8 items tagged "Cybersecurity"

  • 10 Big Data Trends for 2017

    big-dataInfogix, a leader in helping companies provide end-to-end data analysis across the enterprise, today highlighted the top 10 data trends they foresee will be strategic for most organizations in 2017.
     
    “This year’s trends examine the evolving ways enterprises can realize better business value with big data and how improving business intelligence can help transform organization processes and the customer experience (CX),” said Sumit Nijhawan, CEO and President of Infogix. “Business executives are demanding better data management for compliance and increased confidence to steer the business, more rapid adoption of big data and innovative and transformative data analytic technologies.”
     
    The top 10 data trends for 2017 are assembled by a panel of Infogix senior executives. The key trends include:
     
    1.    The Proliferation of Big Data
        Proliferation of big data has made it crucial to analyze data quickly to gain valuable insight.
        Organizations must turn the terabytes of big data that is not being used, classified as dark data, into useable data.   
        Big data has not yet yielded the substantial results that organizations require to develop new insights for new, innovative offerings to derive a competitive advantage
     
    2.    The Use of Big Data to Improve CX
        Using big data to improve CX by moving from legacy to vendor systems, during M&A, and with core system upgrades.
        Analyzing data with self-service flexibility to quickly harness insights about leading trends, along with competitive insight into new customer acquisition growth opportunities.
        Using big data to better understand customers in order to improve top line revenue through cross-sell/upsell or remove risk of lost revenue by reducing churn.
     
    3.    Wider Adoption of Hadoop
        More and more organizations will be adopting Hadoop and other big data stores, in turn, vendors will rapidly introduce new, innovative Hadoop solutions.
        With Hadoop in place, organizations will be able to crunch large amounts of data using advanced analytics to find nuggets of valuable information for making profitable decisions.
     
    4.    Hello to Predictive Analytics
        Precisely predict future behaviors and events to improve profitability.
        Make a leap in improving fraud detection rapidly to minimize revenue risk exposure and improve operational excellence.
     
    5.    More Focus on Cloud-Based Data Analytics
        Moving data analytics to the cloud accelerates adoption of the latest capabilities to turn data into action.
        Cut costs in ongoing maintenance and operations by moving data analytics to the cloud.
     
    6.    The Move toward Informatics and the Ability to Identify the Value of Data
        Use informatics to help integrate the collection, analysis and visualization of complex data to derive revenue and efficiency value from that data
        Tap an underused resource – data – to increase business performance
     
    7.    Achieving Maximum Business Intelligence with Data Virtualization
        Data virtualization unlocks what is hidden within large data sets.
        Graphic data virtualization allows organizations to retrieve and manipulate data on the fly regardless of how the data is formatted or where it is located.
     
    8.    Convergence of IoT, the Cloud, Big Data, and Cybersecurity
        The convergence of data management technologies such as data quality, data preparation, data analytics, data integration and more.
        As we continue to become more reliant on smart devices, inter-connectivity and machine learning will become even more important to protect these assets from cyber security threats.
     
    9.    Improving Digital Channel Optimization and the Omnichannel Experience
        Delivering the balance of traditional channels with digital channels to connect with the customer in their preferred channel.
        Continuously looking for innovative ways to enhance CX across channels to achieve a competitive advantage.
     
    10.    Self-Service Data Preparation and Analytics to Improve Efficiency
        Self-service data preparation tools boost time to value enabling organizations to prepare data regardless of the type of data, whether structured, semi-structured or unstructured.
        Decreased reliance on development teams to massage the data by introducing more self-service capabilities to give power to the user and, in turn, improve operational efficiency.
     
    “Every year we see more data being generated than ever before and organizations across all industries struggle with its trustworthiness and quality. We believe the technology trends of cloud, predictive analysis and big data will not only help organizations deal with the vast amount of data, but help enterprises address today’s business challenges,” said Nijhawan. “However, before these trends lead to the next wave of business, it’s critical that organizations understand that the success is predicated upon data integrity.”
     
    Source: dzone.com, November 20, 2016
  • Facebook to face lawsuit regarding 'worst security breach ever'

    Facebook to face lawsuit regarding 'worst security breach ever'

    Facebook Inc. failed to fend off a lawsuit over a data breach that affected nearly 30 million users, one of several privacy snafus that have put the company under siege.

    The company’s disclosure in September that hackers exploited several software bugs to obtain login access to accounts was tagged as Facebook’s worst security breach ever. An initial estimate that as many as 50 million accounts were affected was scaled back weeks later.

    A federal appeals court in San Francisco, rejected the company’s request to block the lawsuit on June 21 , saying claims against Facebook can proceed for negligence and for failing to secure users’ data as promised. Discovery should move 'with alacrity' for a trial, U.S. District Judge William Alsup said in his ruling. He dismissed breach-of-contract and breach-of-confidence claims due to liability limitations. Plaintiffs can seek to amend their cases by July 18.

    'From a policy standpoint, to hold that Facebook has no duty of care here ‘would create perverse incentives for businesses who profit off the use of consumers’ personal data to turn a blind eye and ignore known security risks', Judge Alsup said, citing a decision a separate case.

    The world’s largest social network portrayed itself as the victim of a sophisticated cyber-attack and argued that it isn’t liable for thieves gaining access to user names and contact information. The company said attackers failed to get more sensitive information, like credit card numbers or passwords, saving users from any real harm.

    Attorneys for users called that argument 'cynical', saying in a court filing that Facebook has 'abdicated all accountability' while 'seeking to avoid all liability' for the data breach despite Chief Executive Officer Mark Zuckerberg’s promise that the company would learn from its lapses. The case was filed in San Francisco federal court as a class action.

    Facebook didn’t immediately respond to a request for comment.

    The Menlo Park, California-based company faces a slew of lawsuits and regulatory probes of its privacy practices after revelations in early 2018 that it allowed the personal data of tens of millions of users to be shared with political consultancy Cambridge Analytica. As lawmakers have focused greater scrutiny on the company, Zuckerberg called for new global regulation governing the internet in March, including rules for privacy safeguards.

    The case is Echavarria v. Facebook Inc., 3:18-cv-05982 , U.S. District Court, Northern District of California (San Francisco).

    Author: Kartikay Mehrotra and Aoife White

    Source: Bloomberg

  • How blockchain can help fight cyberattacks

    blockchainImagine a computing platform that would have no single point of failure and would be resilient to the cyberattacks that are making the headlines these days. This is the promise behind blockchain, the distributed ledger that underlies cryptocurrencies like Bitcoin and Ethereum and challenges the traditional server/client paradigm.
     
    In 2009, Bitcoin became the first real application of blockchain, a secure decentralized monetary exchange platform that removed the need for central brokers. More recently, blockchain has proven its worth in other fields.
     
    Blockchain is the culmination of decades of research and breakthroughs in cryptography and security, and it offers a totally different approach to storing information and performing functions, which makes it especially suitable for environments with high security requirements and mutually unknown actors.
     
    The concept is already being used in several innovative ways to enhance cybersecurity and protect organizations and applications against cyberattacks.
     
    Preventing data manipulation and fraud
    One of the main characteristics of the blockchain is its immutability. The use of sequential hashing and cryptography, combined with the decentralized structure, make it virtually impossible for any party to unilaterally alter data on the ledger.
     
    This can be used by organizations handling sensitive information to maintain the integrity of data, and to prevent and detect any form of tampering.
    Guardtime is a data security startup that is placing its bets on blockchain technology to secure sensitive records. It has already used blockchains to create a Keyless Signature Infrastructure (KSI), a replacement for the more traditional Public Key Infrastructure (PKI), which uses asymmetric encryption and a cache of public keys maintained by a centralized Certificate Authority (CA).
     
    Matthew Johnson, CTO at Guardtime, believes that while PKI was a suitable technology for digitally signing software, firmware and network configurations, it was never designed to authenticate data.
     
    “The fundamental threat with PKI is that you need to base your security on the secrets (keys) and the people who manage them,” Johnson says. “That is very hard to do well and impossible to prove — just as in the real world you can‘t prove a secret has been kept, in the security world you can‘t prove a key has not been compromised.”
    Blockchain-based security is predicated on distributing the evidence among many parties.
     
    In contrast, instead of relying on secrets, blockchain-based security is predicated on distributing the evidence among many parties, which makes it impossible to manipulate data without being detected.
     
    “Blockchain has eliminated the need for trusted parties to verify the integrity of data just as in the cryptocurrency example it eliminated the need for a centralized authority to act as a bank,” Johnson explains.
     
    KSI verifies the integrity of data by running hash functions on it and comparing the results against original metadata stored on the blockchain. “This is a fundamentally different approach to traditional security,” Johnson says. “Rather than using Anti-Virus, Anti-Malware and Intrusion Detection schemes that search for vulnerabilities, you have mathematical certainty over the provenance and integrity of every component in your system.”
     
    KSI is already being considered by organizations such as the Defense Advanced Research Projects Agency (DARPA) to protect sensitive military data, and by the Estonian eHealth Foundation to secure over one million health records.
     
    Preventing Distributed Denial of Service attacks
    On October 21, millions of users across the U.S. were cut off from major websites such as Twitter, PayPal, Netflix and Spotify. The reason was a massive DDoS attack that brought down the DNS servers of service provider Dyn.
     
    The episode was a reminder of how a weakness in the current backbone can become a bottleneck and a point of failure in a system that involves thousands and millions of nodes and users.
     
    “The killer weakness of the current DNS system is its overreliance on caching,” says Philip Saunders, founder of Nebulis, a distributed, blank-slate DNS system. “This is what allows China to poison its DNS nameservers, censoring key social networks and banned keywords. At the same time it is also what makes it so easy for millions of autonomous devices under the control of malicious code to shut down whole networks and have these interruptions persist.”
     
    Blockchain offers a solution, Saunders believes, a decentralized system would make it literally impossible for the infrastructure to fail under an excess of requests.
     
    Nebulis uses the Ethereum blockchain and the Interplanetary File System (IPFS), a distributed alternative to HTTP’s centralized structure, to make its DNS infrastructure immune to DDoS attacks.
     
    “Blockchains, particularly the Ethereum platform, can allow a different approach,” Saunders explains. “Only changes or updates to the record cost money in the form of network fees, but reads are free, as long as you have a copy of the blockchain.”
     
    As Saunders explains, with the Ethereum blockchain, you read straight from your own copy without imposing costs on the network. “This has great potential for lifting a great deal of pressure from the physical backbone of the internet,” he says. “It also means we can do away with many of the redundancies of the traditional DNS and come up with something which is much better.”
     
    The team has finished the first draft of the Nebulis directory, which is currently undergoing testing. They plan to launch the first iteration of the directory soon.
     
    Preventing data theft in untrusted environments
    Encrypting data has now become a norm across organizations. However, when you want to act upon that data, you’ll have to decrypt and reveal its contents.
    “Currently, there’s really no option for computing over encrypted data in the market,” says Guy Zyskind, founder and CEO of Enigma, a decentralized cloud platform based on blockchain. “The result is that we can only encrypt data at rest (i.e. while being stored on disk) or in-transit (sending over the wire), but not in-use. This means that when we process data, in whatever way or form, we end up decrypting it. This poses the usual risks associated with data breaches — an attacker with access to a system can see the plain-text data.”
     
    Another problem pertains to the fact that we live in an era of cloud and on-demand services, where our data is accessed and processed by untrusted third parties.
     
    “There are many situations where we want to jointly work on data without revealing our portion to untrusted entities,” Zyskind says. “This happens constantly in the business world, where companies would like to collaborate without revealing sensitive information that they are prohibited from sharing due to security, privacy and even regulation reasons. Similarly, we’re seeing more peer-to-peer systems where users themselves would like to maintain their privacy and anonymity.”
     
    Enigma enables different participants to jointly store data and run computations while maintaining complete privacy. The platform uses blockchain to record time-stamped events and hashes of files that prevent attackers from hiding their tracks if they manipulate data.
     
    Additionally, Enigma uses Multi-Party Computation (MPC), a cryptographic technology that performs computations by distributing data and tasks among multiple untrusted parties and making sure each party only has partial access to the data. “The parties are trusted as a whole, decentralized unit, but not individually,” Zyskind explains.
    According to Zyskind, the combination not only prevents data from being tampered with, but also protects it from falling into the wrong hands. “The main point to consider is that the two technologies are complementary — both are needed to protect against a wide spectrum of cybersecurity threats,” he says.
     
    The paradigm can be used in several settings involving parties that cannot directly share data with each other but have the need to perform joint operations over it. Potential use cases involve simple tasks like bookkeeping, aggregations and generating simple statistics. It can also be used to train machine learning models over encrypted data sets owned by different parties.
     
    Enigma also can be used in fraud detection, where organizations can jointly execute fraud-detection algorithms over their encrypted data without compromising privacy.
     
    Blockchain and the future of cybersecurity
    Blockchain provides a fundamentally different approach to cybersecurity, which can go beyond endpoints and include user identity security, transaction and communication security and the protection of critical infrastructure that supports operations across organizations.
     
    The paradigm shift represented by blockchain can provide the transparency and auditing that will enable us to make the most use of shared online services, while eliminating the potential security and privacy trade-offs.
     
    source: techcrunch.com, December 6, 2016
  • Microsoft takes next cybersecurity step

    Microsoft takes next cybersecurity step

    Microsoft just announced they are dropping the password-expiration policies that require periodic password changes in Windows 10 version 1903 and Windows Server version 1903.  Microsoft explains in detail this new change and the rationale behind it, emphasizing that they support layered security and authentication protections beyond passwords but that they cannot express those protections in their baseline.  

    Welcome move

    This is a most welcome step. Forcing users to change their passwords periodically works against security, it means consumers have to write them down to remember them and it does nothing to stop hackers from stealing current passwords. Hackers generally use stolen passwords very quickly, and password complexity does little to prevent use of stolen passwords either, since hackers can just as easily capture or steal a complex password as they can a simple one.

    The time has long passed for organizations to stop relying on interactive passwords that users have to enter altogether. Hopefully this move by Microsoft will help move the transition to more secure forms of authentication. Finally a big tech company (that manages much of our daily authentication) is using independent reasoned thinking rather than going along with the crowd mentality when the crowd’s less secure password management practices are, however counterintuitive, less secure.

    Alternative authentication forms and decentralized identity (DID)

    Biometrics on their own can also be hacked. So can one time Passwords, especially those that use SMS and other authentication methods where man-in-the middle or man-in-the browser attacks are possible. What is more secure (and private) is another method Microsoft and many other organizations are starting to support: Decentralized Identities, where users control their own identity and authentication information.

    Using this method, the user’s credential and identity data is maintained in a hardened enclave only accessible to the user using their own private key that is typically unlocked using the user’s private mobile phone and optionally another authentication factor. In the end, the consumer just gets a notice from the site they are trying to log into to confirm the log in on their mobile phone (or other device) by just clicking 'yes' (to the login request) or additionally and optionally by using a biometric, e.g. a fingerprint or an iris scan.

    The bottom line is there is layered user authentication and the user doesn’t have to remember or enter an insecure password. And most importantly the user owns their own secured credential and identity data and no one can access it without user permission.

    Decentralized identities, the path to individual control

    DIDs are supported by many organizations today. Most (but not all) mega tech companies are joining the move to standardize DID technology. The companies not joining are generally the ones that continue to earn a living by monetizing consumer data, largely through advertising and data resell activities.  Adding fuel to the fire, some of these companies have an abysmal record when it comes to securing consumer data.

    Hopefully consumers will start protesting the monetization of their data by adopting DID as an authentication mechanism. It’s certainly a chicken and egg problem but there is gradual adoption across sectors. For example, even the Bitcoin network just started accepting DIDs, and British Columbia in Canada has also implemented them for small business identification.

    Web 3.0

    For sure, I will gladly sign up for a DID as soon as someone asks me too. I really am at my limit in tolerating password management policies. And I’m even more tired of being subject to continuous massive data breaches that steal my most personal and sensitive information, just because I live and transact.

    I don’t think anything else short of a massive re-architecting of the web and how we manage identity data will solve all these problems of data breaches and consumer data monetization and abuse.

    Author: Avivah Litan

    Source: Gartner

  • Multi-factor authentication and the importance of big data

    Multi-factor authentication and the importance of big data

    Big data is making a very big impact on multi-factor authentication solutions. Here's how and why this is so important to consider.

    Big data is already playing an essential role in authentication, and as security risks mount, this concern will become greater than ever.

    Kaushik Pal wrote an insightful article on Technopedia a couple of years ago about user authentication and big data. The importance of user authentication has risen more and more since that article was first published. Experts are now discussing the role of multi-factor authentication (MFA) solutions. Big data is proving to be a vital component to that.

    How does big data influence multi-factor user authentication?

    In today’s day and age cybersecurity issues are ever/growing, and simple passwords as security measures are no longer safe. According to some sources, 86% of passwords are notoriously insecure. But even passwords that seem to be secure are vulnerable if they aren’t managed well and protected with additional authentication options.

    As soon as your password has been exposed by malicious parties, they will access your account and they can do whatever they want with it. Fortunately, multi-factor authentication solutions came into existence. But what exactly is a big data based multi-factor authentication? And how canthese solutions help you? If you’re interested to learn more, then keep on reading.

    What is multi-factor authentication?

    Multi-factor authentication or MFA recognizes online users by carefully validating two or more claims offered by the users, from various types of validation. And this would not be possible without contributions from big data. The basic types of validation used include:

    1. Something you have, like a trusted and known device.
    2. Something you know, like a PIN or password.

    The theory behind the multi-factor authentication is that the joint factors of validation are stronger compared to their individual aspects.

    To make the definition simpler MFA incorporates a second, regularly physical method to verify a person’s real identity. Furthermore, MFA is rapidly becoming a standard for more secure as well as safer logins. Big data is playing an important role in addressing these shortcomings.

    Reasons why you should use multi-factor authentication solutions

    Big data has made multi-factor user authentication possible. But what are the core benefits? We list 5 of the many reasons to use MFA for you here:

    1. Enhance security

    Multi-factor authentication is one of the best solutions that you may want to take advantage of, especially if your main goal is to improve security. Big data has made this easier than ever.

    The main benefit of MFA is that it offers additional protection and security by adding new layers of protection. The more factors or layers in place, the smaller the risk of digital burglars obtaining important systems and data.

    2. Increase productivity and flexibility

    Another benefit of using this type of solution is that it replaces the encumbrance of passwords by changing them with alternatives that have the capability to improve productivity. Predictive analytics and other big data technology have made this possible.

    In addition, multi-factor authentication solutions can also bring an improved usability experience because of the improved flexibility of factor kinds.

    3. Achieve compliance

    Big data is vital for ensuring compliance. With multi-factor authentication, you will be able to attain the important compliance requirements particular to your organization that in turn alleviate audit findings as well as avoiding possible penalties.

    4. Simplify the login process

    As we all know, a difficult password does not excel in user-friendliness. Despite the fact that multi-factor authentication adds additional steps, it actually makes the login process a lot easier.

    Single sign-on, for instance, is one-way multi-factor authentication accelerates the said process. For example, a person using an Office suite needs to sign in through multi-factor authentication especially if it is his/her first time to use the app in his/her device.

    5. Location restrictions

    You can use multi-factor authentication to limit or allow login access depending on the current location of the user. If you’re working outside your office frequently or using your personal device, you are putting your company and personal data at risk from physical theft. Multi-factor authentication, on the other hand, can be also used to recognize when a certain user is looking for access from unknown locations.

    Big data is essential for ensuring multi-factor authentication

    Big data is very important for making sure user security is adequate. It has helped by introducing multi-factor authentication. Multi-factor authentication solutions can be of great help, especially if you have been compromised or an unknown person tries to use your password as well as username. Hopefully, you have learned a lot from this post.

    Author: Sean Mallon

    Source: Smart Data Collective

  • Technology advancements: a blessing and a curse for cybersecurity

    Technology advancements: a blessing and a curse for cybersecurity

    With the ever-growing impact of big data, hackers have access to more and more terrifying options. Here's what we can do about it.

    Big data is the lynchpin of new advances in cybersecurity. Unfortunately, predictive analytics and machine learning technology is a double-edged sword for cybersecurity. Hackers are also exploiting this technology, which means that there is a virtual arms race between cybersecurity companies and cybercriminals.

    Datanami has talked about the ways that hackers use big data to coordinate attacks. This should be a wakeup call to anybody that is not adequately prepared.

    Hackers exploit machine learning to avoid detection

    Jathan Sadowski wrote an article in The Guardian a couple years ago on the intersection between big data and cybersecurity. Sadowski said big data is to blame for a growing number of cyberattacks.

    In the evolution of cybercrime, phishing and other email-borne menaces represent increasingly prevalent threats. FireEye claims that email is the launchpad for more than 90% of cyber attacks, while a multitude of other statistics confirm that email is the preferred vector for criminals.

    This is largely because of their knowledge of machine learning. They use machine learning to get a better understanding of customers, choose them them more carefully and penetrate defenses more effectively.

    That being said, people are increasingly aware of things like phishing attacks and most people know that email links and attachments could pose a risk. Many are even on the lookout for suspicious PDFs, compressed archives, camouflaged executables, and Microsoft Office files with dodgy macros inside. Plus, modern anti-malware solutions are quite effective in identifying and stopping these hoaxes in their tracks. The trouble is that big data technology helps these criminals orchestrate more beleivable social engineering attacks.

    Credit card fraud represents another prominent segment of cybercrime, causing bank customers to lose millions of dollars every year. As financial institutions have become familiar with the mechanisms of these stratagems over time, they have refined their procedures to fend off card skimming and other commonplace exploitation vectors. They are developing predictive analytics tools with big data to prepare for threats before they surface.

    The fact that individuals and companies are often prepared for classic phishing and banking fraud schemes has incentivized fraudsters to add extra layers of evasion to their campaigns. The sections below highlight some of the methods used by crooks to hide their misdemeanors from potential victims and automated detection systems.

    Phishing-as-a-Service on the rise, due to big data

    Although phishing campaigns are not new, the way in which many of them are run is changing. Malicious actors used to undertake a lot of tedious work to orchestrate such an attack. In particular, they needed to create complex phishing kits from scratch, launch spam hoaxes that looked trustworthy, and set up or hack websites to host deceptive landing pages. Big data helps hackers understand what factors work best in a phishing attack and replicate it better.

    Such activity required a great deal of technical expertise and resources, which raised the bar for wannabe scammers who were willing to enter this shady business. As a result, in the not-so-distant past, phishing was mostly a prerogative of high-profile attackers.

    However, things have changed, most notably with the popularity of a cybercrime trend known as Phishing-as-a-Service (PHaaS). This refers to a malicious framework providing malefactors with the means to conduct effective fraudulent campaigns with very little effort and at an amazingly low cost.

    In early July, 2019, researchers unearthed a new PHaaS platform that delivers a variety of offensive tools and allows users to conduct full-fledged campaigns while paying inexpensive subscription fees. The monthly prices for this service range from $50 to $80. For an extra fee, a PHaaS service might also include lists of email addresses belonging to people in a certain geographic region. For example, the France package contains about 1.5 million French 'leads' that are 'genuine and verified'.

    The PHaaS product in question lives up to its turnkey promise as it also provides a range of landing page templates. These scam pages mimic the authentic style of popular services such as OneDrive, Adobe, Google, Dropbox, Sharepoint, DocuSign, LinkedIn, and Office 365, to name a few. Moreover, the felonious network saves its 'customers' the trouble of looking for reliable hosting for the landing sites. This feature is already included in the service.

    To top it all off, the platform accommodates sophisticated techniques to make sure the phishing campaigns slip under the radar of machine learning systems and other automated defenses. In this context, it reflects the evasive characteristics of many present-day phishing waves. The common anti-detection quirks are as follows:

    • Content encryption: As a substitute to regular character encoding, this method encrypts content and then applies JavaScript to decrypt the information on the fly when a would-be victim views it in a web browser.
    • HTML character encoding: This trick prevents automated security systems from reading fraudulent data while ensuring that it is rendered properly in an email client or web browser.
    • Inspection blocking: Phishing kits prevent known security bots, AV engines, and various user agents from accessing and crawling the landing pages for analysis purposes.
    • Content injection: In the upshot of this stratagem, a fragment of a legitimate site’s content is substituted with rogue information that lures a visitor to navigate outside of the genuine resource.
    • The use of URLs in email attachments: To obfuscate malicious links, fraudsters embed them within attachments rather than in the email body.
    • Legitimate cloud hosting: Phishing sites can evade the blacklisting trap if they are hosted on reputable cloud services, such as Microsoft Azure. In this case, an additional benefit for the con artists is that their pages use a valid SSL certificate.

    The above evasion tricks enable scammers to perpetrate highly effective, large-scale attacks against both individuals and businesses. The utilization and success of these techniques could help explain a 17% spike in this area of cybercrime during the first quarter of 2019.

    The scourge of card enrollment

    Banking fraud and identity theft go hand in hand. This combination is becoming more harmful and evasive than ever before, with malicious payment card enrollment services gaining momentum in the cybercrime underground. The idea is that the fraudster impersonates a legitimate cardholder in order to access the target’s bank account with virtually no limitations.

    According to security researchers’ latest findings, this particular subject is trending on Russian hacking forums. Threat actors are even providing comprehensive tutorials on card enrollment 'best practices'.

    The scheme starts with the harvesting of Personally Identifiable Information (PII) related to the victim’s payment card, such as the card number, expiration date, CVV code, and cardholder’s full name and address. A common technique used to uncover this data is to inject a card-skimming script into a legitimate ecommerce site. Credit card details can also be found for sale on the dark web making things even easier.

    The next stage involves some extra reconnaissance by means of OSINT (Open Source Intelligence) or shady checking services that may provide additional details about the victim for a small fee. Once the crooks obtain enough data about the individual, they attempt to create an online bank account in the victim’s name (or perform account takeover fraud if the person is already using the bank’s services). Finally, the account access is usually sold to an interested party.

    To stay undetected, criminals leverage remote desktop services and SSH tunnels that cloak the fraud and make it appear that it’s always the same person initiating an e-banking session. This way, the bank isn’t likely to identify an anomaly even when the account is created and used by different people.

    To make fraudulent purchases without being exposed, the hackers also change the billing address within the account settings so that it matches the shipping address they enter on ecommerce sites.

    This cybercrime model is potent enough to wreak havoc in the online banking sector, and security gurus have yet to find an effective way to address it.

    These increasingly sophisticated evasion techniques allow malefactors to mastermind long-running fraud schemes and rake in sizeable profits. Moreover, new dark web services have made it amazingly easy for inexperienced crooks to engage in phishing, e-banking account takeover, and other cybercrimes. Under the circumstances, regular users and organizations should keep hardening their defenses and stay leery of the emerging perils.

    Big data makes hackers a horrifying threat

    Hackers are using big data to perform more terrifying attacks every day. We need to understand the growing threat and continue fortifying our defenses to protect against them.

    Author: Diana Hope

    Source: SmartDataCollective

  • The 4 major cybersecurity threats to business intelligence

    The 4 major cybersecurity threats to business intelligence

    Everywhere a business looks, there are risks, pitfalls, threats, and potential problems. We live in a world where there’s very little separation between the physical and the digital. While this may be beneficial in some ways, it’s problematic in others. When it comes to cybersecurity, businesses have to account for an array of technical and intensive challenges protecting their intelligence.

    4 Major cybersecurity threats

    For better or worse, cloud computing, the internet of things (IoT), artificial intelligence (AI), and machine learning have converged to create a connected environment that businesses must access without exposing themselves to hackers, cyber criminals, and other individuals and groups with unsavory intents. In 2019, it’s the following issues that are most pertinent and pressing:

    1. The rise of cryptojacking

    As the swift and malicious rise of ransomware has shown, criminal organizations will go to any lengths to employ malware and profit. This year, cryptojacking is a major topic.

    “Cryptojacking, otherwise known as “cryptomining malware”, uses both invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims,” according to SecurityMagazine.comc. “Cryptojacking is a quieter, more insidious means of profit affecting endpoints, mobile devices, and servers: it runs in the background, quietly stealing spare machine resources to make greater profits for less risk.”

    2. Lack of confidence in the marketplace

    There’s a widespread lack of confidence in cybersecurity among customers and consumers in the marketplace. This limits many of the opportunities businesses have to implement much-needed change.

    This lack of confidence stems from highly publicized data breaches and cybersecurity issues. Take the US presidential election in 2016, for example. Despite that no proof of election tampering has been found, the media has led people to believe that there was some sort of breach. In the process, the notion of online voting seems unsafe, despite the fact that it’s something we need.

    In the context of business, every time there’s a major data breach, like Target or Experian, consumers lose trust in the ability of companies to protect their data. (Despite the fact that thousands of companies protect billions of pieces of data on a daily basis.)

    The challenge moving forward will be for individual businesses to practice data integrity and promote the right cyber security policies to rebuild trust and gain confidence from their customers.

    3. Supply chain attacks

    As businesses continue to build up their defenses around key aspects of their businesses, cyber criminals are looking for a softer underbelly that’s less fortified. Many of these attackers are finding it in vulnerable supply chains where risks aren’t completely understood (and where there has to be better cooperation between partners who rarely care to be on the same page).

    As we move through 2019, businesses would do well to consider what sensitive information they share with vendors. It’s equally important to consider the risk level of each vendor and which ones are worth working with.

    4. Insider threats

    According to a recent survey by Bricata on the top network security challenges facing businesses in 2019, 44% of respondents identified insider threats as an issue. (The next closest threat was IT infrastructure complexity at 42%.)

    In the context of this survey, insider threats aren’t necessarily malicious actions from employees. Instead, it’s often the result of accidental incidents and well-intended actions that go wrong. Businesses can counteract some of these insider threats by using tools like SAP Cloud Identity Access Governance, which allows businesses to use real-time visualizations to monitor and optimize employee access to data and applications.

    Better employee education and training is also a wise investment. Far too many employees remain unaware of the risks facing their employers, continuing to make foolish mistakes without realizing they’re making them.

    Moving toward a safer digital future

    While some would say we’re already living in the future, it’s important for business leaders to remain cognizant of what’s coming down the innovation pipeline so that the right strategic initiatives can be put into place. In doing so, we can all bask in the optimism of a brighter, safer digital future.

    Author: Anna Johansson

    Source: SAP

  • The future of cybersecurity threatened by the emergence of IoT devices

    Imagine being able to communicate effortlessly with the devices around you. This means having your devices fully automated and connected by sharing data through the use of sensors. This will definitely improve the quality of life and make our day to day activities much easier. This will also make businesses more efficient and facilitate in driving new business models.

    Well, there is no need to imagine as this is already a reality. These are the wonders of the innovation brought about by the Internet of Things (IoT), which simply refers to the network of devices, such as vehicles and home appliances, that contain electronics, software, sensors, actuators and connectivity that allows them to connect, interact and exchange data. The emergence of IoT brings about numerous benefits, but also poses a huge threat to security as it creates new opportunities for all the information it gathers to be compromised.

    Cybersecurity is already at the top of the agenda for many industries, but the scale and scope of IoT deployments escalate security, making it harder than ever to protect businesses and consumers from cyber attacks. intelligent organizations already need to protect their data and information, but cybersecurity is growing more important than ever with the emergence of IoT devices. Although IoT developments have made life easier on so many levels, it has also brought about serious security implications, as the scale of connected devices greatly increases the overall complexity of cybersecurity, while the scope of the IoT which isn’t operating as an independent device but an ecosystem magnifies these challenges — any data breach can cause significant damage to a whole business database.

    As HP found out, 70% of the Internet of Things devices are vulnerable to external attacks. With the technical vulnerability of most of these devices, it can only escalate these threats. Also, with its constant evolution and little attention to security, the potential for damaging cyber attacks can only tend to increase in the future. The implementation of IoT networks opens up the grid to malicious cyber attacks and any form of compromise in the network could lead to great data leakage.

    8 IoT threats to cybersecurity in the future

    8 IoT threats to cybersecurity in the future

    1. Complexity

    Variation of devices connected to a network is accompanied by risks worsening cybersecurity worries with its diverse and wide ecosystem.

    2. Volume of Data

    With IoT’s great need of data to work, it opens up nearly every part of our lives to the Internet, posing an important threat to the possibility of data manipulation. As a result, we must consider what this kind of access to the Internet means for your digital and personal security, as the availability of numerous access points leads directly to an increase in the risk of a breach or hack.Unified attacks can bring down a system or a network of data that is relied upon by millions. IoT is an incredible idea with the potential to change our lives dramatically but brings with it a flurry of concerns that will stretch your abilities and require you to be on your toes at all times.

    3. Continuous Expansion

    The IoT evolution doesn’t seem like slowing down anytime soon and, in fact, it continues to evolve and expand rapidly. This makes it difficult for cybersecurity to keep up with the pace.

    4. Over-Dependence On the Cloud

    With the cloud infrastructure, IoT has a heavy reliance on the cloud for safety, which makes cyber attacks to be targeted to the cloud. With this knowledge, it’s important to look for more ways to reduce those threats. More monitoring will be highly needed for cloud configuration, as well as logging. This monitoring can also be done with the use of external tools — These includes antivurus softwares and VPNs needed to be reviewed and compared carefully. These reviews and comparisons will enable you to choose the tool best suited for your device and needs, while the use of these tools will go a long way in securing your internet connections.

    5. Privacy Issues

    The issue of privacy is generated by the collection of personal data in addition to the lack of proper protection of the data.

    6. Deficiency In Authentication

    This area deals with ineffective mechanisms being in place to authenticate to the IoT user interface and/or poor authorization mechanisms whereby a user can gain a higher level of access than allowed with regard to their weak authentication mechanisms. For example, there is usually a large amount of data that is not sufficiently encrypted and these data are transmitted via wireless networks, many of which are public and lacking in security.

    7. Insecurity

    Over the past two years,AT&T’s Security Operations Center has logged a 458% increase in vulnerability scans of IoT devices. The risk with this is that the IoT device could be easier to attack, allowing unauthorized access to the device or its data. Most IoT manufacturers concentrate more on the efficiency of the device and less on the security, making devices vulnerable to cyberattacks. It is also difficutl to secure these devices after they become an end product, which only increases the challenges of cybersecurity.

    8. Industrial IoT

    According to Forcepoint, in 2019 attackers will break into industrial IoT devices by attacking the underlying cloud infrastructures. This target is more desirable for an attacker, as access to the underlying systems of these multi-tenanted, multi-customer environments represents a much bigger payday.<

    What does the future hold?

    Due to the aforementioned IoT-related weaknesses, which give cybercriminals more access to manipulate connected devices, it’s clear that IoT is painting a scary future for cybersecurity. However, it’s noteworthy that no system can ever be perfect. A continuous effort has to be put into work in order to provide more effective cybersecurity measures to ensure more safety in our day-to-day use of the IoT devices around us.

    Author: Joseph Chuckwube

    Source: SAP

EasyTagCloud v2.8