the transition from 7 to 10. With Russia's law of internet isolation taking effect in November of this year many organizations with Windows 7 will need further protection if a potential foreign cyberattack happens. 'You need multi-factor authentication. Fast. You need Wave Virtual Smart Card!! Organizations knowing that they can use Wave SED management on Windows 10 for defending against ransomware may speed up the transition to Windows 10!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/
SHA-1 collision attacks are now actually practical and a looming danger
https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5cdaa6d7df42390001125bfb&utm_medium=trueAnthem&utm_source=twitter
Research duo showcases first-ever SHA-1 chosen-prefix collision attack
==================================================================
Software only is still not more secure than hardware (TPMs) and (proven) software combined! Wave has this combination, and it could prevent a lot of cyber problems for organizations!
https://www.wavesys.com/
Are we winning the cyber security war?
https://www.wavesys.com/buzz/news/are-we-winning-cyber-security-war
Steven Sprague, CEO of Wave Systems says the situation is bad and getting worse as attacks get more frequent and more sophisticated. Moderated by John Dix, Network World Editor-in-Chief.
Author:
Network World Tech Debate
networkworld.com/community/techdebate -
Monday, January 23, 2012 -
In the cat and mouse game that is enterprise security, it is hard to determine who has the upper hand, so we put the question to two experts. Give their arguments a read, vote on the position you most agree with and add your thoughts in the forum below.
Moderator
John Dix, Network World Editor in Chief, sets up the debates and recruits the experts. Contact him with thoughts and ideas, jdix@nww.com.
The experts
Chirantan "CJ" Desai, Senior Vice President of the Endpoint & Mobility Group at Symantec says we are winning when you consider the headlines are driven by a tiny fraction of successful attacks while the vast majority of attempts are nipped in the bud.
Steven Sprague, CEO of Wave Systems says the situation is bad and getting worse as attacks get more frequent and more sophisticated.
Are we winning the cyber security war?
https://www.networkworld.com/article/2221522/are-we-winning-the-cyber-security-war-.html
==================================================================
This head to head (mentioned in the previous post) was more than just about antivirus vs. Wave Endpoint Monitor. It would be interesting to see what the vote breakdown would be for those for the Symantec executive and those for Steven Sprague if the vote was taken now. If organizational leaders listened more closely to what Mr. Sprague said in this article in 2012, the 1900 quarterly 'reported' breaches would most likely be a lot less!! Unfortunately, many companies could have thought with Wave's financials that buying from them might have been risky. Now Wave has the backing of ESW so that should be taken out of the buying Wave solutions equation.
=================================================================
Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data
https://gizmodo.com/antivirus-makers-confirm-and-deny-getting-breached-afte-1834725136
Symantec and Trend Micro are two of the three top U.S. antivirus companies that a group of Russian-speaking hackers claim to have compromised, Gizmodo has confirmed.
Last week, Advanced Intelligence (AdvIntel), a New York-based threat-research firm, reported that a hacking group was attempting to sell internal documents and source code allegedly stolen from three major antivirus companies. Citing an ongoing law enforcement investigation and its own disclosure policies, AdvIntel did not reveal the names of the alleged victims.
The hackers, known as “Fxmsp,” are said to be offering to sell the stolen data—around 30 terabytes’ worth—for over $300,000. Gizmodo has not itself reviewed or verified any of allegedly stolen documents.
Symantec, the company that makes Norton Antivirus software, denied on Monday having been contacted by AdvIntel. “We have no indication that Symantec has been impacted and do not believe there is reason for our customers to be concerned,” it said.
That statement, however, was quickly refuted by AdvIntel, which said it first reached out to Symantec via a trusted partner on May 8. It then had two remediation calls with the company by the end of last week, it said. (Gizmodo reached out to Symantec about the discrepancy and will update if we hear back.)
Screenshots offered up as proof by Fxmsp appear to show stolen development documentation, an artificial intelligence model, and antivirus software base code, according to AdvIntel. Its researchers assessed the threat as highly credible, stating that Fxmsp—which is said to run in both Russian- and English-speaking circles—has already earned close to $1 million off verified corporate breaches.
Yelisey Boguslavskiy, AdvIntel’s director of research, confirmed last week that his company had been in contact with the potential victims. Following Symantec’s denial, Boguslavskiy said AdvIntel “reached out to Symantec via trusted partners on May 8, directly, and had two remediation calls on May 9 and May 10.”
Security software firm Trend Micro, meanwhile, told Gizmodo that data linked to one of its testing labs had been accessed without authorization. It labeled the incident as “low risk,” however, and said that neither customer data nor any source code had been accessed or exfiltrated.
Boguslavskiy also took issue with Trend Micro’s statement, saying it was “incorrect based on the portion of the data we have and the actor’s statement.”
Trend Micro said its investigation into the matter was still underway and that it was working “closely with law enforcement,” but that it wanted to “transparently share what we have learned.”
A spokesperson for McAfee, the maker of McAfee VirusScan, would not immediately confirm whether the company had been contacted about a potential breach. It is looking into the matter, they said, adding: “We’ve taken necessary steps to monitor for and investigate it.”
Update, 5/13: Updated with a statement from AdvIntel about its contact with Symantec and Trend Micro.
==================================================================
With these three companies apparently being breached, Wave Endpoint Monitor and Wave's Solutions should attract more buying since Wave's cybersecurity solutions successfully protect Wave and its customers. I recall years ago SKS going head to head with an executive from Symantec over what was a more beneficial product, antivirus, a blacklisting approach from Symantec or a whitelisting approach like Wave Endpoint Monitor from Wave. With 1900 breaches a quarter (via Help Net Security), it seems like Wave Endpoint Monitor and Wave Solutions have for years been overlooked to the detriment of a lot of companies and governments. Many organizations are using what is not working rather than seeing the opportunity that Wave offers with better cybersecurity solutions!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
A Massive Accounting Hack Kept Clients Offline and in the Dark
https://www.bloomberg.com/news/articles/2019-05-11/a-massive-accounting-hack-kept-clients-offline-and-in-the-dark
Dutch company Wolters Kluwer NV makes the software on which many of the world’s small and mid-sized accounting firms run. Earlier this week, a cyberattack took down that software and presented a case study in how not to communicate with customers over a hack.
The company told its followers on Facebook and Twitter on May 6 that, out of caution, it’d taken some of its cloud-based software applications offline. But the opaque 48-word statement didn’t explain why, and left customers frustrated and worried.
"Going dark as much as you have has done nothing to stop us from fearing the worst," one person replied on Twitter. "Has there been a security breach?" asked another.
Martin Wuite, chief information officer at Wolters Kluwer, was trying to find out, too. He’d become aware of anomalies in his company’s servers around 8 a.m. ET Monday after an automated monitoring system had flagged something was wrong.
"Customers were alerted immediately as soon as we discovered the issue," he said. "When we detected the malware, we proactively took a broad range of platforms offline to protect our customers’ data."
Wolters Kluwer, based in small town in the Netherlands and with a market value of around $19 billion, is a little known accounting software giant, providing services to health, tax and compliance industries. According to the company, 93% of Fortune 500 companies are its customers.
Please see above link for the rest of the article.
==================================================================
Given the success that Wave had with PwC's strong authentication, this accounting software firm could substantially benefit from Wave's solutions especially Wave ERAS and Wave VSC 2.0!!. Being set up on Wave VSC 2.0 and Wave ERAS is probably much faster now with Wave than when PwC was converted to the TPM!
==================================================================
https://www.cio.com/article/2415123/pwc-lauds-trusted-platform-module-for-strong-authentication.html
PwC lauds Trusted Platform Module for strong authentication
migrating 150,000 users to TPM-based storage of private keys
networkworld.com -
Wednesday, September 15, 2010 -
Auditing and business-services firm PricewaterhouseCoopers (PwC) today said it's built its next-generation authentication system by swapping out employees' older software-based private-key certificates for hardware-based storage of new certificates using the Trusted Platform Module (TPM).
What is TPM?
TPM is a small chip embedded in laptops, says Boudewijn Kiljan, solution architect for global information technology, infrastructure portfolio, at PwC, which is migrating 150,000 users to TPM-based storage of private keys. The vast majority of computers on the market ship with TPM inside, and by adding TPM-based software from Wave Systems, it was fairly easy for PwC, which already had a public-key infrastructure (PKI) in place, to switch to hardware-based storage of private keys, the foundation for employee desktop authentication.
In contrast, "private keys protected by TPM are not exportable," Kiljan said. The Microsoft-based software-only method that PwC had been using to store private keys does appear to be far more vulnerable to an attacker intent on stealing private keys, he noted.
TPM, developed as a specification by the Trusted Computing Group (TCG), is an open standard so there's less worry about vendor lock-in than if a more proprietary method were selected, Kiljan pointed out. One thing to note about TPM is that it's a restricted technology in the countries of China, Russia, Kazakhstan and Belarus, he noted.
But while making the conversion to TPM has been fairly easy by adding TPM-supporting software from Wave Systems, there were a number of processes that the IT department at PwC had to follow to make it all work.
These included issuing new certificates for TPM, installing TPM drivers, and a process called enabling and clearing the TPM in the BIOS.
Technically, the TPM specification doesn't yet have a specification that details a way to do this other than manually. But several vendors, including Wave Systems, now have toolkits to do this remotely and build management around it. That's what PwC used to activate TPM via administrator-controlled passwords.
PwC has already migrated about 35,000 employees to TPM, and expects to have all 150,000 over to TPM over the course of about a year or so. TPM works transparent to the user. Kiljan says estimates are that TPM is less than half the cost of going with a smartcard-based PKI device and a third of going with a USB PCI device.
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/
Source code, network access being sold online by "Fxmsp" collective.
In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims.
Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified “the potential victim entities” of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data “through a private conversation,” Boguslavskiy said. “However, they claimed that their proxy sellers will announce the sale on forums.”
Fxmsp has a well-known reputation in the security community for selling access to breaches, focusing on large, global companies and government organizations. The group was singled out in a 2018 FireEye report on Internet crime for selling access to corporate networks worldwide, including a global breach of a luxury hotel group—potentially tied to the Marriott/Starwood breach revealed last November. AdvIntel’s researchers say the group has sold “verifiable corporate breaches,” pulling in profits approaching $1 million. Over the past two years, Fxmsp has worked to create a network of proxy resellers to promote and sell access to the group’s collection of breaches through criminal marketplaces.
In March, the group “stated they could provide exclusive information stolen from three top antivirus companies located in the United States,” AdvIntel’s researchers reported in a blog post going live today. “They confirmed that they have exclusive source code related to the companies' software development.” And the group offered privately to sell the source code and network access to all three companies for “over $300,000,” the researchers said.
According to the AdvIntel report, Fxmsp had managed to steal source code that included code for antivirus agents, analytic code based on machine learning, and “security plug-ins” for Web browsers. “Fxmsp also commented on the capabilities of the different companies’ software and assessed their efficiency,” the researchers wrote.
In the past, Fxmsp’s breaches have typically focused on exploiting Internet-connected remote desktop protocol (RDP) and Active Directory servers. But more recently, the group has claimed to have developed a credential-stealing botnet—malware that collects usernames and passwords—to target high-value networks that are better secured. “Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal,” AdvIntel’s researchers noted.
Update:
Boguslavskiy provided some additional details about the breach research in response to follow-up questions (and some of the feedback on this story). He said that AdvIntel first notified the FBI "through both Cyber Watch and the New York Cyber Task Force".
told Ars that in October of 2018, Fxmsp "had a conflict with their proxy seller, and this relationship was compromised." Since the proxy monitored Fmsp's accounts on the various forums that the group typically sold its data through, this caused Fxmsp to move all its communications to Jabber instant messaging.
On May 5, Boguslavskiy said, "Fxmsp stated that one of the two teams orchestrating the attack against the AV companies compromised one access [point] while navigating through a victim's client directory." The hackers are currently trying to regain access. THis may have disrupted their original plans to sell the data.
"According to them, they planned to offer accesses for some of the companies in mid-May," Boguslavskiy said, "most likely, by using forums (however, this is not confirmed: they used the term 'make a public sale')." But because of the compromise of one access point, he noted, the group now plans to continue to make private offers of the data, with the possibility that offers for the other companies may appear in forums later this month.
=================================================================
Wave Endpoint Monitor and Wave Systems unlike the antivirus companies in this article and others is protected by the premier cyber solutions company in Wave Systems!! The usernames and passwords collected by the hackers wouldn't allow them on Wave's network against Wave VSC 2.0 which uses a PIN and TPM for 2FA. It would make sense for potential advanced malware customers to prefer the capabilities of Wave Endpoint Monitor and the breach protection of Wave VSC 2.0 for WEM and Wave as well as for their organization. This article should help make Wave Endpoint Monitor and Wave VSC 2.0 even more sought after!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/
Baltimore's Government Held Hostage by Ransomware Attack
https://gizmodo.com/baltimores-government-held-hostage-by-ransomware-attack-1834616990
For the second time in just over a year, Baltimore has fallen victim to a major cyberattack. Last year, hackers targeted the city’s 911 emergency system, but this time around, the city government’s files are being held hostage by ransomware.
First things first, if you live in the Baltimore area, vital emergency systems like 911 and 311 remain operational. However, most of the city’s servers were shut down as a precaution after the attack, and officials are unsure when they’ll be fully operational again.
Essentially, hackers have infected the city government’s computers with what was identified in a press conference by as “the very aggressive RobbinHood ransomware.” It’s also been confirmed that it’s a relatively new variant of the malware. During the press conference, city officials were unable to answer exactly how the ransomware was spread, citing an ongoing federal investigation.
According to a Baltimore Sun report, the ransomware works by employing a “file-locking” virus to encrypt files, which are then held hostage. The Sun also reports that in a ransom note, hackers demanded the city pay 3 Bitcoin (about $17,600) per department, or 13 Bitcoin (about $76,280) for the entire city.
The hackers also reportedly demanded the ransom be paid within four days, at which point they warned the price would go up. After 10 days, the hackers say the files will be irretrievable, according to the Sun.
So far, multiple Baltimore city departments have been affected by the shutdown. The Department of Public Works tweeted early Tuesday morning that its emails were offline and that customer service phone lines were inoperable. As a result, it’s suspended late water bill fees as many citizens remain unable to pay their bills. The Baltimore Police Department and the Department of Transportation have also been reported to have issues with their email and phone systems. Meanwhile, multiple City Council hearings have also been canceled.
In the meantime, Baltimore is resorting to the good, old-fashioned telephone to handle requests—even though some departmental phone lines aren’t exactly working. The Office of the Inspector General, for instance, tweeted an alternative number that people could call as its usual number was rendered inaccessible.
“We just have to revert back to manual,” said Baltimore Mayor Bernard C. Jack Young at today’s press conference. He added that if the problem persisted longer than expected, he might have to ask city employees who can’t do their work to be “go out and help us clean up the city.”
As for whether this could have been prevented by updating the city’s systems, Baltimore Chief Information Officer Frank Johnson was adamant during the briefing that the city had taken adequate measures.
“We have been assessed several times since I’ve been here,” Johnson said, “and have gotten multiple clean bills of health.”
=================================================================
Many other cities and organizations have probably been following the same cybersecurity protocols as Baltimore, and as in Baltimore's case it didn't work. Using SEDs that are properly initialized through remote initialization as with Wave SED management could seem unconventional, but according to the DTA (Drive Trust Alliance) proper SED initialization leave little to no danger of a ransomware attack!! This is outlined in post #245701! When there is a ransomware segment (on last weekend) on 60 minutes, the problem is rather serious. Many SEDs are already built into computers (mainly business) and just need to be properly initialized to stop ransomware!! The remote initialization by Wave SED management makes it easier for relatively larger organizations.
=================================================================
The link below is for 245701 and should help with this post!
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=148481290
=================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Nation state actors, affiliates behind increasing amount of data breaches
https://www.zdnet.com/article/nation-state-actors-affiliates-behind-increasing-amount-of-data-breaches/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5cd315b6df4239000111e3cd&utm_medium=trueAnthem&utm_source=twitter
Verizon's 2019 Data Breach Investigations Report highlights how nation states and espionage are becoming a worry for businesses and their data.
Cyberattacks by nation states and parties affiliated with them represented 23% of data breaches, up from 12% in 2018 and 19% in 2017, according to Verizon's Data Breach Investigations Report (DBIR).
The 12th annual data breach report were based on 41,000 cybersecurity incidents and more than 2,000 data breaches. At a high level, the DBIR report outlined the following:
•A quarter of all breaches were associated with espionage;
•C-level executives were 12x more likely to be the target of social incidents and 9x more likely to be a target of social breaches;
•Ransomware is the No. 2 ranked malware type and accounts for 24% of cases;
•Cybercriminals were targeting cloud-based email accounts and leveraging stolen credentials.
The nation-state actors and espionage takeaways highlight how the security threat game is changing in many respects. Espionage was an issue across most of the industries in the DBIR. Gabe Bassett, co-author of the Verizon DBIR, said companies need to plan for what happens after a data breach.
Bassett said companies are being targeted for intellectual property and secret theft by cybercriminals looking to leverage credentials instead of mapping a network and gaining access over time. "The theft of personal information and credentials is a primary vehicle is a different approach. The target is the same," said Bassett. Log-in information, social attacks and pretexting are primary techniques used to gain access to IP.
Educational institutions are also good targets, but the motives are more spread out. Yes, nation-state actors are interested in research, but databases full of student information also have profit potential. Cybercriminals are also targeting web applications and email to steal credentials.
Among other key trends:
Please see link for the rest of the article.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
https://www.wavesys.com/virtual-smart-card-2.0-from-wave
Cyber-threats are everywhere, but with Wave Virtual Smart Card 2.0 (Wave VSC 2.0) enterprises have a hardware-based, tokenless, two-factor authentication security solution with the security of a hardware token solution and the convenience and cost savings of a software token solution.
Wave VSC 2.0 delivers strong two-factor authentication using the Trusted Platform Module (TPM), the embedded security chip built into enterprise PCs. Wave empowers IT with management of the TPM and VSC 2.0. Companies successfully use Wave VSC 2.0 to secure VPN access, web applications and other certificate-based applications, like Wi-Fi with 802.1x, remote desktop, or Windows-user login. Use the security that’s already been deployed and save money with Wave VSC 2.0.
Every month we see headlines highlighting mammoth breaches (i.e. EBay, JP Morgan Chase, Sony, Target, etc…). In each case, millions of records were stolen, corporate images were tarnished, and enormous costs were incurred as a result. And equally disturbing, more often than not the attacks go undetected and as a result important information is stolen.
Please see the above link for the white paper on the Wave Virtual Smart Card 2.0.
It was 'inevitable' that bombs would fall in response to a cyber attack
https://www.cyberscoop.com/hamas-cyberattack-israel-air-strikes/?utm_campaign=CyberScoop%20-%20Editorial&utm_content=91065021&utm_medium=social&utm_source=twitter&hss_channel=tw-720664083767435264
Israel’s military announced Sunday it had launched airstrikes on a building allegedly housing a number of Hamas soldiers that were preparing to launch a cyberattack against Israel.
Israel Defense Forces (IDF), which launched the airstrike jointly with the Israel Security Authority, did not detail the alleged cyberattack and other offensive capabilities Hamas was developing, but said it had neutralized the attack before launching the airstrikes.
The incident marks the first time a government has publicly announced it has immediately responded to a cyberattack by launching a “kinetic attack,” a military term that describes the use of lethal force.
Although this marks a first in cyberwarfare, Paul Rosenzweig, a former deputy assistant secretary for policy at the U.S. Department of Homeland Security, tells CyberScoop it’s not a surprising outcome.
“We mistakenly tend to think that the cyber domain exists apart from the physical world, but it doesn’t,” Rosenzweig, a senior fellow at R Street Institute, said. “It was always a claim — an unreasonable claim — that the two wouldn’t intersect. There were some people that had this phrase, ‘what happens in cyber stays in cyber,’ kind of like ‘what happens in Vegas stays in Vegas,’ but that wasn’t a realistic expectation.”
In the U.S., it is possible that the Pentagon could respond to a cyberattack on the nation in the kinetic realm as well, if directed to do so by the president. In 2015 the Obama administration said that the U.S. would, in theory, “use all necessary means, including military, to respond to a cyber attack on the nation.”
“Ever since it was clear cyberweaponry would have physical, kinetic effects it became inevitable that people would start using kinetic weaponry to affect operations in the cyber domain,” Rosenzweig said.
The U.S. Department of Defense has at least once before used a kinetic attack in response to cyberthreats when it launched a drone strike to kill British national Junaid Hussain, who ran the Islamic State’s hacking group. However, the strike was launched years after Hussain conducted his operations.
In a statement, IDF said Hamas’ cyber-operation “failed to achieve its goals.” But the fact that IDF was compelled to respond in the physical realm does not necessarily show Hamas is becoming more powerful or dangerous in cyberspace, John Hultquist, Director of Intelligence Analysis at FireEye, told CyberScoop.
“I don’t think it tells us anything about their capabilities,” Hultquist said. “The word ‘cyberattack’ is so broad.”
There was no public information available Monday as to what kind of cyberattack IDF alleges Hamas had attempted or what offensive capabilities Hamas was allegedly developing.
‘Not a formidable adversary’
Security researcher Eyal Sela, who has been tracking Hamas for years, told CyberScoop that its offensive capabilities in cyberspace are “not new,” but not particularly masterful, either.
“The capabilities are not ranked as high, it’s like medium-to-low in their level of sophistication, execution, and quality assurance. They are not a formidable adversary in this dimension,” said Sela, who is the head of intelligence at ClearkSky Cyber Security.
Over the last several years Hamas has been conducting cyber-espionage and reconnaissance operations, not those that necessarily threaten disruption, according to Sela.
“We know they have been … targeting mobile phones of soldiers, and breaching websites, sending phishing emails in various folders to people and infecting them,” Sela said, adding that some of their tools have been developed in house. “Some of them are generic sometimes they are self-developed.”
Hamas conducts some social engineering to make sure its emails and contacts truly trick their targets, according to ClearSky. For instance, Hamas has used fake social media accounts — primarily on Facebook — to trick IDF soldiers into befriending them, Sela says.
The kinetic response came amid several days of shelling in Israel. U.S. Secretary of State Mike Pompeo told Fox News on Sunday he believes Israel has a right to defend its sovereignty while discussing the strikes this weekend.
CNN reports that an apparent ceasefire was reached after Israel launched air strikes on over 300 targets. Four people had died in Israel and 23 people were killed in Gaza.
When asked if the IDF strike resulted in civilian casualties, the IDF directed CyberScoop to a statement that did not address the question.
==================================================================
This situation could be like saying 'we don't trust our cyberdefenses' so we need to resort to a "kinetic attack" These attacks may work if one knows for sure who is doing the cyber attack and may instigate a potentially bigger cyber attack in response. Billions of dollars have been spent on putting TPMs into business computers so that organizations can use them to protect themselves in the event of a possible cyber attack. Wave provides customers with solutions that use hardware (TPMs and SEDs) to stop ransomware, advanced malware, phishing, breaches and cyber attacks!!! Software alone has demonstrated its lack of success in stopping these cyber problems. The government has ordered Wave VSC 2.0 in a sensitive area (no known complaints). PwC used Wave ESC for their 2FA and ordered a maintenance contract years later showing the effectiveness of the TPM based product over a number of years (has PwC had serious problems with hackers?). A leading global financial services corporation signed a master license agreement for 5 years with Wave for VSC 2.0 after it won a competitive evaluation against a market leader in 2FA tokens. Larger organizations can benefit by using Wave ERAS since it can turn on TPMs more rapidly. If these large, well renowned organizations trusted Wave's critical cybersecurity and its effectiveness, shouldn't many other organizations?!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
The leading sources of stress for cybersecurity leaders? Regulation, threats, skills shortage
https://www.helpnetsecurity.com/2019/04/29/stress-cybersecurity-leaders/?utm_content=buffer09c09&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
A perfect storm of regulation, increased threats and technological complexity is overwhelming cybersecurity decision makers, reveals new research from Symantec.
Cybersecurity suffers from information overload
Four in five (82 percent) security leaders across France, Germany and the UK report feeling burned out, whilst just under two-thirds (63 percent) think about leaving the industry or quitting their job (64 percent).
Surveying 3,045 cybersecurity decision makers across the across France, Germany and the UK, the research – conducted by Symantec in collaboration with Dr Chris Brauer, Goldsmiths, University of London – reveals mounting pressure on the security profession.
The leading source of stress for cybersecurity leaders is government regulation. Four in five (86 percent total, 81 percent UK) reported that mounting regulation, such as GDPR and the NIS Directive, was increasing their stress. Two in five (40 percent total, 33 percent UK) reported concerns that they would be held personally liable for a data breach.
Just over half (55 percent total, 37 percent UK) feared dismissal if a breach happened on their watch. Insufficiently skilled staff (80 percent total, 70 percent UK), the size and complexity of the estate to be defended (82 percent total, 70 percent UK), and the increasing volume of threats (82 percent total, 69 percent UK) are also major contributors to stress.
“Stress dramatically impacts our ability to make good decisions,” said Dr Chris Brauer, Director of Innovation, Goldsmiths, University of London.
“It impairs your memory, disrupts rational thinking and negatively impacts every cognitive function you have. In an industry like cybersecurity, which requires focus, creative thinking, attention to detail and rational decisions in high pressure scenarios – stress can be crippling. Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already suffering a skills shortage, this kind of stress can present a significant risk.”
On high alert
Ironically, efforts to protect the enterprise are also increasing stress:
•79 percent (62 percent UK)) reported that managing ‘too many cyber defence products or vendors’ was increasing their stress levels
•Two-thirds (68 percent total, 54 percent UK) of cyber-security decision makers said they’d felt ‘paralysed’ by the overwhelming volume of threat alerts
•A third (33 percent total, 28 percent UK) reported that threat alerts, designed to help keep a business safe, are making the situation worse due to their sheer volume
•In the face of such huge workloads, the majority of security professionals (67 percent total, 54 percent UK) said their cybersecurity teams left work at the end of the day with threat alerts left unreviewed
This volume is impacting the security of enterprises:
•Already 41 percent (46 percent UK) agree a breach is inevitable
•A third (32 percent total, 28 percent UK) say their organisation is currently vulnerable to avoidable cybersecurity incidents
•A quarter (26 percent total, 22 percent UK) admitted they have already suffered an avoidable cybersecurity incident
“Feeling paralyzed by an overwhelming volume of threat alerts is a common problem for security professionals, and reason why legacy WAFs are typically bought for a compliance check box, and then, turned off. Not only do they flag an unmanageable volume of alerts, but they also block large amounts of legitimate traffic, creating false positives,” Hala Al-Adwan, VP of Technology at Signal Sciences told Help Net Security.
“In today’s environment, security teams need a modern solution that pulls out needles from the haystack. Signal Sciences next-gen WAF surfaces the most important real-time attacks and anomalies in one quick view and immediately alerts teams through integrated ChatOps and DevOps tools, like Slack, DataDog or PagerDuty. We give you alerts that actually matter and contain actionable data. Any team member can easily access this security event data and quickly understand what’s going on within their applications and how to resolve it. They can diagnose, triage, and solve security problems quickly. Any malicious attacks will be automatically detected and blocked—without producing false positives on legitimate traffic,” Al-Adwan concluded.
The challenge ahead
Two-thirds of security leaders (65 percent total, 54 percent UK) feel they are being ‘set up for failure’. However, the overwhelming workload and pressure doesn’t seem to deter them.
The vast majority of security leaders are adrenaline junkies, fully immersed in their work, even when it’s stressful (92 percent UK and total). Nine in ten are motivated by high pressure situations and 92 percent (UK and total) report that they find their work environment thrilling.
“This appetite for pressure is much needed, as the challenges cybersecurity professionals are facing is set to grow,” commented Darren Thomson, EMEA CTO, Symantec.
Many are already challenged by the pace of change and rapid growth of data. Four in five (82 percent total, 70 percent UK) report that having to secure too much data, in too many places, is making the job more stressful. Almost half (45 percent total, 37 percent UK) say technological change is occurring too quickly for their teams to adapt.
“Ever since the internet started connecting computers and systems, cyber defence has largely been a game of reactions,” continued Thomson.
“With new technology, came new threats. As each new exploit emerged, a new defence was created. Organisations and the cybersecurity industry got sucked into an ever-accelerating game of whack-a-mole. There are now too many moles and too many hammers. It’s time for organisations to take a step back, and approach cyber defence in a far more effective way.”
==================================================================
Only allowing known and approved devices on the network would take a lot of the stress out of companies' cybersecurity workforce. The unknown devices could be kept off the network and keep the 'thrilling' work to a minimum. Wave ERAS can make this happen along with Wave VSC 2.0. Coupled with Wave's other products/solutions, the job burnout is greatly reduced and the effectiveness of the organization goes way up!!! Please see information on Wave ERAS and Wave VSC 2.0 below.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
https://www.wavesys.com/products/wave-virtual-smart-card
Electronics Weekly – Infineon Trusted Platform Module, Lumileds LEDs and More
https://www.engineering.com/ElectronicsDesign/ElectronicsDesignArticles/ArticleID/19034/Electronics-Weekly-Infineon-Trusted-Platform-Module-Lumileds-LEDs-and-More.aspx
Infineon Technologies has launched its Trusted Platform Module (TPM), which is designed specifically for automotive applications. The OPTIGA TPM 2.0 protects communication between the car and the manufacturer.
By using the TPM, car manufacturers can incorporate sensitive security keys to assign access rights, authentication and data encryption in the car in a protected way. The TPM can also be updated so that the level of security can be kept up to date throughout the vehicle’s service life.
For more information, visit Infineon’s website.
==================================================================
Infineon, and 150+ companies are saying that TPMs are here to stay, and they have stood the test of time!! It could be time for Wave and the TPM to shine especially since the TPM is represented in 100% of many organizations' computer fleets. The TPMs increased ubiquity over time makes 'known devices only allowed on sensitive networks' work better for many more organizations than say 5 years ago when the saturation rate of TPMs wasn't as close to 100%. As of April, 2019 Windows XP (Microsoft OS without a TPM) share of the Windows market was 2.8% so the enterprise TPM market is near 100%. In other words, it now makes a lot of sense for organizations to upgrade their cybersecurity to a company like Wave which has outstanding solutions to utilize the TPM!! Wave VSC 2.0, Wave Endpoint Monitor and Wave ERAS are great solutions that many organizations should be using to protect against ransomware, breaches, cyberattacks, and advanced malware!! The links below are worth a second look and it is recommended for those interested in Wave!! Previous posts may enhance current color on Wave's products/solutions!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/wave-alternative
https://www.wavesys.com/
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
50,000 enterprise firms running SAP software vulnerable to attack
https://www.zdnet.com/article/50000-enterprise-firms-running-sap-software-vulnerable-to-attack/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5ccc9a5edf42390001117c81&utm_medium=trueAnthem&utm_source=twitter
9 out of 10 SAP production systems are believed to be vulnerable to new exploits.
Up to 50,000 enterprises that have adopted SAP solutions may be susceptible to cyberattacks due to new exploits targeting configuration flaws in the software, researchers say.
According to the cybersecurity team from the Onapsis Research Labs, exploits dubbed 10KBlaze which target two technical components of SAP software have been recently released and can lead to the "full compromise" of SAP applications.
In a report detailing the exploits, Onapsis said such compromises include the deletion of business-critical application data, as well as the theft or modification of sensitive information.
The "10KBlaze" tools could also be used to create new users with arbitrary privileges, to perform business functions such as creating new vendors or purchase orders -- in other words, to commit financial fraud -- and to gain access to SAP databases or disrupt business operations.
Without any form of authentication, remote attackers only need some technical knowledge and network connectivity to the vulnerable system to perform an attack.
All SAP NetWeaver Application Server (AS) and S/4HANA systems, as they use an Access Control List in Gateway and a Message Server, may be at risk. The researchers say that the applications are impacted, among others:
•SAP S/4HANA
•SAP Enterprise Resource Planning (ERP)
•SAP Product Lifecycle Management (PLM)
•AP Customer Relationship Management (CRM)
•SAP Human Capital Management (HCM)
•SAP Supply Chain Management (SCM)
•SAP Supplier Relationship Management (SRM)
•SAP NetWeaver Business Warehouse (BW)
•SAP Business Intelligence (BI)
•SAP Process Integration (PI)
•SAP Solution Manager (SolMan)
•SAP Governance, Risk & Compliance 10.x (GRC)
•SAP NetWeaver ABAP Application Server 7.0 - 7.52
The exploits do not rely on core vulnerabilities in SAP code. Rather, errors in SAP NetWeaver installation administrative configuration and settings can be used to compromise applications.
According to Onapsis, up to 50,000 companies and a collective one million systems using SAP NetWeaver and S/4HANA are misconfigured. The team estimates that 90 percent of SAP systems in use by the enterprise may be vulnerable.
"If these configurations are not secured, as recommended by SAP (easier to do during implementation and GoLive process), [the] recently published exploits can be used against affected companies," Onapsis says.
SAP has previously released guidelines in 2005, 2009, and 2010 to customers which describe how to properly setup application configuration to prevent exploit. It is recommended that IT teams check their builds immediately to ensure they are protected.
"SAP always strongly recommends to install security fixes as they are released," SAP said.
==================================================================
'WITHOUT ANY FORM OF AUTHENTICATION'!! That seems like the biggest problem over software problems! Wave VSC 2.0 for cloud applications for SAP could fix the major part of this problem!!! 50,000 enterprises could benefit by having Wave VSC 2.0 and for other reasons as well as having 2FA for SAP apps!!! The government has used this technology (Wave VSC 2.0) with no known complaints, and a leading global financial services company tested it (won the competitive evaluation against market leader in two factor authentication tokens) and signed a 5 year master license agreement! These companies could benefit by having better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
MITRE ask vendors to do more to detect stealthy hacks
https://www.cyberscoop.com/mitre-asks-vendors-detect-stealthy-hacks/
As hackers continue to use native programming tools to blend into target networks, Mitre Corp. is beginning to test vendors’ ability to detect those techniques.
The federally-funded, not-for-profit organization announced Wednesday it would throw the stealthy tactics of an infamous hacking group, the Russian-government-linked APT29, at several threat-detection products.
But the evaluation is about more than one set of adversaries. The “living off the land” techniques, such as hiding in PowerShell scripts, that will be tested are increasingly popular with a variety of hacking groups.
“A lot of these techniques are going to be implemented in similar ways from different adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the organization’s ATT&CK framework.
“PowerShell monitoring is that next thing that everyone recognizes is absolutely necessary,” he added.
Mitre’s last round of testing focused on advanced persistent threats, mimicking the tactics of APT3, a China-based group known for using internet-browser exploits. But the techniques of APT29, best known for being one of two Russian outfits to breach the Democratic National Committee before the 2016 U.S. election, will be a stiffer test, according to Duff.
“Because it’s a more sophisticated adversary, they do a lot more in terms of scripting, a lot more in terms of using built-in Windows [application programming interfaces],” he told CyberScoop. “Unless you have the right sensoring and the right ways of whittling ways through large amounts of noise, it’s going to be a harder thing for these vendors to succeed at.”
The first round of APT3 evaluations tested products made by vendors such as Carbon Black, CrowdStrike, Endgame, and Microsoft. Mitre is hoping for similarly-robust participation this go-round.
Duff said the APT29 test will incorporate a range of data from the group’s activity. After a relative lull in activity, APT29 appeared to rear its head last fall in a spearphishing campaign against U.S. military and defense contractors
Don’t expect the Mitre team to simulate tactics used by every APT group. Instead, evaluators are testing tactics employed by groups that offer valuable defensive lessons to the broader cybersecurity industry, according to Duff.
The inclusion of APT29 techniques in the testing, which will begin this summer, is meant to “really push the boundaries forward” for vendors, he said.
=================================================================
It looks like Wave was already ahead of its time back in 2014. Wave solutions/products should be selling rapidly given the enormous benefits in using them!! Better security at less than half the cost!!! https://www.wavesys.com/
=================================================================
Wave Integrating MITRE’s Attestation Technique into its Endpoint Monitor for Remediating Advanced Malware
MITRE Details Technique at Black Hat 2013
https://www.wavesys.com/buzz/pr/wave-integrating-mitre%E2%80%99s-attestation-technique-its-endpoint-monitor-remediating-advanced-mal
Lee, MA -
July 31, 2013 -
Wave Systems Corp. (NASDAQ:WAVX), the Trusted Computing Company, announced plans to integrate The MITRE Corporation’s new timing-based attestation technique into Wave Endpoint Monitor (WEM), the industry’s first solution to leverage industry standard hardware to detect and remediate malware that can surreptitiously mount attacks before the operating system loads. MITRE is a not-for-profit organization that provides systems engineering, research and development, and information technology support to the government.
With this enhancement, Wave will integrate MITRE’s technique that doubly verifies that the core BIOS hasn’t been corrupted. The BIOS is the first software run by the PC when powered-on and is responsible for initializing hardware and getting the operating system running. It also contains the “core root of trust measurement” (CRTM) software, the first software in the boot trust chain that ends in the assurance that the computer booted safely.
“MITRE has made a significant contribution to the body of research by identifying a scenario in which malicious code could be introduced to the BIOS that would cause it to provide a false reading and allow the malicious BIOS to indicate the system had not been corrupted,” said Dr. Robert Thibadeau, Wave’s Chief Scientist. “MITRE’s technique offers a second control for determining the CRTM does not lie about itself and any of the rest of the trust chain.”
Dr. Thibadeau added, “While BIOS attacks are still fairly rare today—less than one percent by many accounts—they represent a new and dangerous attack vector, and we’re bound to see more in future years as the more popular preboot targets are secured by our existing WEM technology.”
The management of CRTM detection will be incorporated in a module for WEM, which Wave expects will be production-ready in early 2014 to meet the expected increase of these attacks. Wave Endpoint Monitor captures verifiable PC health and security by utilizing information stored within the TPM. If anomalies are detected, the attack is controlled, and IT is alerted immediately with real-time analytics.
MITRE research presented at Black Hat 2013
MITRE researchers John Butterworth, Corey Kallenberg, and Xeno Kovah presented their research on this vulnerability and technique, “BIOS Chronomancy: Fixing the Core Root of Trust for Measurement,” at Black Hat 2013.
The team’s research highlights a vulnerability in which a firmware rootkit tricks an endpoint’s Trusted Platform Module (TPM) chip into reporting a clean BIOS firmware, when in fact it has been compromised. MITRE’s research shows the importance of using timing-based attestation systems, which can defend against attackers who obtain the same privilege levels as the defender. John Butterworth, a Senior Infosec Engineer at MITRE, adds, “additional complexities are imposed on an attacker who tries to conceal a rootkit in the presence of timing-based attestation; even concealing the modification of a single byte will trigger a measurable change.”
The team’s findings come as vendors work to implement BIOS protection specifications as outlined by the National Institute of Standards and Technology (NIST) special publication 800-155, published in 2011.
Putin Signs Controversial Internet Law
https://www.securityweek.com/putin-signs-controversial-internet-law
President Vladimir Putin on Wednesday signed into law a "sovereign internet" bill which will allow Russian authorities to isolate the country's internet, a move decried by rights groups.
Russian lawmakers insist the new law is necessary to ensure the security of Russia's online networks but critics say the vaguely worded bill gives new censorship powers to government monitors.
The text of the law was published Wednesday but it will not come into effect until November.
The measures include creating technology to monitor internet routing and to steer Russian internet traffic away from foreign servers, ostensibly to prevent a foreign country from shutting it down.
The authors of the initiative say Russia must ensure the security of its networks after US President Donald Trump unveiled a new American cybersecurity strategy last year that said Russia had carried out cyber attacks with impunity.
Thousands of people recently rallied in Russia against this and other bills that critics say aim to restrict information and communication online.
Separately, Putin in March signed controversial laws that allow courts to fine and briefly jail people for showing disrespect towards authorities, and block media for publishing "fake news".
The laws are part of an ongoing Kremlin clampdown on media and internet freedoms that has seen people jailed for sharing humorous memes.
Last week 10 international rights organisations called on Russia to scrap the internet bill.
"The bill created a system that gives the authorities the capacity to block access to parts of the Internet in Russia," said a statement backed by Human Rights Watch, Reporters Without Borders and others.
The blocking would be "extrajudicial and non-transparent," the statement said.
Under the new law Russian Internet access providers will also need to ensure that their networks have the technical means for "centralised traffic control" to counter potential threats.
This control will pass notably to the Russian FSB security service and the telecoms and media monitoring agency Roskomnadzor, which is often accused of arbitrarily blocking content on the web.
In recent years Russian authorities have blocked online sites and content linked to the opposition, as well as internet services which fail to cooperate with them, including the Dailymotion video platform, the Linkedin online social networking site and the encrypted messaging app Telegram.
==================================================================
In the event that the U.S. chooses to use cyberweapons against Russia, this isolation of Russia's internet stands as a defense to those cyberweapons. The U.S. probably will not pass a law similar to this law by Russia so the U.S. needs a credible cyber defense against Russia. Defending the U.S. with activated TPMs would be a better solution given the logistical problems and protests with the isolation of the U.S. internet. A little security chip on most business computers, the TPM is backed by 150+ companies and is an international standard!! Software only solutions would easily leave the U.S. defeated in a large cyberattack by Russia. Hardware security (TPMs activated and SEDs) and software security combined that are proven could give the U.S. and its Allies a great defensive posture against a large possible cyberattack!!
Wave has great TPM solutions, and Wave SED management that could save many organizations from terrible cyberattacks!! Please see the Wave Alternative below which could protect organizations in the event of a large cyberattack. Some previous posts may be helpful as well.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies
https://motherboard.vice.com/en_us/article/d3np4y/hackers-steal-ransom-citycomp-airbus-volkswagen-oracle-valuable-companies
The data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen.
Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material.
Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday.
“Citycomp has been hacked and blackmailed and the attack is ongoing,” Bartsch wrote. “We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”
On a website apparently created to distribute Citycomp client data, the hackers claim they are in possession of “312,570 files in 51,025 folders, over 516GBb data financial and private information on all clients.” Some of the clients include Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen, according to a list of the victims on the website.
It appears the data may relate to German offices of those companies. Several entities in the victim list have the “GmbH” title; the German term for a limited liability company. Two supermarkets popular in Germany, REWE and Kaufland, are also included.
“We have informed and warned all concerned clients,” Bartsch said.
“There was full transparency about the attack and theft as well as public release of the data with our clients from the very beginning. The support is unanimous,” he added.
Before Bartsch’s confirmation, Motherboard contacted multiple Citycomp clients on Monday, including British Telecom, Oracle, Airbus, Porsche, and Ericsson. None responded to a request for comment.
“We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”
The files are publicly available for download on the data site. Some victims only have one, two or three files listed, while others have hundreds.
The post said that the files would be released on April 31st, 2019 (there are only 30 days in April).
Increasingly, hackers have threatened to release or simply dump data belonging to a victim in order to pressure them into paying a ransom. Bartsch said the company has not given in to such a demand, though.
“We did not yield to the extortion demands and our analysts are conducting a profound technical and forensic analysis on the attack,” he wrote.
On the data website, the hackers included an email address to contact them. That email is also the contact address for at least one previous ransomware campaign. The hackers did not immediately respond to a request for comment.
Update: This piece has been updated to include that the attackers' email address is also linked to a ransomware campaign. It has also been updated to say that the files are now available for download.
==================================================================
Only allowing known devices on sensitive networks would help prevent instances like in the article above!! Wave has this protection, but it is not being used by a LOT of organizations and it should be!! The link and excerpts below simply explain Wave ERAS, and the enormous benefits of only allowing known devices on sensitive networks are obvious!!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Fintech giant Fiserv sued by Pa. credit union for 'baffling security lapses'
https://www.cyberscoop.com/fiserv-lawsuit-bessemer-federal-credit-union/?utm_campaign=CyberScoop%20-%20Editorial&utm_content=90336560&utm_medium=social&utm_source=twitter&hss_channel=tw-720664083767435264
A Pennsylvania credit union has sued fintech giant Fiserv for allegedly failing to address persistent vulnerabilities in the platform that powers its banking websites and online applications.
In a lawsuit filed Friday, Bessemer System Federal Credit Union said that the web platform maintained by Fiserv, is “plagued with security vulnerabilities that affect the privacy of thousands of Bessemer’s members.”
Those vulnerabilities were “based on baffling and amateurish security lapses,” the document alleges.
The complaint describes Wisconsin-based Fiserv’s technology as the “lifeblood of Bessemer” in that it is used to run the website, generate statements and track deposits.
But now, the credit union says it’s ditching Fiserv, a Fortune 500 company that says it has some 12,000 clients in over 80 countries.
“To protect the credit union’s members, the credit union is replacing its core processing vendor and will be taking appropriate legal action against the vendor,” said Charles Nerko, a lawyer representing Bessemer System FCU. Reached by phone, Nerko declined to comment further.
The credit union is claiming it is owed relief from alleged damages caused by Fiserv on a number of grounds – including alleged negligence, unfair trade practices, and breach of contract.
The complaint, which was filed in a Mercer County, Pennsylvania court, also accused Fiserv of threatening “civil and criminal prosecution if Bessemer discussed Fiserv’s security problems with third parties.”
Fiserv spokeswoman Anna Cave said the company does not comment “outside of the legal process on pending legal matters.”
Fiserv earned $5.8 billion in revenue in 2018, according to SEC filings. It is one of three companies whose technology accounts for much of the digital infrastructure used by small banks, according to a recent Wall Street Journal article. Some small banks have started to chafe at their reliance on the services provided by those “core vendors,” The Journal reported.
By contrast, Bessemer System FCU is a local outfit, based in the northwestern Pennsylvanian town of Greenville and founded nearly 80 years ago by employees of the Bessemer and Lake Erie Railroad, according to its website. According to data from the National Credit Union Administration, Bessemer has 4,311 members that account for nearly $38 million in assets.
This is not the first time that public attention has been brought to security issues in the Fiserv platform. Last August, independent security journalist Brian Krebs reported that the company had just plugged a “glaring weakness” in its platform that had exposed personal and financial data on customers across hundreds of bank websites.
=================================================================
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=143230462
=================================================================
Please see the link above for a post on Fiserv back on August 28, 2018. If Fiserv gave Wave VSC 2.0 and Wave Knowd (currently in retirement) a look, they could find these two hidden gems very helpful in providing excellent security for their business and services!! These two solutions could protect Fiserv, the banks and their customers!!!
How to manage your users' Windows passwords with Group Policy
https://www.techrepublic.com/article/how-to-manage-user-passwords-with-group-policy/
You can enforce various policies to make sure your users meet certain requirements with their Windows passwords. Learn about some of the password-related settings in Group Policy.
Passwords are always a frustrating catch-22 for any organization. Users would prefer to use simple Windows passwords that are easy to remember and type, but you want those passwords to be strong and complex as a way to protect your users and business. If you use Group Policy at your company, you can at least set certain password policies to ensure a minimum level of security. Here's how. (The following policies can be applied to Windows 7, 8.1, and 10 clients.)
Please see above link for full article that helps reveal why Wave VSC 2.0 is easier and more secure than Group Policy.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
This is one of the many advantages of using Wave VSC 2.0, and why it should be the 2FA of choice for many organizations!!!
Over 500% Increase in Ransomware Attacks Against Businesses
https://www.bleepingcomputer.com/news/security/over-500-percent-increase-in-ransomware-attacks-against-businesses/
==================================================================
https://www.prnewswire.com/news-releases/drive-trust-alliance-announces-free-fix-for-lurking-ransomware-threats-300569969.html
Excerpts:
There are many millions of computer hard drives, from every hard drive maker, that are especially open to devastating ransomware attacks. These drives are known as a TCG Self-Encrypting Drives (SEDs). If they are not properly initialized, there can be trouble with ransomware attacks. If these are properly initialized, there is little or no danger of these ransomware attacks.
For over a decade these SED drives have been in distribution. All too often, software does not properly initialize the drives to prevent ransomware attacks. The hacker can then instantly employ the strong hardware drive encryption to encrypt the data on it.
=================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
==================================================================
Contrary to articles a few weeks ago, ransomware is an increasing liability and found across more and more organizations as referenced in the article above. Wave SED management can deliver remote drive initialization, and if this is done there is 'little to no danger of these ransomware attacks.' The crypto-erase feature is another great feature of Wave SED management and is included in the previous post (#245700)!!! These are two great selling points for Wave SED management!!!
Buying a second-hand hard drive on eBay? You've got a 'one in two' chance of finding personal info still on it
https://www.theregister.co.uk/2019/04/25/ebay_data_drives/
Troves of deleted data lingers on disks... according to this 'ere study, anyway
You would think that, with computers dominating every aspect of our lives, people would be aware that storage devices can retain information even after clicking "Empty Recycle Bin".
Not so, according to research by Finnish data removal specialist Blancco. The company purchased 159 random used drives on eBay in the US and Europe, and found that 42 per cent (or 67 devices) enabled anyone with basic IT literacy to access the data stored by their previous owners. A whopping 15 per cent contained personally identifiable information that could be used by cyber criminals.
Even more shocking are the contents of some of the drives. One, evidently belonging to a software developer with a high level of government security clearance (who really should have known better), contained scanned images of family passports and birth certificates, CVs and financial records. Another had 5GB of archived internal office email from a major travel company.
There was a drive that stored 3GB of records from a freight company, along with documents detailing schedules and truck registrations, and a drive from a school, filled with photos and documents mentioning pupils' names and grades.
Here's the interesting bit: Blancco claims that each seller it interacted with as part of the process stated that the proper data sanitization methods had been performed. Reminder: Blancco flogs data-removal tech so please grab the necessary handfuls of salt required with these findings.
"Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," said Fredrik Forslund, cloud and data erasure veep at Blancco.
"By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members. It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed."
Awareness of data wiping techniques is growing, but slowly. Blancco conducted a similar experiment in 2016, when it purchased 200 used drives and was able to extract data from 67 per cent.
Deleting a file typically only removes references to the object from the filing system, so that the file or directory appears to disappear from view, but the actual information still remains on the disk to be overwritten later. Your mileage may vary, depending on your operating system and filing system.
The only reliable method of exorcising ghosts of information on a working drive is to overwrite it with new data, or a random mix of ones and zeroes. Or use an encrypted file system or drive and then throwaway or randomize the key.
If that sounds too complicated, nothing makes sure data is truly gone like taking a good old-fashioned angle grinder or industrial shredder to your storage device. Oh, there's also degaussing for hard drives and tape, if you own a device that can generate a strong magnetic field. Or melting it down.
If you're looking for an exotic solution for your supervillain lair, Chinese storage company MemxPro will sell you SSDs with a physical self-destruct button. ®
=================================================================
This article shows the enormous value of the crypto-erase feature in Wave SED management when selling an old SED hard drive or retiring it altogether. Its a great reason for organizations to use SEDs over regular hard drives!!
=================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Excerpts:
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Devious Chase Bank Phishing Scam Asks for Selfies
https://www.bleepingcomputer.com/news/security/devious-chase-bank-phishing-scam-asks-for-selfies/
==================================================================
There are more than 46 million people using Windows Hello (2FA) and many use facial recognition. After reading this article and the article below, a PIN and the TPM (used for 2FA in Wave VSC 2.0) seems like a better way for authentication!!
==================================================================
Facial Recognition ‘Consent’ Doesn’t Exist, Threatpost Poll Finds
https://threatpost.com/facial-recognition-consent-doesnt-exist-threatpost-poll-finds/144126/
Half of Threatpost readers surveyed in a recent poll don’t believe that consent realistically exists when it comes to facial recognition.
Half of respondents in a recent Threatpost poll said that they don’t believe consent realistically exists when it comes to real-life facial recognition.
The recent poll of 170 readers comes as facial recognition applications continue to pop up in the real world – from airports to police forces. While biometrics certainly has advantages – such as making identification more efficient – gaining consent from people whose biometrics are being taken remains a mystery to some, with 53 percent of respondents saying they don’t believe that consent exists or is possible in real-life facial recognition applications .
In the poll, 32 percent more respondents said that consent will be the act of giving people notification that an area is using facial recognition; and only 10 percent said consent is the ability to opt out of facial recognition applications.
The issue of biometrics consent came to the forefront again in December when the Department of Homeland Security unveiled a facial-recognition pilot program for monitoring public areas surrounding the White House. When asked about consent, the department said that the public cannot opt-out of the pilot, except by avoiding the areas that will be filmed as part of the program.
“A very weak form of protection is if the government or a business [that uses biometrics for] surveillance, they notify people,” Adam Schwartz, senior staff attorney with the Electronic Frontier Foundation’s civil liberties team, told Threatpost. “We think this is not consent – real consent is where they don’t aim a camera at you.”
Beyond consent, more than half of poll respondents said that they have negative feelings toward facial recognition due to issues related to privacy and security – while 30 percent more said they have “mixed” feelings, understanding both the benefits and privacy concerns.
When asked what concerns them the most about real-world facial applications, 55 percent of those surveyed pointed to privacy and surveillance issues, while 29 percent said the security of biometrics information and how the data is shared.
Despite these concerns, biometrics continues to gain traction, with the EU last week approving a massive biometrics database for both EU and non-EU citizens. The EU’s approval of the database, called the “Common Identity Repository,” will aim to connect the systems used by border control, migration and law-enforcement agencies.
As biometrics continue to increase, meanwhile, up to 85 percent of respondents said that they think that facial recognition should be regulated in the future.
Such laws exist or are being discussed as it relates to consent: An Illinois law for instance regulates collection of biometric information (including for facial recognition) without consent.
However, that law only applies to businesses and not law enforcement. Meanwhile, a new bill introduced in the Senate in March, the “Commercial Facial Recognition Privacy Act,” would bar businesses that are using facial recognition from harvesting and sharing user data without consent.
“The time to regulate and restrict the use of facial recognition technology is now, before it becomes embedded in our everyday lives,” said Jason Kelly, digital strategist with EFF, in a recent post. “Government agencies and airlines have ignored years of warnings from privacy groups and Senators that using face recognition technology on travelers would massively violate their privacy. Now, the passengers are in revolt as well, and they’re demanding answers.”
=================================================================
Facebook has many users consent to privacy matters that they may misconstrue or not be aware of leaving their privacy in question!! What is to stop Microsoft from having the user being ok with harvesting and sharing facial data 'really' unbeknownst to him/her?! Wave VSC 2.0 is better security.
Invisible Malware Is Here and Your Security Software Can't Catch It
https://www.pcmag.com/article/367947/invisible-malware-is-here-and-your-security-software-cant-c
Sophisticated attackers are now using "invisible malware," a new form of attack that your firewalls can't stop and your anti-malware software can't find nor remove. Here are steps you can take right now to protect your servers and network.
"Invisible malware," a new breed of malware, is on the march and, if it strikes your servers, there may not be much you can do about it. In fact, you may not even be able to tell that it's there. In some cases, invisible malware lives only in memory, meaning there's no file on your disks for your endpoint protection software to find. In other cases, invisible malware may live in your Basic Input/Output System (BIOS) where it can use one of a few tactics to attack you. In some cases, it may even appear as a firmware update where it replaces your existing firmware with a version that's infected and nearly impossible to find or remove.
"With the advancement in anti-malware and Endpoint Detection and Response (EDR) software making it easier to catch zero-day malware, the malware writers are moving lower on the stack," said Alissa Knight, a senior analyst with Aite Group's cybersecurity practice. She specializes in hardware-based threats. Knight said this new type of malware is being developed that can evade detection by legacy software.
EDR software, which is more advanced than legacy AV packages, is much more effective at catching attacks, and this software uses a variety of methods to determine when an attacker is at work. "The development of EDR [software] makes the black hat respond, and create kernel root kits and firmware root kits, [storing] it in hardware where it can write to the master boot record," Knight said.
It's also led to the creation of virtual root kits, which will boot before the operating system (OS), creating a virtual machine (VM) for the malware so that it can't be detected by software running on the OS. "That makes it almost impossible to catch," she said.
Blue Pill Malware and More
Fortunately, installing a virtual root kit onto a server is still difficult—to the extent that the attackers who are trying it generally work as state-sponsored attackers. In addition, at least some of the activities can be detected and a few can be stopped. Knight says that "fileless malware," which operates only in memory, can be defeated by forcibly powering off the computer on which it's running.
But Knight also said that such malware may be accompanied by what's called "Blue Pill malware," which is a form of virtual root kit that loads itself into a VM and then loads the OS into a VM. This lets it fake a shutdown and restart while letting the malware keep running. This is why you can't just use the shutdown choice in Microsoft Windows 10($139.99 at Microsoft); only pulling the plug will work.
Fortunately, other types of hardware attacks can sometimes be detected while they're in progress. Knight said that one company, SentinelOne, has created an EDR package that's more effective than most, and can sometimes detect when malware is attacking the BIOS or firmware on a machine.
Chris Bates is Global Director of Product Architecture at SentinelOne. He said the product's agents operate autonomously and can combine information with other endpoints when needed. "Every SentinelOne agent is building context," Bates said. He said the context and the events that happen while the context is being built create stories that can be used to detect the operations of malware.
Bates said that each endpoint can take remediation on its own by eliminating the malware or placing it into quarantine. But Bates also said that his EDR package can't catch everything, especially when it happens outside of the OS. A USB thumb drive that rewrites the BIOS before the computer boots is one example.
Next Level of Preparing
This is where the next level of preparation comes in, Knight explained. She pointed to a joint project between Intel and Lockheed Martin that created a hardened series of Intel Xeon processors called the "Intel Select Solution for Hardened Security." The new Intel processors are designed to prevent malware infections by isolating critical resources and protecting those resources.
Meanwhile, Intel has also announced another series of hardware preventative measures called "Hardware Shield," which locks down the BIOS. "This is a technology where, if there's some sort of injection of malicious code, then the BIOS can respond," explained Stephanie Hallford, Vice President and General Manager of Business Client Platforms at Intel. "Some versions will have the ability to communicate between the OS and BIOS. The OS can also respond and protect against the attack."
Unfortunately, there's not much you can do to protect existing machines. "You need to replace critical servers," Knight said, adding that you will also need to determine what your critical data is and where it's running.
"Intel and AMD are going to need to get on the ball and democratize this," Knight said. "As malware writers get better, hardware vendors will need to catch up and make it affordable."
Problem Is Only Worsening
Unfortunately, Knight said that the problem is only going to get worse. "Crime kits and malware kits are going to get easier," she said.
Knight added that the only way for most companies to avoid the problem is to move their critical data and processes to the cloud, if only because cloud service providers can better protect against this kind of hardware attack. "It's time to transfer the risk," she said.
And Knight warned that, at the speed things are moving, there's little time to protect your critical data. "This is going to get turned into a worm," she predicted. "It will become some sort of self-propagating worm." It's the future of cyberwarfare, Knight said. It won't stay the purview of state-sponsored actors forever.
Steps to Take
So, with the future this bleak, what can you do now? Here are some initial steps you should take right away:
•If you don't already have effective EDR software, such as SentinelOne, then get one now.
•Identify your critical data, and work to protect it by encryption while you're upgrading the servers that data is on to machines protected against hardware vulnerabilities and the exploits that take advantage of them.
•Where your critical data must remain in-house, replace the servers that contain that data to platforms that use the hardware technology, such as Hardware Shield or the Intel Select Solution for Hardened Security.
•Wherever possible, move your critical data to cloud providers with protected processors.
•Keep training your staff in good security hygiene so that they're not the ones that plug an infected thumb drive into one of your servers.
•Make sure your physical security is strong enough to protect the servers and the rest of the endpoints in your network. If all of this makes it seem to you that security is an arms race, then you'd be correct.
=================================================================
After reading this article, it appears that Wave was ahead of its time in being able to protect against invisible malware! Wave Endpoint Monitor should be a very sought after technology along with Wave's other products/solutions!!
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Be proactive on compliance
No new regulations here—yet. But government agencies recognize malware as a growing threat. In 2011, NIST published guidelines for basic input/output system (BIOS) integrity measurement, the BIOS being what initializes a computer when it boots up. When this critical system is malware’s target, the consequences are big. The guidelines describe what’s needed to establish a chain of trust for the BIOS: Has it been tampered with? NIST actually looked to Wave for feedback on this document (see the acknowledgments). We know what’s needed, because Wave Endpoint Monitor is already doing it.
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
=================================================================
https://www.wavesys.com/malware-protection
Excerpt:
And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Windows 10: Bank says no plans to roll out Windows Hello after pilot project
https://www.zdnet.com/article/windows-10-bank-says-no-plans-to-roll-out-windows-hello-after-pilot-project/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content&utm_content=5cc0b9660cef930001bd46ed&utm_medium=trueAnthem&utm_source=twitter
Banking group tested out biometric authentication using Windows 10 last year.
Lloyds Banking Group has said it has no current plans to roll out the Windows Hello security feature as part of its banking service following a trial of the Windows 10 biometric security feature last year.
Back in 2017, the UK banking group said it was going to test the biometric authentication service, which allows users to log into their Windows 10 devices using a fingerprint or facial recognition.
Lloyds ran the pilot to test out the Windows Hello functionality with Windows 10 users accessing their bank accounts online, giving users the option to log in to their accounts using their face or fingerprint instead of typing in their passwords.
The idea is that using biometrics is faster – users should be recognised in less than two seconds – and more secure than a password that could be forgotten or guessed. The biometric data is stored locally on the device.
At the time, Lloyds said it was the first banking group in the UK to work with Microsoft and planned to test the biometric authentication system with customers logging into their Lloyds Bank, Halifax and Bank of Scotland internet-banking sites.
The bank said it completed the trial in the spring and summer of last year. When it initially announced the trial, the bank said the results would be be analysed "before a full launch is considered," and now the bank has said that no rollout is planned.
In a statement the bank told ZDNet: "We regularly trial new software including Windows Hello. There are no current plans to roll this software out following the trial."
Biometrics are increasingly used in banking; telephone banking services have used voiceprints to identify customers for some time and banks are now adding fingerprint technology to payment cards too.
=================================================================
Wave VSC 2.0 and Wave Knowd (currently in retirement) are two great solutions that could help Lloyds and other organizations!!! Wave's two authentication solutions have been tested by well renowned companies! Windows Hello and Wave VSC 2.0 are a feature and solution in the 2FA market. Wave VSC 2.0 works with Windows 7, 8, 8.1 and 10 so Lloyds not using Windows Hello after pilots should open the market up to Wave VSC 2.0 and Wave Knowd (if not in retirement)!! Wave Knowd did some testing under the auspices of NSTIC and Wave VSC 2.0 landed a 5 year master license agreement with a leading global financial services company after successful testing with them. It seems that if Windows Hello didn't work in this instance there could be more reasons that Wave VSC 2.0 would be a better solution for organizations! Wave VSC 2.0 could have positive applications for Lloyds directly in their business that could be missing with Windows Hello. Wave Knowd could provide the bank and its customers with a great authentication solution!! Please see titles and links below.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
Healthcare has a massive cybersecurity problem, and we’re not doing enough to fix it.
https://thenextweb.com/podium/2019/04/23/healthcare-has-a-massive-cybersecurity-problem-and-were-not-doing-enough-to-fix-it/
In areas like healthcare where privacy is a top priority, cybersecurity shortfalls are widespread and we're not doing enough to fill the gaps.
Not long ago, it was reasonable to think that financial businesses would be the most prominent and most profitable targets of criminal activity. After all, a successful bank robbery could score you tens of thousands of dollars (or more). But these days, it’s another industry facing the brunt of criminal attacks, and it’s one with much more bearing on us as consumers: healthcare.
Ransomware attacks grew three times over last year, with healthcare organizations being the most common sources of attack. These incidents range from low-key and barely noticeable to large-scale hacks that have taken down hospitals for weeks at a time. The WannaCry cyberattack, in particular, was responsible for infecting more than 300,000 computers and devices. It’s no secret that healthcare institutions are glaringly vulnerable to these types of attacks, but the bigger problem is that even with this knowledge, we’re not doing enough to fix the situation.
The value of healthcare data
Part of the cybersecurity problem has less to do with the security flaws present in healthcare systems and more to do with the enormous value of healthcare data. Hospitals and healthcare organizations are tasked with gathering tons of personal details on their patients, including their social security numbers, medications they’re taking, and credit card information. A single patient’s record could be worth up to $1,000, and a large-scale hack could net hundreds, or even thousands of records. Naturally, this makes healthcare organizations a target.
The vulnerability of patients
It’s not just the monetary value of records or the logistical annoyances of recovering from a breach that we need to worry about. In the fields of medicine and healthcare, people’s lives could be at stake. For example, researchers in Israel have demonstrated how easy it is to falsify the presence of a tumor on a volumetric medical scan. Someone with enough gumption to follow through on this kind of attack could manipulate someone to receive treatments that aren’t appropriate for them, resulting in terrible complications.
Even if the quality of care patients are receiving isn’t directly affected, there’s evidence to suggest that 30-day mortality rates rise significantly after a hospital data breach. As hospitals are stretched thin with resources and staff members are more stressed than usual, the quality of care naturally goes down. This makes a cyberattack on a hospital much more inherently dangerous than, say, one on a financial institution.
The rising complexity of healthcare systems
Hospitals are also especially vulnerable because their tech systems are becoming increasingly complicated, and in more ways than one. For starters, medical technology is increasingly relying on an interconnected network of devices. In hospitals, this means nurses and doctors rely on tablets and mobile devices in addition to computers and monitoring equipment. In patients, this means sensors, monitoring equipment, and sometimes even prosthetics that collect information or provide treatments. All it takes is one vulnerability in one device to compromise the integrity of the entire network—and one exploit from 2017 proves that implanted devices like pacemakers are hackable.
This complexity isn’t limited to the security or integrity of devices, either. As our healthcare systems increasingly rely on digital interfaces for patients and personal medical devices, much of the security burden is placed on patients. Patients are the ones responsible for creating, maintaining, and protecting their passwords and login credentials, and may use their medical devices on unsecured home networks. Again, all it takes is one lapse in security from a patient, a doctor, a nurse, or another staff member to cause serious harm.
Misplaced attention on tech upgrades
Hospitals are always eager to get their hands on the latest medical technology, and for good reason. The cost of a state-of-the-art MRI machine is something close to $3 million, and hospitals are willing to pay it if it means better health outcomes for their patients (or, more imminently, a competitive advantage over other hospitals in the area). Meanwhile, as late as 2016, 90 percent of UK hospitals were running Windows XP as their operating system—which, even then, was practically an antique.
Healthcare tech staff disproportionately focus on bigger, better, more functional upgrades, but ignore updates to existing devices and programs. Therein lies the security problem; new devices work well and provide great value, but they don’t make up for the structural weaknesses of older tech on the same network.
The lack of understanding
Much blame can be placed on a lack of understanding in hospitals and other healthcare organizations. Many hospitals don’t have an IT department or a cybersecurity division, and their major decision makers are more focused on improving health outcomes than thinking about security. Even if there is a high-level initiative to review and improve a network, ground-level employees like nurses and physicians may not have the necessary training to conduct best practices for cybersecurity.
Part of this is simply a guidance issue; organizations like the FDA haven’t adequately prepared for the growing complexities of medical technology. Another is an interest issue; healthcare experts got into healthcare because they care about treating and improving people’s lives, not because they like working with computers. Few medical programs spend significant time educating future medical leaders on principles of tech security.
The lack of funding
Protecting against cyberthreats is expensive, especially when dealing with national- or international-scale healthcare organizations, making some leaders reluctant to invest in it. Higher tech security standards would translate to higher prices for patients (which are already egregious), and possibly more internal restrictions on the acquisition of new technologies. However, the alternative is much more expensive; the WannaCry attack cost more than $100 million to clean up when it happened. Not wanting to pay the money to beef up security and put some standards in place is no excuse to not make the initiative.
The bottom line
The problem in healthcare cybersecurity is enormous and complex, and it’s only getting worse. Many hospitals and security organizations are stepping up their efforts to improve security, but they simply aren’t doing enough. There isn’t a quick fix, but it’s obvious we need to start taking action in several areas, including better cybersecurity education for healthcare practitioners, more strategic tech replacement standards, better direction from regulatory agencies, and of course, more funding for IT maintenance.
==================================================================
The computers that have been replaced in the health care system within the last 2 or 3 years typically have SEDs standard and should be managed by a company like Wave which can manage both TPMs and SEDs. Windows XP computers are still abundant in UK hospitals and don't have the versatile security chip in the TPM. Replacing these Windows XP computers with Windows 10 computers with SEDs standard and managed by Wave could help fully secure the healthcare system. With sensitive data around the hospital, initializing and managing the SED could prevent some serious problems. The SED has some advantages over Bitlocker as well, and one is helping to stop ransomware which hospitals typically have been targeted for.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/
More Dangerous Phishing
Office 365 Custom Rules to Block Azure Blob Storage Phishing Attacks
https://www.bleepingcomputer.com/news/security/office-365-custom-rules-to-block-azure-blob-storage-phishing-attacks/
==================================================================
The hacker deploying this dangerous phishing (if unblocked) needs to obtain the second factor authentication (TPM - computer) in order to have these phished credentials work for him/her!! This is one of the reasons why Wave VSC 2.0 is such a great product/solution! Phishing that continues to get more dangerous and creative (for example - this article) has a really difficult time against Wave VSC 2.0! Please see links below for more information on the great Wave VSC 2.0!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
Low TCO
• Reduce operating expenses by eliminating password reset and shortening deployment times
• Minimize capital expenses by using hardware you already have
• Integrate with Microsoft Active Directory for IT familiarity
Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems – manage mixed environments from one console
• Create custom management policies to suit your organization’s needs
• User and device authentication from a common console
Seamless Device Authentication
• Access control over wireless (i.e. 802.1x)
• Single sign-on
• VPN authentication (i.e. Microsoft DirectAccess)
Computer Attack Knocks Weather Channel Off the Air
https://www.wsj.com/articles/weather-channel-knocked-off-air-for-over-an-hour-11555611840
FBI investigating ransomware incident at cable channel
==================================================================
Weather Channel Knocked Off-Air in Dangerous Precedent
https://threatpost.com/weather-channel-off-air-hack/143936/
The incident was the work of malicious cyberattackers.
On Thursday, The Weather Channel – a trusted cable network source of meteorological data across the U.S. – was knocked off the air by what it said was a “malicious software attack” on its network.
The Weather Channel hack – not to be confused with the Weather Channel’s own hacks – affected its live broadcast for about 90 minutes between 6 and 7:30 a.m., during which canned content was aired. The network resumed broadcasting from backup locations at that point.
The network quickly confirmed that the problem was an attack, not technical difficulties: “We experienced issues with today’s live broadcast following a malicious software attack on the network,” The Weather Channel posted on its Twitter feed. “We were able to restore live programming quickly through backup mechanisms.”
The general reaction from the populace has been largely, “who would hack the Weather Channel?” But the incident demonstrates that media companies are just as vulnerable to attackers as any other segment that has embraced modern technology. Increasingly, television content is delivered via IP video distribution networks and cloud-based media processing.
“Broadcasting has undergone a significant transformation in moving to information technology and internet protocol (IP)-based networks to distribute content,” said Mark Orlando, CTO of cyber-protection solutions at Raytheon Intelligence, Information and Services, in an emailed statement. “This means that its threat model has also changed – broadcast networks are now susceptible to many of the same threats that other IT-enabled enterprises routinely face, such as ransomware and other malicious code.”
While pirate broadcast signal intrusions at local TV stations, like the infamous Max Headroom incident in Chicago in 1987, are not unheard-of (the interruption of over-the-air signals is not a difficult undertaking, all things considered), the ante is upped when it comes to attacks of national cable channels.
Clearly, hacks like these have the potential to disrupt more than someone’s morning weather forecast. Retaliatory attacks against news organizations, protests and censorship efforts against certain content types, the hijacking of feeds to push out one’s own messages and even extortion efforts (every advertising block that goes unseen translates to potentially tens of thousands of dollars in revenue) are all potential motivations.
“Incidents like these demonstrate the reputational risk and potential public-safety issues introduced by cyber-attacks in the broadcasting sector, and we can draw some parallels to critical infrastructure protection in that the defensive strategy must evolve along with modernization efforts,” Orlando added.
Fortunately, incidents like these are also rare. The only other public example is a 2015 attack on French TV network TV5Monde, when it was taken off air and it networks severely damaged. A group calling itself the Cyber Caliphate, linked to so-called Islamic State, first claimed responsibility, but further investigation showed that the likely culprit was Russia’s APT28 (a.k.a. Fancy Bear, Sednit or PawnStorm). The attack ended up being the result of an infestation of highly targeted malware, carried out for political reasons.
Further details are scant (the Feds are investigating, according to the network), but some researchers are wondering if ransomware was to blame.
“At this time the details of the cyberattack have been limited though it appears to have impacted the company’s ability to broadcast live weather though backup systems enabled the company to restore some production systems,” said Joseph Carson, chief security scientist at Thycotic, via email. “It will be interesting to see if this attack is related to the most recent string of malicious malware impacting other global organizations such as the LockerGoga ransomware that impacted Norsk Hydro several weeks ago, causing more than over $40 million in damages so far. And still several systems are under manual control, a week following the incident.”
=================================================================
Could the potential implications get much scarier than 'The Weather Channel's' malicious software attack?? Organizations that are in critical industries could be well served by Wave's solutions/products (better security)!!! Some may have missed the Wave Alternative when reading the Wave website so I've posted it below. This and the website are highly recommended reading for those searching for better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
'Sea Turtle' Campaign Focuses on DNS Hijacking to Compromise Targets
https://www.bleepingcomputer.com/news/security/sea-turtle-campaign-focuses-on-dns-hijacking-to-compromise-targets/
For at least two years, a highly capable threat actor has been running a campaign that relied on DNS hijacking to reach their targets. In the operation, at least 40 public and private organizations in 13 countries have been compromised.
The domain name system (DNS) is the service that allows us to access websites by typing domain names instead of IP addresses in a browser's address bar. It translates the names into the numerical destination of the server hosting the web page we want to load.
Access to DNS records enables an attacker to replace the addresses of a target's name servers so that they point to their own infrastructure. Once in control of the name servers responsible for handling requests for IP addresses associated with web domains, the threat actor can direct victims to content on malicious servers.
Two types of victims
Dubbed Sea Turtle, the operation made victims located primarily in the Middle East and North Africa. The main targets are ministries of foreign affairs, military organizations, intelligence agencies, energy companies. The purpose of compromising them is cyber-espionage.
To gain access to their sensitive networks, the threat actor behind Sea Turtle compromised third-party entities responsible for responding to DNS queries for a target's web asset at various levels in the domain name space.
These include telcos, internet service providers (ISPs), IT companies, domain registrars (including those that manage country code top-level domains - ccTLDs), and one DNS registry. These are secondary targets.
Spear-phishing and old vulnerabilities
Researchers at Cisco's Talos security division on Wednesday published a report on the Sea Turtle campaign, linking it to DNS hijacking incidents involving Netnod registry and disclosed at the beginning of the year.
In a statement at the time, NetNod says that they were not the target of the attacks but a route for the attacker to "capture of login details for Internet services in countries outside of Sweden" by changing DNS records.
The attack vectors used in the Sea Turtle campaign was spear-phishing (at least in one instance) and multiple known vulnerabilities, one of them as old as 2009. The following is a likely incomplete list of security flaws used to gain initial access or to move laterally on a compromised network:
After changing the DNS records, Sea Turtle operators set up a man-in-the-middle (MitM) framework that impersonated legitimate services used by the victim with the purpose of stealing login credentials.
To evade detection, the actors performed "certificate impersonation," a technique in which the attacker obtained a certificate authority-signed X.509 certificate from another provider for the same domain imitating the one already used by the targeted organization. For example, if a DigiCert certificate protected a website, the threat actors would obtain a certificate for the same domain but from another provider, such as Let's Encrypt or Comodo. This tactic would make detecting the MitM attack more difficult, as a user's web browser would still display the expected "SSL padlock" in the URL bar.
Sea Turtle operators are very likely state-sponsored and despite the sophisticate approach to compromise targets, there are ways to make their work more difficult. Netnod proposes the following defense measures:
•Use DNSSEC (both signing zones and validating responses)
•Use registration features like Registry Lock and the like that can protect domain names from being changed
•Use classic access control lists for applications, Internet traffic and their monitoring
•Use 2-factor authentication, and require it to be used by all relevant users and subcontractors
•In cases where passwords are used, use unique passwords and password managers
•Review accounts with registrars and other providers
•Monitor certificates by monitoring, for example, Certificate Transparency Log
=================================================================
This article serves as another great reason for organizations to use Wave VSC 2.0 across their computer fleets!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
Army researchers identify new way to improve cybersecurity
https://phys.org/news/2019-04-army-cybersecurity.html
With cybersecurity one of the nation's top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it. Researchers at the U.S. Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.
Many cybersecurity systems use distributed network intrusion detection that allows a small number of highly trained analysts to monitor several networks at the same time, reducing cost through economies of scale and more efficiently leveraging limited cybersecurity expertise; however, this approach requires data be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers said.
Because of this, most distributed network intrusion detection systems only send alerts or summaries of activities back to the security analyst. With only summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.
In research presented at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics March 12-15, 2019, scientists wanted to identify how to compress network traffic as much as possible without losing the ability to detect and investigate malicious activity.
Working on the theory that malicious network activity would manifest its maliciousness early, the researchers developed a tool that would stop transmitting traffic after a given number of messages had be transmitted. The resulting compressed network traffic was analyzed and compared to the analysis performed on the original network traffic.
As suspected, researchers found cyber attacks often do manifest maliciousness early in the transmission process. When the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.
"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," said Sidney Smith, an ARL researcher and the study's lead author. "Ultimately, this strategy could be used to increase the reliability and security of Army networks."
For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.
"The future of intrusion detection is in machine learning and other artificial intelligence techniques," Smith said. "However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research technique will allow the data most likely to be malicious to be gathered for further analysis."
==================================================================
It's surprising that the Army is not taking advantage of what 'The Wave Alternative' offers!!! See the link and summary below for what should be a better cybersecurity future for the Army and many organizations!! The wavesys.com link is included for insights on Wave's tremendous products/solutions!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
HP’s Latest Laptops Use AI to Detect New Types of Malware
https://www.tomshardware.com/news/hp-sure-sense-malware-security-elitebook-zbook,39078.html
HP today announced five additions to its commercial laptop line, all equipped with a security solution called Sure Sense. HP’s new endpoint security offering uses artificial intelligence (AI) to detect malware, including previously unknown variants.
Sure Sense comes as malware continues to be a growing threat to businesses, with 350,000 new types discovered daily, according to 2017 research by G Data Security which HP cited in its announcement. HP Sure Sense is supposed to fight this by using deep learning to offer real-time prevention and detection of zero-day threats and ransomware-related activity.
How does deep learning AI fight malware?
HP claimed that its deep learning solution is more secure than using legacy antivirus or machine learning without a deep learning implementation. Signature-based antivirus software checks new files for known forms of malware. However, this method is time-intensive and requires frequent updates. And it can’t detect new forms of malware.
Machine learning, a type of AI, can identify common malware characteristics. It can therefore identify some new types of malware but still requires frequent updates and time-consuming feature engineering.
By adding deep learning however, Sure Sense AI uses multi-level neural networks that have been trained around hundreds of millions of malware samples in the form of raw data, so that it can spot malware, including types of attacks that haven’t been discovered yet. If it finds something that’s likely to be malware while scanning files, Sure Sense quarantines it.
According to HP, Sure Sense works in milliseconds, requires few updates and has “minimal” impact on performance.
HP is loading Sure Sense into five upcoming PCs: the EliteBook 830 G6, EliteBook 840 G6 and EliteBook x360 G6 and two workstations, the ZBook 14u and ZBook 15u.
==================================================================
I believe Lenovo had Wave Endpoint Monitor built into some of its laptops. Wave Endpoint Monitor should be a solution, based on the others in the marketplace, that is used by A LOT of companies!! Can HP's Sure Sense very effectively detect that unknown malware with 'multi-level neural networks' based on hundreds of millions of malware samples? A whitelisting approach in Wave Endpoint Monitor seems more straightforward and effective at spotting that sneaky malware.
==================================================================
https://www.wavesys.com/malware-protection
Excerpts:
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring
No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead
Windows 8 Tablet Compatibility
• Get the same device integrity assurance on Windows 8 Pro & Enterprise tablets that you want for your enterprise PCs - with Wave Mobility Pro - Tablet Edition
Employee cybersecurity essentials part 2: Lost devices and unsafe connections
https://www.helpnetsecurity.com/2019/04/16/employee-cybersecurity-essentials-part-2-lost-devices-and-unsafe-connections/
Excerpts:
Lost or stolen devices
Employees know that if they lose a smartphone or laptop, they’re supposed to notify IT right away. However, the embarrassment and often scolding tone used in training can make them reluctant to immediately report lost or stolen devices. If they lose a device on a Friday, they may decide to wait until Monday to see if the item turns up. When it doesn’t, then they’ll report it – however, those first 48 hours could give cyberattackers a significant time advantage in working to penetrate the company’s network and/or exfiltrate sensitive data.
When conducting security trainings, the curriculum should include detail and context for how reporting a lost or stolen device right away enables IT to lock it down before information can be stolen. Managers appreciate honesty – they would rather receive a false alarm than take the risk of having a device compromised. If the device is later found, it can always be reinstated. A lost device that has to be replaced is a small matter, but a lost device that results in a breach because it wasn’t reported in a timely manner results in severe consequences for both the employee and for the company.
==================================================================
The author appears to have limited or no knowledge of SEDs and Wave SED management and EX05. If the author and many leaders knew of these two products, they would have a better perspective on the true possible effects of a lost laptop!!! There wouldn't be a need for panic in the reporting of a lost laptop. The employee could forthrightly report the laptop missing knowing that these protections were in place. With EX05 the laptop could be tracked, and the SED is encrypted so the need to worry over its contents wouldn't be necessary.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Easy proof of compliance
Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. Wave provides secure audit logs to help you demonstrate compliance.
If you lose a device with a Wave-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.
No vendor lock-in
SED technology was created and standardized by a consortium of the best in the infosec industry, a standards body called the Trusted Computing Group (TCG). This means you can buy your drives wherever you want, from whatever vendor you want—any SED built to the TCG’s Opal specification can be managed by Wave.
No SEDs yet? No problem.
If your organization hasn’t yet deployed SEDs, you can skip the process of retro-fitting and simply incorporate SEDs on all new laptops as part of your regular refresh cycle. In the meantime, the same Wave console can manage BitLocker and SEDs, so you can protect the devices you have now with BitLocker and add those with SEDs as they are deployed. And if you’re using Wave’s cloud platform, you can also support OSX FileVault2.
Pick your platform
Wave SED management is available via the cloud or on-premise servers. Ask us for more details about which platform is right for your deployment.
Key Features:
Easy security compliance
• Active monitoring, logging and reporting of all user and device events
Data protection
• Local changes are prohibited
• Drive locking is supported in sleep or standby (S3) modes
• Manage clients inside or outside the firewall and on non-domain machines
Simplicity
• Everything is automatically encrypted—users don’t have to identify which data is sensitive
• Windows password synchronization and single sign-on
• Add or remove users remotely
• MMC snap-in is familiar and easy—less administrator training
• Role management allows delegation of tasks with customized or predefined roles.
No compromises
• Encryption is completely transparent to your users—they won’t even notice it's there
• Customizable pre-boot message at authentication screen
Microsoft Claimed a Security Breach Didn't Compromise Email Messages—It Did
https://gizmodo.com/microsoft-claimed-a-security-breach-didnt-compromise-em-1834056229
A series of security reports published over the weekend have raised serious concerns about Microsoft’s transparency in the wake of a recent data breach.
On Saturday, TechCrunch reported that hackers had gained access to the company’s email service after compromising a customer support account. Microsoft has confirmed that a people using MSN.com, Hotmail.com, and Outlook.com accounts were affected, though it’s unclear how many.
The company contacted at least some affected users and assured them that the “content of any e-mails or attachments” had not been accessed. Regardless, it asked them to change their passwords.
The breach, Microsoft said in an email to some customers, was limited to some metadata, including folder names and email account names, plus some limited content, e.g., the subject lines of emails. In a statement to TechCrunch, it also described the number of accounts affected as “a limited subset of consumer accounts.”
One email to customers read, in part: “Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.” (Note: Email subject lines are actually considered content, not metadata, in the eyes of the law.)
But when TechCrunch approached Microsoft about the breach, Mirosoft appears to have kept the worst part of the news to itself—that actual email messages were compromised in some cases. Motherboard followed up, thanks to a leak, describing the full scope of the incident:
“[T]he issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard.”
In response to Motherboard’s inquiries, Microsoft admitted that hackers had, in fact, gained access to the content of some customers’ emails. It also said customers whose emails had been compromised in this way had been notified—a sign that it was aware that the problem was bigger than it had let on when first questioned by TechCrunch.
It’s not a good look. While the company now claims that the content of only 6 percent of the accounts accessed by the hackers had email messages compromised—6 percent of what, you might ask; the company hasn’t said—it’s credibility is now in questions thanks to its failure to be upfront about the extent of the damage.
Microsoft had the opportunity on Saturday, when first approached by TechCrunch, to be completely transparent. But it wasn’t until someone leaked Motherboard information that Microsoft came clean and fessed up.
“Really, what did Microsoft think would happen,” Motherboard report Joseph Cox tweeted. “Only tell reporters about the metadata exposure, and then... just expect it to look okay when someone found out about the email content? Trying to keep parts of a breach under wraps is never a good look.”
The finer details of how the breach occurred in the first place remain for the most part unclear. Gizmodo has pressed Microsoft for additional details but did immediately hear back.
Since nearly every company is bound to experience a security breach of some kind at some point, how the company chooses to respond publicly, and whether it’s fully transparent with the victims, counts for a lot. It can mean the difference between consumers being complete outraged in the wake of a breach or grateful that a company took immediate and appropriate action.
Microsoft doesn’t have long to explain itself and we’ll update if they do.
==================================================================
This article provides a standout reason for the use of Wave VSC 2.0 (admin accounts that handle sensitive data)!!! Some regular accounts(users) through hacker capabilities can be upgraded to admin accounts so Wave VSC 2.0 is a great protection for regular accounts (users) and admin accounts across the entire organization!! Since Wave VSC 2.0 can be used with Windows 7, 8, 8.1 and 10, an organization's computers can be fully protected with excellent 2FA!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/
Microsoft reveals hackers accessed some Outlook.com accounts for months
https://www.theverge.com/2019/4/13/18309192/microsoft-outlook-email-account-hack-breach-security
Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this year. The software giant discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.
It’s not clear how many users have been affected by the breach, or who was involved in obtaining access to Outlook.com email accounts. “Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” says Microsoft in an email to affected users.
The hackers weren’t able to steal login details, or other personal information, but out of caution Microsoft is recommending that affected users reset their passwords. “Microsoft regrets any inconvenience caused by this issue,” says the security notification. “Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.”
This security incident comes weeks after a former security researcher pled guilty to hacking into Microsoft and Nintendo servers. Microsoft’s Windows development servers were breached for a number of weeks in January, 2017, allowing hackers across Europe to access pre-release versions of Windows.
Microsoft confirmed the breach in a statement to The Verge, but the company isn’t revealing exactly how many accounts were affected. “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” says a Microsoft spokesperson.
Update, April 13th 12:05PM ET: Article updated with Microsoft statement.
- see link for Microsoft's statement...
=================================================================
Wave VSC 2.0 and an activated TPM is needed in so many critical areas. Events like this wouldn't have happened with Wave VSC 2.0! Not quite sure why Microsoft didn't have Windows Hello enabled on that support agent's computer (maybe it was a Windows 7 machine which Wave VSC 2.0 can run on; along with Windows 8, 8.1 and 10).
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
Hackers publish personal data on thousands of US police officers and federal agents
https://techcrunch.com/2019/04/12/police-data-hack/
A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.
The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.
The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.
The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.
TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”
Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.
The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.
In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn. One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.
Their end goal: “Experience and money,” the hacker said.
==================================================================
If the data was stored such that only 'known' and approved devices could have access to the data, there wouldn't be problems like this!!! Intelligent Decisions was a company that had an agreement with Wave and the FBI (Wave's technology doesn't appear to have been used). If Wave's technology (Wave VSC 2.0 and Wave ERAS) would be put into action, events like this in the government wouldn't happen! Better security at less than half the cost!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords
https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/
Excerpts below:
Next-gen standard was supposed to make password cracking a thing of the past. It won't.
The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices.
Same as the old boss
A research paper titled Dragonblood: A Security Analysis of WPA3’s SAE Handshake disclosed several vulnerabilities in WPA3 that open users to many of the same attacks that threatened WPA2 users. The researchers warned that some of the flaws are likely to persist for years, particularly in lower-cost devices. They also criticized the WPA3 specification as a whole and the process that led to its formalization by the Wi-Fi Alliance industry group.
Please see link for full article -
==================================================================
Battered, but not broken: understanding the WPA crack
https://arstechnica.com/civis/viewtopic.php?f=2&t=15735
One other note that anyone looking to imporve their wireless protection and or control should consider. Any current AES implementation leveraging radius the client side keys should be put in the TPM. The trusted platform Module can provide the same level of assurance for WIFI keys that a sim module provides for Phones. By using machine certificates in the TPM there are no additional passwords or pin numbers and only authorized machines can be connected. The Keys on the TPM can be non migratable and as a result can only be deleted but never copied or moved. Using the TPM is simple as long as the client software is installed and the TPM is on all one has to do is select the TPM's CSP when the keys are requested from the Certificate authority and the rest just works. Almost all APs support this functionality. There is a good White paper on this subject at http://www.wave.com/about/whit...SecureWirelessWP.pdf
The TPM is already in over 275 million PCs and all corporate PCs have one. It is a vendor neutral Industry standard. The White paper above is done by my company who builds the software on all DELL PCs but the same methods would work with our competitors on HP and lenovo PCs
This simple step of leveraging the PC gives any WIFI network administator the same level of authentication security that exisits on a few billion cell phones
What we should have in the future is a method to just bond a consumer PC to a consumer AP using a proximity or USB so that the AP can put keys in the TPM. This would make it as easy to use WIFI as it is to use a portable phone.
Steven Sprague
CEO
Wave Systems Corp.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance
==================================================================
Wave VSC 2.0 and the TPM should have a large positive impact on WPA2 and WPA3! When Steven Sprague wrote about the WPA crack, there were over 275 million TPMs in computers and now there are well over 1 billion!! Many uses for the TPM for a LOT of computers. It's a shame that so many lie dormant or inactivated when they could be put to good use!!!
Microsoft publishes SECCON framework for securing Windows 10
https://www.zdnet.com/article/microsoft-publishes-seccon-framework-for-securing-windows-10/
Microsoft publishes simple guide for securing Windows 10 PCs based on five DEFCON-like security access levels.
Microsoft published today a generic "security configuration framework" that contains guidance for systems administrators about the basic security settings they should be applying in order to secure Windows 10 devices.
"We sat down and asked ourselves this question: if we didn't know anything at all about your environment, what security policies and security controls would we suggest you implement first?," said Chris Jackson, Principal Program Manager at Microsoft.
The end result was what Microsoft has named the SECCON framework, which organizes Windows 10 devices into one of five distinct security configurations.
"Mimicking the DEFCON levels used to determine alert state by the United States Armed Forces, lower numbers indicate a higher degree of security hardening," Jackson said.
The five possible Windows 10 SECCON security configuration
levels are: see link for more...
Microsoft describes these five security levels as follows:
•Enterprise security – We recommend this configuration as the minimum-security configuration for an enterprise device. Recommendations for this security configuration level are generally straightforward and are designed to be deployable within 30 days.
•Enterprise high security – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compatibility, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days.
•Enterprise VIP security – We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (for example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this security configuration level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days.
•DevOps workstation – We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and credential theft attacks that attempt to gain access to servers and systems containing high-value data or where critical business functions could be disrupted. We are still developing this guidance, and will make another announcement as soon as it is ready.
•Administrator workstation – Administrators (particularly of identity or security systems) face the highest risk, through data theft, data alteration, or service disruption. We are still developing this guidance, and will make another announcement as soon as it is ready.
For each of these Windows 10 device security levels, Microsoft has published a list of configurations --containing recommended Windows policy settings and values.
•Level 5 - Enterprise Security
•Level 4 - Enterprise High Security
•Level 3 - Enterprise VIP Security
•Level 2 - DevOps Workstation [empty at the time of writing]
•Level 1 - Administrator Workstation [empty at the time of writing]
Microsoft says the SECCON framework was put together by taking inspiration from the per-device Security Score top recommendations that Microsoft Defender ATP (the commercial version of Windows Defender) shows to its customers.
Feedback from a select group of pilot customers, experts from Microsoft's engineering team, and the Microsoft sales teams also helped shape the SECCON framework.
Extending Trust to Embedded Mobile Systems
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=143128817
A Wave that has aspirations to be a sizable player in the mobile market should take a close look at the articles in the post above!!! Given Wave's partnership with AMI and AMI's relationship with ARM, it seems like a gateway to a sizable market for Wave!!! It could bring better security to the mobile market in Wave Endpoint Monitor!!
An important excerpt from one of the articles:
Steven Sprague, Wave’s CEO, commented, “AMI and PC manufacturers offer great assurance that the UEFI components are trusted when delivered to the customer. Wave provides IT with a greater level of knowledge and trust in the boot process and assurances that only known devices are on the network. Knowing the identity of the machine and assuring the health of its BIOS represent significant strides forward in combating advanced persistent threats.”
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
https://www.darkreading.com/threat-intelligence/credential-stuffing-attacks-behind-30-billion-login-attempts-in-2018/d/d-id/1334371
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
Credential stuffing — where attackers use e-mail addresses and passwords stolen from one site to attempt to access other sites — took off in 2018, with nearly 30 billion documented attempts recorded by Internet infrastructure firm Akamai, according to its new report.
The attacks are enabled by easy-to-use software and widespread botnets that can take lists of usernames and passwords and try to log into a variety of sites. On average, Akamai saw more than 115 million attempts to use stolen credentials per day, and three times during the year the attacks spiked to more than 250 million attempts per day.
The widespread attempts to log into a variety of services mean that companies need to be on watch, says Martin McKeay, a security researcher and editorial director at Akamai.
"This is not something that just happens to someone else," he says. "This is not something that you can ignore. It is a constant problem."
Attacks that attempt to access sites using stolen or easy-to-guess credentials have become increasingly popular. In March, for example, the FBI warned management-software firm Citrix that attackers had breached the company's network using a low-volume credential-stuffing attack — known as credential spraying — where an attacker sends a relatively low number of attempts to each targeted server. Indoing so, the attacker can avoid triggering hard limits on the number of log-in attempts.
In its recent report, security firm Rapid7 also found that credential stuffing attacks had taken off, ostensibly because so many username-password pairs have been stolen from compromised sites.
"There are now upward of 1.5 billion credentials floating in the wild ready for use by malicious miscreants at an exposed service near your data," the company stated.
Akamai found that attackers most often targeted retail sites, video-streaming services, and entertainment companies. Because the company defined a credential-stuffing attack as a log-in attempt using an e-mail address, financial firms did not show up often in the data set, as most financial firms do not allow customer to log in with an e-mail address.
Online groups are after all sorts of credentials, McKeay says.
"They are looking at getting your streaming credentials, and they are looking for your gaming credentials — there is a large market for these things," he says. "If they can go and prove that what they have is a valid set of credentials, there is money to be made there."
The popularity of credential-stuffing attacks is also driven by easy-to-use software, the Akamai report stated. A tool named SNIPR is a popular entry-level program for targeting the simplest targets, such as gaming networks and video-streaming services. Another tool, known as STORM, allows for custom configurations that are traded and sold on the Dark Web, according to Akamai.
Other tools are designed to test stolen credentials' validity. Credentials proved to be valid have a much higher value in online black markets. In January, security researchers found a collection of 773 million e-mail addresses and 21 million passwords for sale on the Dark Web.
Intuit warned users of TurboTax in February that the reuse of usernames and passwords had allowed attackers to compromise an unknown number of accounts.
"Based on our investigation, it appears that an unauthorized party may have accessed your account by using your username and password combination that was obtained from a non-Intuit source," the company stated in a letter sent to consumers.
Akamai urged companies to continue to educate users on the reasons for using unique passwords paired with a password manager. And users should request two-factor authentication whenever a service offers the security measure.
"When discussing [attack takeover] and [all-in-one] scripts, criminals often complain about the use of multifactor authentication, which is a particularly effective method of stopping most of their attacks," the company stated in its report.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
Low TCO
• Reduce operating expenses by eliminating password reset and shortening deployment times
• Minimize capital expenses by using hardware you already have
• Integrate with Microsoft Active Directory for IT familiarity
Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems – manage mixed environments from one console
• Create custom management policies to suit your organization’s needs
• User and device authentication from a common console
Seamless Device Authentication
• Access control over wireless (i.e. 802.1x)
• Single sign-on
• VPN authentication (i.e. Microsoft DirectAccess)
Fixing PIN errors on Windows 10
https://www.thewindowsclub.com/fix-0xd00000e5-0x8007139f-0x80090030-pin-errors-on-windows-10
Some companies and users don't want to use fingerprint and iris scanning due to various potential privacy reasons, and they don't want to go through the trouble of fixing PIN errors as in this article. For a simple login process with PINs, Wave VSC 2.0 should be a lot easier!!! Windows 7, 8, 8.1 probably don't have these PIN errors with Wave 2.0 either!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
Ongoing DNS Hijacking Campaign Targets Gmail, PayPal, Netflix Users
https://www.securityweek.com/ongoing-dns-hijacking-campaign-targets-gmail-paypal-netflix-users
A DNS hijacking campaign that has been ongoing for the past three months is targeting the users of popular online services, including Gmail, PayPal, and Netflix.
As part of the campaign, the attackers compromised consumer routers to modify their DNS settings and redirect users to rogue websites to steal their login credentials.
Bad Packets security researchers, who have been following the attacks since December, have identified four distinct rogue DNS servers being used to redirect web traffic for malicious purposes.
“All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169),” the researchers reveal.
The first DNS hijacking exploit targeted D-Link DSL modems such as D-Link DSL-2640B, DSL-2740R, DSL-2780B, and DSL-526B. The rogue DNS server used in this attack was hosted by OVH Canada (IP address 66.70.173.48).
A second wave targeted the same types of D-Link modems, but the rogue DNS server had a different IP address, 144.217.191.145 (also hosted by OVH Canada).
Most of the “DNS requests were being redirected to two IPs allocated to a crime-friendly hosting provider (AS206349) and another pointing to a service that monetizes parked domain names (AS395082),” the security researchers say.
A third wave of attacks targeted a larger number of consumer router models, including ARG-W4 ADSL routers, DSLink 260E routers, Secutech routers, and TOTOLINK routers.
The attacks came from three distinct Google Cloud Platform hosts and two rogue DNS servers were used, both hosted in Russia by Inoventica Services (195.128.126.165 and 195.128.124.131).
In all attacks, the operators performed an initial recon scan using Masscan to check for active hosts on port 81/TCP, and only then launched the DNS hijacking exploits.
The campaign was meant to take the users of Gmail, PayPal, Netflix, Uber, and several Brazilian banks to rogue domains and trick them into revealing their usernames and passwords, Stefan Tanase, Principal Security Researcher at Ixia, says.
The security researchers found over 16,500 vulnerable routers potentially exposed to this DNS hijacking campaign.
“Establishing a definitive total of vulnerable devices would require us to employ the same tactics used by the threat actors in this campaign,” Bad Packets says.
The attackers abused Google’s Cloud platform for these attacks mainly because it is easy for everyone with a Google account to access a “Google Cloud Shell,” a service that provides users “with the equivalent of a Linux VPS with root privileges directly in a web browser,” the researchers explain.
UPDATE. A Google Cloud spokesperson has provided SecurityWeek the following statement: We have suspended the fraudulent accounts in question and are working through established protocols to identify any new ones that emerge. We have processes in place to detect and remove accounts that violate our terms of service and acceptable use policy, and we take action on accounts when we detect abuse, including suspending the accounts in question. These incidents highlight the importance of practicing good security hygiene, including patching router firmware once a fix becomes available.
==================================================================
Device authentication worked for cell phones and the cable industry. Why can't it work for Netflix, Gmail and Paypal?? Wave Knowd (currently in retirement) could have a big positive impact for users who use these services, and the companies that use the services. With all the damage done to these companies, one would think that paying for a great service like Wave Knowd would be natural for consumers and companies!!! Consumers pay for Whatsapp after a year, and not having Wave Knowd is far more dangerous for their digital well being!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
Lee, MA -
May 9, 2013
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Wave Knowd is free to consumers, and reduces the authentication cost to providers. Knowd is available to relying parties using the standard OpenID protocol, and also offers a simple web API. For more information visit: ID.Wave.com
Cyber-attacks 'damage' national infrastructure
https://www.bbc.com/news/technology-47812479
A growing number of cyber-attacks on key installations have successfully put systems out of action over the past two years, a study has revealed.
A survey of security professionals in six countries, including the UK, by the Ponemon Institute found 90% had been hit by at least one successful attack.
Staff in the utilities, energy, health and transport sectors were questioned.
Experts said the results are a wake-up call for an industry that often under-reports attacks and the damage done.
Staff tasked with keeping critical infrastructure systems running often kept details secret for security reasons, they said.
The report also concludes that a lack of resources and intelligence about "relentless and continuous" cyber-attacks are the industry's biggest concern.
Daily attacks
The Ponemon Institute, which specialises in cyber-security and privacy issues, used an anonymous poll to quiz more than 700 security professionals in the US, UK, Germany, Australia, Mexico and Japan who work to protect critical infrastructure.
Of those responding, nine out of 10 said the organisation they worked for had been damaged by a successful cyber-attack in the last two years. Many reported being hit by between three and six such incidents.
Respondents said around half of the successful attacks had resulted in downtime of critical systems. This was because essential systems were knocked out as part of the attack or operators had to turn off systems to repair the damage done.
"These are multiple, successful attacks on the physical world using cyber-technologies," Eitan Goldstein, from security firm Tenable, which commissioned the report, told the BBC.
"That is a really big change and that's why the risk isn't just theoretical any more.
"We believe the reason behind it is increased connectivity to industrial control systems.
"Today we want to be able to do analytics and predictive maintenance in our power plants, but the proliferation of smart devices and sensors and IoT is really increasing our cyber-exposure to attack.
"In many cases, organisations don't even know what is connected to the internet and what can be accessed by hackers."
'Troubling picture'
Prof Alan Woodward, of the University of Surrey's Cyber Security Centre, questioned the unexpectedly high response rate in the survey but added: "Even if the results are perhaps slightly higher than might otherwise be the case, because the group is self-selecting, this data as a whole still paints a troubling picture.
"Most information in the public domain tends to be anecdotal, or driven by specific incidents. This is one of the few reports I've seen that has the number of respondents to make it potentially statistically meaningful.
"Not only are elements of critical infrastructure being attacked, they are being 'successfully' attacked: these attacks are having a tangible impact, sometimes on multiple occasions."
Presentational grey line
How to protect key infrastructure
?Assume attacks will be made. Prepare with the right people, processes and technology, or risk long-term damage
?Realise the attacks will not stop. Many organisations are now successfully attacked several times a year
?Guard against human failings. An attack may succeed because just one employee clicks on a phishing email
?Share intelligence with similar organisations. National cyber-defence organisations often run online forums where experiences can be shared
Presentational grey line
"The data also reveals worrying themes, such as a lack of skilled staff or appropriate incident response plans to mitigate the attacks."
He added: "In many ways it doesn't matter what the motive of the attackers is. It could be criminals looking to extort money with a scattergun-type attack in which the infrastructure provider happens to get caught, or state actors seeking to disrupt services. The results on society are the same.
"When you think what critical infrastructure is, it's something that we simply must invest in protecting."
=================================================================
9/11, A Decade Later – A better paradigm emerges for cyber security
https://www.gsnmagazine.com/node/24635?c=cyber_security
The events of 9/11 illustrate in tragic detail the shortcomings of a black list approach to national security. The so-called black list model seeks to identify threats before they can manifest. The drawback, of course, is it cannot possibly defend well against every foreseeable threat, and is powerless against the unanticipated.
The counterpoint to the black list is the white list approach, which owns singular authority to define and grant all permissible freedoms. By permitting only pre-approved activities, it needn’t monitor endlessly for bad behavior and provides a stiffer defense against unimagined attacks.
While the white list is an impractical approach in the real world, it has applications in the virtual world of cyber security, and the tools to enable it have evolved quickly since 9/11. A decade ago, the rise of mobile and remote computing was already putting more laptops, data, applications and users beyond the security of the traditional network firewall. As the digital world became more mobile, cyber attacks grew more sophisticated, as well as more ambitious.
According to the NSA, 250,000 cyber attacks are leveled on Department of Defense information systems each year. And, as headlines from the last few months attest, hackers are more boldly targeting large commercial networks from Sony to PBS to CitiGroup. Further, coverage of the recent cyber attacks on Google and defense contractor Lockheed Martin strongly suggested an active role by foreign powers. These trends are portentous and, although our digital infrastructure remains largely uncompromised today, it is no longer enough to remain complacent to such threats in a post-9/11 world.
Many of these attacks could be hindered and even eliminated through a white list approach to cyber security, wherein the identity of all individuals, organizations and devices are proven on the network -- before any transaction occurs between them. Within the IT industry, this is known as trusted computing.
The foundation of trusted computing shifts the focus of digital security from the user to the device. It favors hardware-based device identification to ensure only known computers, applications and users gain access to information and resources on a private network. Far from being a new or untested modality, device identification has long provided strong network security for cellular networks and cable providers -- both of which have virtually eliminated the once frequent illegitimate use and theft of their services.
Ten years ago, trusted computing would have been impossible to implement on data networks given the technologies available at the time. (And, indeed, conventional user-based security tools of today -- such as USB tokens and smart cards -- cannot achieve it by themselves.) That began to change in 2003, when IT leaders, including AMD, Hewlett-Packard, IBM, Intel Corp., Microsoft, Sony Corp., Sun Microsystems, and Wave Systems, assembled to form the Trusted Computing Group (TCG). Shortly thereafter, the group released its open standard for the first interoperable root of trust for computing: the trusted platform module (TPM).
The TPM is a cryptographic security chip integrated into a computer’s motherboard that effectively converts the laptop itself into a security token. It enables IT managers to remotely create, sign and store authentication keys within a PC’s hardware, strongly binding the identity of the machine and its user to the device. Further, because keys are stored and protected within embedded hardware, they cannot be changed or stolen by malware.
More recently, the TCG expanded its open standards to include another root of trust for computing: the self-encrypting hard drive (SEDs). Under the TCG’s Opal standard, SEDs comprise a protected and independent architecture. They include their own processor, memory and RAM, and impose very strict limits on the code that can run within their architecture. SEDs provide a hardware-based container to securely house encryption keys and user access credentials. Since the encryption key never leaves the drive’s protected hardware boundary, it is impossible to steal, and immune to traditional software attacks.
The TCG’s component members have done more than develop interoperability standards for TPMs and SEDs over the past decade. They’ve actively embedded these technologies into their enterprise-class offerings. To date, TPMs are onboard a majority, if not all, enterprise-class laptops and PCs, and SEDs are available as from most leading PC OEMs.
Active management and use of these technologies is spreading quickly. The commercial sector has led the adoption curve for trusted computing, and the use of TPM and SEDs has seen more frequent use in broader deployments. These include deployments from leading companies across the automotive, healthcare, chemical, energy and professional services industries spanning tens of thousands of seats.
Government enterprises are also contributing increasing momentum behind trusted computing. For years, the U.S. Army has required every new PC procured in support of its enterprise to come equipped with a TPM; and, in 2007, virtually the entire Department of Defense followed suit. In addition, the National Security Agency’s High Assurance Platform (HAP) initiative has actively defined a framework for development of secure computing platforms using commercially available Trusted Computing technologies. Further, the agency has taken a leadership role by hosting the second annual Trusted Computing Conference in Orlando this month.
More recently, a few months following President Obama’s inauguration, he identified our digital infrastructure as a strategic national asset, and plainly stated that America's economic prosperity in the 21st century depended on strong cyber security.
“We count on computer networks to deliver our oil and gas, our power and our water,” Obama said. “We rely on them for public transportation and air traffic control. Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness.”
Improving cyber security was among Obama’s first executive actions, and recently manifested in the administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative. NSTIC’s central vision is an online environment where individuals and organizations follow well-defined standards to obtain and authenticate their digital identities, a position that effectively signals that the merits of open standards hardware security have been recognized by the government.
Amidst all these changes of the past decade, one thing remains the same: Both terrorists and hackers can suffer 100 defeats, and yet appear to have won after a single success. The key difference is that, unlike the real world, the virtual world provides the means to trust the identity of all users and devices within a system, and to guarantee that only those who follow the rules will enjoy the system’s freedoms. The tools for trusted computing are widely deployed today, and now with critical mass can support widespread application to achieve this remarkable new digital society.
Steven Sprague is president and CEO of Wave Systems Corp. He can be reached at:
ssprague@wavesys.com
--was CEO of Wave Systems
=================================================================
It's amazing that almost 8 years after this article written by Steven Sprague that there are articles like the one above by BBC!! The better paradigm had emerged nearly 8 years ago and STILL these 6 countries are struggling with cyber problems!!! Wave has solutions/products that could help immensely with preventing these cyber attacks!!!
=================================================================
https://www.wavesys.com/
Hackers broke into university networks in just two hours
https://www.zdnet.com/article/hackers-broke-into-university-networks-in-just-two-hours/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content&utm_content=5ca6820400e48b00017e0be6&utm_medium=trueAnthem&utm_source=twitter
Penetration testers testing university networks were able to use phishing emails to gain administrator access and access personal data, financial information and confidential research.
Ethical hackers testing the security of university networks found they were able to breach networks and access high-value data in under two hours in every single penetration test they performed.
Almost 50 universities across the UK were a part of the test and ethical hackers working on behalf of The Higher Education Policy Institute (HEPI) and Jisc, a not-for-profit digital support service for higher education, were able to successfully use spear-phishing attacks to gain access to sensitive information.
In some cases, it was possible in under an hour; in others, universities were compromised across multiple campuses.
Penetration testers were able to gain complete access to system information by acquiring domain-level administrator access to control systems. That enabled access to personal information about students and staff, information about financial records, and even the ability to hack into databases and networks containing sensitive research data.
A common tactic in spear-phishing attacks targeting universities is for cyber criminals to spoof an email to look as if it comes from a senior member of staff and send it to people they're known to work closely with. These messages will send victims to websites that attempt to steal credentials, or contain attachments which will drop malware.
The public-facing nature of universities often means it's easy for cyber criminals to conduct reconnaissance on the departments they're targeting, as staff will be listed on the university website.
The findings have been laid out in a research paper and it comes following a series of high-profile hacking campaigns targeting universities over the course of the last year.
A North Korean advanced persistent threat group targeted individual academics with spear-phishing emails designed to trick them into downloading a malicious Google Chrome extension, while last summer an Iranian hacking operation was detected targeting universities around the world in an effort to steal intellectual property.
"Cyberattacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat," said Dr John Chapman, head of Jisc's security operations centre and the author of the report.
"While the majority of higher education providers take this problem seriously, we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment. To avert a potentially disastrous data breach, or network outage, it is critical that all university leaders know what action to take to build robust defences."
The report lists a number of things universities should do in order to help protect their networks from attacks. They include knowing where data is stored and who has access to it, and ensuring systems and software are patched and up to date to prevent attackers exploiting known vulnerabilities.
It's also recommended that staff and students are trained in security awareness to help them spot phishing emails and provide information on how to report suspicious incidents or suspected attacks.
Jisc also recommends that universities should be performing regular vulnerability scans and that an incident response plan should be in place, should the worst happen.
"Universities are absolutely reliant on connectivity to conduct almost all their functions, from administration and finance to teaching and research. These activities accrue huge amounts of data; this places a burden of responsibility on institutions, which must ensure the safety of online systems and the data held within them," said Professor David Maguire, chair of Jisc and vice-chancellor of the University of Greenwich.
"Developing strong cybersecurity policies is vital, not only to protect data, but also to preserve the reputation of our university sector," he added.
==================================================================
The Wave Alternative and Wave VSC 2.0 could have a tremendous, positive effect on the universities cybersecurity posture. Relying on education as a means to stop the effects of spearphishing seems to carry a fair amount of risk when a 2FA solution like Wave VSC 2.0 could drastically lower the risk.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
https://www.wavesys.com/wave-alternative
Excerpts:
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Please see the rest of the Wave alternative link for more....
=================================================================
https://www.wavesys.com/ is a site that summarizes what better cybersecurity could be for a LOT of organizations!!!