The OilRig group continues to adapt their tactics and bolster their toolset with newly developed tools. The OilRig group (AKA APT34, Helix Kitten) is an adversary motivated by espionage primarily operating in the Middle East region. We first discovered this group in mid-2016, although it is possible their operations extends earlier than that time frame. They have shown themselves to be an extremely persistent adversary that shows no signs of slowing down. Examining their past behaviors with current events only seems to indicate that the OilRig group’s operations are likely to accelerate even further in the near future.
This article is the second installment in a four-part series that examines how the X-Force IRIS framework can help identify opportunities for security practitioners to increase network security and lower risk by addressing the steps an adversary typically takes to attack a network. Be sure to read part one for the full scoop.
A newly uncovered hacking group has breached a number of critical infrastructure and government organizations in the Middle East with a mixture of publicly available and custom-built tools, according to new research from cybersecurity giant Symantec.
In recognition of the United Kingdom’s increasing economic dependence on internet-enabled capabilities, a number of established councils, chartered professional bodies, professional certification bodies, academics and industry representative groups have established a collaborative alliance to advance the development of the cyber security profession. With representation from a breadth of disciplines currently active in cyber security professional practice, including computing, engineering, physical security, CNI and focused cyber security bodies, the collaborative effort reflects constituent members’ common understanding that professional cybersecurity expertise is relevant to a broad range of disciplines. With an overall aim to provide clarity around the skills, competences and career pathways within this fast-moving area of professional practice, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy to provide a focal point for advising national policy, including the stated intent to recognise professionals through Chartered status.
The cybersecurity skills shortage is getting worse — a November 2017 study by the Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) confirmed this statement.
A bunch of new bug bounty rewards are up for grabs from the Zero Day Initiative, in a first-come, best-dressed program kicking off on August 1. The Trend Micro-backed operation announced on July 24 what it called the Targeted Incentive Program (TIP).
CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the results of its global supply chain survey, Securing the Supply Chain, produced by independent research firm Vanson Bourne. The study surveyed 1,300 senior IT decision-makers and IT security professionals in the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore across major industry sectors.
Security takes priority when it comes to the development and deployment of IoT, with Gartner predicting that by 2020, IoT security will make up 20% of annual security budgets. As a potential inhibitor, analysts, vendors and stakeholders alike are concerned about the potentially significant security risks associated with IoT deployments. These concerns are playing a role in decision-making and end user confidence in deploying IoT services, particularly when it comes to utilising existing networks that are known to be vulnerable, for example, Wi-Fi, and those that are new and operate in the unlicensed spectrum, such as LoRaWAN and Sigfox. Standardisation, or lack of, within the IoT industry is also acting as a barrier to deployment, with older and newer networks deploying IoT, more standardisation regarding security policies is urgently required.
By Chris Ross, SVP International, Barracuda
Ransomware may be a headline favourite, but the attack itself is nothing new. In fact, it’s been around in some form or another for decades. Since last year’s high profile global campaigns such as WannaCry and NotPetya you’d be hard pressed to find anyone who isn’t aware of the threat posed.
News broke that hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing. IT security experts commented below.
The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost double. This is great news, but information security specialists have started raising some pertinent questions: how are the users of these services protected and what potential risks do they face in the event of unauthorized access to their accounts?
On Data Privacy Day earlier this year, CCSI briefly discussed the implications of The General Data Protection Regulation (GDPR). It is essentially a set of rules imposed by the European Union to give individuals primary control over their personal data. This means that companies will now have to disclose or delete the personal data they hold. The rule came into effect last May 25, 2018. With this in place, how will it affect companies in the long-term?
We all understand the risk of someone taking over our computers or phones for nefarious purposes. But remote access to printers and fax machines was something most people took a little less seriously. After all, you might get some obscene printouts or someone wasting some paper, but in general, those are not big deals. Some researchers however have lately been pondering what might happen should someone break into your 3D printer. Of course, you could bring a printer down to deny service, or cause things to malfunction — maybe even in ways that could be dangerous if the printer didn’t have sufficient safety features. But these researchers are more crafty. They are studying how you know what you’ve printed hasn’t been subtly sabotaged. They also think they have an answer.
We all know what happened on 12 May 2017. That’s the day when an updated version of WannaCry ransomware announced itself to the world. In a matter of days, the malware encrypted data stored on 200,000 computers across 150 countries.One of the victims affected by WannaCry was the United Kingdom’s National Health Service (NHS). According to a report released by the National Audit Office (NAO), the attack caused disruption at 34 percent of NHS trusts. An additional 603 primary care and other NHS-related organizations also reported infections.Amyas Morse, head of the NAO, said the attack didn’t have to go that way. As quoted in an October 2017 press release:The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.May 2017 wasn’t the only time that NHS trusts suffered disruptions at the hands of computer criminals. According to Freedom of Information (FOI) requests sent to 80 NHS trusts by Intercity Technology, approximately a third of organizations suffered an outage across their IT systems between January 2015 and February 2018. A security breach was behind the blackouts for 14 of those entities, with NHS organizations suffering 18 security breaches over the last three years. Those events collectively caused 18 days’ worth of outages, The Register reported.These findings beg the question: why are computer criminals so intent on targeting the NHS?Part of the answer has to do with the NHS specifically. In its report, the NAO found that the National Health Service had not conducted simulations for a significant digital attack at a local level leading up to WannaCry. This lack of familiarity led to communication problems when the ransomware attack hit, thereby degrading recovery efforts. The NAO also learned that all NHS organizations affected by WannaCry could have protected themselves by updating their Windows operating systems or by properly configuring their firewalls.The other part of the answer ties into greater problems affecting healthcare overall. In general, healthcare organizations aren’t the most effective when it comes to patching known security vulnerabilities. According to the “SecurityScorecard 2018 Healthcare Report: A Pulse on The Healthcare Industry’s Cybersecurity Risks,” 60 percent of the most common security issues in the healthcare industry relate back to poor patching practices. This industry-wide shortcoming gives attackers a means of preying on healthcare organizations. They don’t need any more motivate; they already have the value of healthcare data to spur them forward. As noted by IFSEC Global, attackers can leverage stolen healthcare data to either sell it on the dark web or to build victim profiles for follow up attacks.Acknowledging the persistence of these types of threats along with the limitations highlighted by WannaCry, the UK Government announced new measures to boost the digital security of the National Health Service. These efforts will include £21 million on upgrading firewalls and network infrastructure at certain sites, funding that empowers the Care Quality Commission to evaluate the digital security preparedness of NHS trusts and the implementation of a new text messaging alert system to help facilitate better communication between trusts.Still, there’s work to be done. The Internet of Things increasingly threatens the NHS with data breaches unrelated to WannaCry. So too do non-WannaCry ransomware attacks, as at least four separate incidents have shown since May 2017.How Tripwire Can HelpThe NHS, not to mention all healthcare organizations, need to take steps to bolster the digital security of their systems so that they can ensure the availability of critical medical services and protect their patients’ data. Such measures are especially important in the case of defending against vulnerabilities like EternalBlue, the Microsoft SMB flaw which WannaCry exploited in May 2017. CVSS risk scoring is good. But in these types of instances, such low-medium-high scoring is not of any use because the vulnerability will show up as “high” in every part of the business where critical systems/assets that provide the “business as usual” state are in the same category as non-critical systems.This is where Tripwire IP360 can assist. Tripwire not only provides the CVSS risk scoring but also adds a unique way the assets are weighted depending on criticality to the business, amongst other criteria. This provides a way for the limited resources available to apply patches quickly to the critical systems in order to provide the secure “business as usual” state for the business.In the meantime, Tripwire Enterprise can be utilised to monitor the network for any changes or drifts of compliance and policies, providing real time notification to the resources on anything that is detrimental to the estate so they can address them immediately.
Yevgeniy Nikulin, the Russian hacker accused of stealing data from three United States-based tech firms, is uncooperative in his own defense, one of his lawyers said Tuesday.
capture and decrypt data shared between Bluetooth-paired devices
David Cowan is a partner at Bessemer Venture PartnersBessemer Venture Partners, where he launched the firm’s investing practices in space tech, cyber security, cloud infrastructure and consumer tech. More posts by this contributor
Tess Hatch is an investor at Bessemer Venture Partners, where she invests in frontier technology, specifically commercial space, quantum computing and drones.
For 50 years, space innovation meant scaling Apollo-era technologies into ever larger, more durable satellites parked above their terrestrial clients in geosynchronous orbit. Exotic space-ready parts, militarized defenses and layered redundancies ballooned into multi-billion-dollar systems designed to last 40 years or more beyond their conceptions. Only vast organizations with thousands of aerospace engineers could participate.
Enterprise Mobility Management (EMM) is the process of leveraging people and technology to secure sensitive data present on employee devices. EMM automates security configurations on devices so they’re ready for corporate use. It also enables you to keep security threats at bay, regardless of their attack vector. Whether the threat comes from an app, the Internet or the device itself, EMM solutions can prevent critical data loss and unauthorised data access.