Verizon Data Breach Investigations Report Reviels 1.5M Customers Hacked

More than 1.5 million Verizon Enterprise customers had their contact information leaked on an underground cybercrime forum this week based on feedback from KrebsoSecurity. A security vulnerability, now fixed, provided an opening for the attacker, the business-to-business arm of the mobile and telecom giant told KrebsoOnSecurity. The breach involved basic contact information, not propriety network information, the company told Krebs. “Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.” The seller of the Verizon Enterprise data offers the database in multiple formats, including the database platform MongoDB, so it seems likely that the attackers somehow forced the MongoDB system to dump its contents. Verizon has not yet responded to questions about how the breach occurred, or exactly how many customers were being notified. The irony in this breach is that Verizon Enterprise is typically the one telling the rest of the world how these sorts of breaches take place.  I frequently recommend The Verizon Data Breach Investigations Report (DBIR) because each year’s is chock full of interesting case studies from actual breaches, case studies that include hard lessons which mostly age very well (i.e., even a DBIR report from four years ago has a great deal of relevance to today’s security challenges). Can service providers such as Verizon, AT&T, NTT, BT, DT and others successfully prevent or mitigate such reports? Send your comments to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

US FBI Sucessfully Unlocks Apple iPhone in Domestic Terrorism Case - Is this Legal?

Federal law enforcement officials were able to break into the phone used by Syed Farook with the help of an unnamed third party. Government officials did not go into detail about what was found on the phone. "The FBI has now successfully retrieved the data stored on the San Bernardino terrorist's iPhone and therefore no longer requires the assistance from Apple required by this Court Order," DOJ spokeswoman Melanie Newman said in a statement. The DOJ is dropping the case against Apple, since it no longer needs the company's help. Farook was one of two shooters in the December 2015 attack that left 14 people dead, and the government has been trying to force Apple to help bypass the phone's security features. Apple declined to help, saying it would compromise the security of all iPhone users. The company has argued that law enforcement officials don't understand the consequences of creating a back door. Apple will want to know how the FBI got into the iPhone in order for it to patch up any vulnerabilities in its software. The iPhone maker is likely to continue bolstering security in its software and devices.What is the central issue in this case - the national right to protection by our government vs. the individual's freedom of speech (verbal or written)? How will the outcome of this case impact tech vendors and citizens alike i the future? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

Communications Fraud Control Association Reports 19% Drop in Telecom Fraud

Fraud is responsible for losses of approximately U.S. $38 billion a year from global communications providers’ revenues, but the telco industry is concerned that losses from undiscovered crime attacks are even greater. Harnessing the power of native Hadoop applications, real-time machine learning and big data, Cloudera and mobile revenue fraud analytics provider Argyle Data have teamed to create a fraud analytics platform for communications service providers (CSPs) that allows them to uncover and shut down fraud attempts as they are happening. Million dollar scams can be pinpointed and deflected within minutes. Today, the platform is being used by some of the leading mobile operators across the globe. Let’s take a look at recent reports by the Communications Fraud Control Association (CFCA) to uncover the threat trends beneath the statistics. The CFCA released its "Global Fraud Loss Survey for 2015" results laion and coordination amongulent activity. The top five types of telecommunication fraud include: 1) Internal Revenue Share Fraud (IRSF), 2) Interconnect Bypass (e.g. SIM Box), 3) Premium Rate Service, 4) Arbitrage, and 5) Theft in Stolen Goods.  What does the future hold for communications-related fraud? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

following th

Anonymous Preparing Counter-Assault on ISIS for Brussels Terrorist Attacks

Anonymous is not taking Tuesday's terror attacks on Belgium lying down. Sky News reported Wednesday the hacktivist collective has released a new video in which it once again takes aim at ISIS, which took credit for the March 22 Brussels bombings that left dozens dead and hundreds injured. "Our freedom is once again under attack," said a computerized voice in the latest video. "This cannot continue." The group goes on to explain that, following the Islamic State's attack on Paris in November, it hit the terrorist organization hard, shutting down "thousands" of its Twitter accounts, stealing its money and its bitcoins, "severely punished Daesh on the dark net" and hacked ISIS's propaganda sites. And indeed, Anonymous released a related video days after the ISIS-perpetrated Paris attacks, in which 130 innocent people died and hundreds more were wounded. In that video, the group declared war on the Islamic State and warned that it should "expect massive cyberattacks." Can Anonymous' counter-attacks help impede the destructive efforts of ISIS? Share your recommendations with the the Cloud and Cyber Security Center:  http://cloudandcybersecurity.blogspot.com/

What Role Did CyberTerrorism Play in the ISIS Belgium Attacks?

While the ISIS attack in Brussels yesterday centered more on pure physical terrorism and destruction compared to the online attacks against the US Department of Defense - Chief of Staff, the US Office of Personnel Management and Sony Corporation cyber-planning and communications surely were critical factors in carrying out this horrific act. Two brothers - Ibrahim El Bakraoui and his brother, Khalid El Bakraouible - blew themselves up during the bloody attacks which rattled Western Europe to its core. ISIS is set to come under renewed attack from hackers following its terrorist atrocities in Brussels yesterday. Tuesday's attacks in Brussels bear a shocking similarity to the methods employed by ISIS in Paris on November 13, experts said. Those attacks are believed to have been coordinated by ISIS' external operations wing, using multiple attacks across the city to overwhelm the police and evade capture. Hacking group Anonymous have issued a declaration that it will up its cyber attacks on the terror group in the wake of the bombings in Belgium. The group unveiled its so-called 'Op Brussels' today in which it vowed to continue 'hacking their websites, shutting down their Twitter accounts and stealing their Bitcoins'. So what roles can cyber-countermeasures or preemptive cyber tactics play in thwarting future terrorist threats? Let us know your feedback at the Cloud and Cyber Security Center.

ISSA's Cornerstone of Trust Conference - Preview (June 14 in Silicon Valley)

The Information Systems Security Association (ISSA) is an international not-for-profit volunteer organization providing educational forums, publications and peer interaction opportunities that enhance the knowledge, skills and professional growth of its members— information security professionals. ISSA is a nonprofit organization for the information security profession committed to promoting effective cyber security on a global three-fold basis: a) Being a respected forum for networking and collaboration, b) Providing education and knowledge sharing at all career lifecycle stages, and c) Being a highly regarded voice of information security that influences public opinion, government legislation, education and technology with objective expertise that supports sound decision-making”. ISSA will hold its annual conference in Silicon Valley USA on June 14. The COT conference helps security leaders and security practitioners evaluate trends and develop responses to the challenges like increasing cost pressures, rising compliance complexity, changing threat landscape and emerging technology disruptors. The event is co-hosted by InfoGuard a collaboration for infrastructure protection. Which InfoSec issues do you believe need to be addressed at this year's conference? The ISSA has issued a call for speakers and presentations or share your ideas with the Cyber and Cloud Security Center: http://cloudandcybersecurity.blogspot.com/

SAN's General Model for Information Technology Security Evaluation

Developing a detailed threat profile, provides organizations with a clear illustration of the threats that they face, and enables them to implement a proactive incident management program that focuses on the threat component of risk. Organizations are facing new types of advanced persistent threat (APT) scenarios that existing risk management programs are not able to evaluate completely and incident management programs are not able to defend against. This paper provides information about how to expand existing risk management models to better illustrate APTs and provides a framework on how to gather threat related information so that detailed threat profiles that include APTs can be developed for organizations. These threat profiles can be used by an organization’s risk management team to record information about threat actors,scenarios, and campaigns that may have been launched against them. The threat profiles will provide incident management teams with threat intelligence information that they can use to analyze individual threat scenarios or threat scenario campaigns and enable them to anticipate and mitigate future attacks based on this detailed knowledge about the threats. Share your comments on the APT General Model for IT Evaluation with us here at the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/ 

Gartner's 2016 Magic Quadrant for Identity Governance and Administration

Here are some highlights from the recently published Gartner IGA Magic Quadrant: Some of the emerging trends among innovative vendors are integration with DAG tools, privileged access management (PAM) tools and enterprise mobility management (EMM) tools. Furthermore, the boundaries between IGA and segregation of duties (SOD) control monitoring are blurring. Also, some IGA tools are evolving to support a risk-aware identity and access management (IAM) approach, where manual or automatic decisions can be informed by their impact on risk. Market leader strengths: IBM: Customers can exploit synergies between IBM's IGA solution, its IBM Security Guardium database security and monitoring solutions, and its IBM Security QRadar security information and event management (SIEM) product, attracting current customers that are already engaged with IBM for data security technologies and threat intelligence. Its large, global presence allows products to be sold effectively everywhere. IBM has a very successful, heavily invested channel network that can deliver local expertise.SailPoint: A well-functioning and large partner network gives SailPoint momentum to sell and deploy its products worldwide, and provides an abundance of professional services skill sets. SailPoint's product strategy is broad and forward-looking, and the Whitebox Security assets, rebranded as SecurityIQ, give the company further options to solidify a leading position if properly executed. SailPoint's early focus and continued marketing messaging on governance, coupled with its successes in critical markets such as financial services, are responsible for the strong awareness and brand recognition that makes it a frequently evaluated vendor.Oracle: IGA product is flexible and customizable, has a very efficient data model, and shifts much processing to the database layer, which gives it a very good performance benefit. Integration of IGA with its mobile device management solution enables users to combine technologies into a unified IAM and enterprise mobility program. Adding Oracle's IGA solution as part of the Fusion Middleware platform to a portfolio of other Oracle IAM products can leverage synergies between those products, making it appealing to existing Oracle customers that view the vendor as a strategic partner. Their global presence and global channel partners enable its IGA product to be deployed worldwide.What impact will the market leaders have on the 2016-2017 IGA sector? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

President Obama Warns Against 'Fetishinzing' Smartphones at SXSW

The President visited South by Southwest (SXSW) last week. During a talk he tried to convey a sense of balance in the dispute between Apple and the DOJ. The government wants Apple to build a special version of iOS to unlock an iPhone that was used by deceased terrorist Syed Farook. Apple has refused to comply with a court order because of fears that such code would end up in the wrong hands. That would make every iPhone user on earth vulnerable to having the private information kept inside their phone, stolen by hackers.“The question we now have to ask technologically is if it is possible to make an impenetrable device or system where the encryption is so strong that there is no key, there is no door at all?” he asked.  speaking at the South by Southwest (SXSW) festival in Austin on Friday. It was Obama’s first extended disquisition on the contentious issue of encryption. Obama insisted that there is a middle ground. “My conclusion so far is that you cannot take an absolutist view on this,” he said. “If your argument is strong encryption no matter what, and we can and should create black boxes, that, I think, does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value. And that can’t be the right answer.” But the problem is that you can’t have strong encryption without it being unbreakable. Being absolutist about encryption is “the only way [it] works” tweeted Jake Laperruque, privacy fellow for the Constitution Project and the Open Technology Institute. So what will be the impact of widespread 'fetishizing' our smartphones? Send your comments to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

Amazon Seeks Security Paradigm Shift for eCommerce Transactions

Amazon is looking into allowing shoppers to pay with a selfie. The online retailer has filed a patent application for the technology, saying it is more secure and less "awkward" than traditional passwords. Customers would be able to take a picture or a short video of themselves to authenticate payments, instead of typing in a password. Amazon's facial recognition system would ensure it's the actual customer -- and not hackers, thieves or kids using their parents' devices -- who is making the purchase. The process would replace passwords in the same way a thumbprint replaces putting in a PIN code on an iPhone and other devices. To double check that the image is a legitimate selfie of a living human being (instead of a scan of previously taken photo), the system would also require users to blink, smile or tilt their head when taking their picture. Amazon said it is exploring the new technology to improve security and user experience. "The entry of these passwords on portable devices is not user friendly in many cases, as the small touchscreen or keyboard elements can be difficult to accurately select using a relatively large human finger," the company said in the filing. "It can require the user to turn away from friends or co-workers when entering a password, which can be awkward or embarrassing in many situations," Amazon added. The filing didn't consider if taking a selfie while blinking, tilting head and smiling would be considered less awkward and embarrassing than typing in a password.When and what will be the impact of this move toward biometric-like vs. traditional two-factor authentication on eCommerce? Send your predictions to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

CyberCrime Statistics - The Rise of Cyber Bullying, Cyber Stalking and Cyber Warfare

Cyber crime or computer crime can be divided into two categories: the first comprises crimes that target computers directly such as viruses, attacks and malware; the second focuses on online crime that uses computer networks or devices as means to perform fraud and identity theft through social engineering as well as cyber bullying, cyber stalking and cyber warfare.  Companies in the United States experience an yearly loss of more than $525m USD  due to cyber crime with the majority of these losses stemming from malicious code and DOD attacks. Data breaches and their consequences have also had profound effects on consumers with personal information and credit details being stolen. The largest online data breach compromised more than 130 million user accounts. Online brands with the highest probability of being targeted by phishing attacks. Include online payment provider Paypal and online auction house eBay, as well as numerous online service providers that require personal identification as well as payment information.  With the ubiquity of the internet, an increased online usage and the spread of social network usage throughout all age groups, cyber bullying and cyber stalking have become increasingly common, especially among teenagers. Cyber bullying is defined as the harming or harassing of other people in a deliberate, repeated, and hostile manner, including cyber dating abuse within relationships.Share your comments on the most common forms of cyber crime here at the Cloud and Cyber Security Center. Data provided c/o Statistica.

Edward Snowden Weighs In on the US vs. Apple iPhone Encryption Case

Known for his numerous leaks that exposed the NSA’s mass surveillance operations, Edward Snowden is now the latest expert to take a side in the Apple vs. FBI iPhone encryption case. “The FBI says Apple has the ‘exclusive technical means,’” he said.  He then proceeded to explain how the FBI could force its way into the iPhone – which is how the FBI wants to get in – without Apple’s assistance. The FBI is worried that after entering the wrong PIN for 10 times in a row, the iPhone could automatically erase data stored on it. So that’s one of the things it’s asking Apple to remove. But Snowden revealed that the FBI could physically remove the memory from the phone’s mainboard, copy it, and then try password combinations until it finds the right one The method is described in a post on the ACLU site, which claims that FBI’s stance on this particular matter is a lie. The Bureau is worried the iPhone could destroy itself, but this method would let its hackers save the contents without Apple’s help. “All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely because it can restore the NAND flash memory from its backup copy,” ACLU wrote. “The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.” Is Snowden's approach technically viable? And if it is, should the FBI use it? Send your comments to the Cloud and Cyber Security Center .

China: Likely the Greatest Threat to US Cyber Security

Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 U.S. National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten U.S. firms with the loss of competitive advantage. One U.S. member of Congress has asserted that China has "laced the U.S. infrastructure with logic bombs." Chinese critics, meanwhile, denounce Western allegations of Chinese espionage and decry National Security Agency (NSA) activities revealed by Edward Snowden. The People's Daily newspaper has described the United States as "a thief crying 'stop thief.'" Chinese commentators increasingly call for the exclusion of U.S. internet firms from the Chinese market, citing concerns about collusion with the NSA, and argue that the institutions of internet governance give the United States an unfair advantage. Government officials are calling it the biggest threat to America's economic security. Cyber spies hacking into U.S. corporations' computer networks are stealing valuable trade secrets, intellectual property data and confidential business strategies. The biggest aggressor? China. CNBC's David Faber investigates this new wave of espionage, which experts say amounts to the largest transfer of wealth ever seen —draining America of its competitive advantage and its economic edge. Unless corporate America wakes up and builds an adequate defense strategy, experts say it may be too late. Can China's cyber security threat posture be mitigated by technology and human intelligence in the West? Send your comments to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

Do Asia and Eastern Europe Consititute an Axis of Cybercrime Evil?

Countries with fast developing economies such as China, Hong-Kong, South Korea, and India have huge incentive in strengthening their IT infrastructure to support their booming economies. With the growing services and manufacturing sector of their economies, government and educational institutions are putting great emphasis upon producing human as well as economic capital that is necessary to support the growing sectors. With countries like China behaving aggressively to pursue its economic goals, a number of their institutions are alleged to be acting complacent in making the  cyber threat landscape more offensive. The case in point is Unit 61398, an alleged APT unit of People’s Liberation Army (PLA) targeting US, Germany, and France for the exfiltration of trade secrets, take over of critical national infrastructure, and to conduct corporate and intelligence espionage. Countries like Pakistan, with a thriving IT sector, 4G network introduction in the offing, no legislation on cyber crime, and a formidable existing body of hackers is likely to become a future point of origin for cyber activity. What is the potential scope and breadth of this emerging threat landscape?  Share your assessment with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

Ransomware "keRanger" Attack on Apple Computers

Apple Inc customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc told Reuters on Sunday. Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.Apple computers have been successfully targeted by malicious software called "ransomware" for the first time, according to security researchers. Palo Alto Networks said it spotted the ransomware on OS X on March 4, and reported the issue to Apple the same day. Apple took steps to protect users after being alerted to the problem, Palo Alto said. Ransomware is software that hijacks a computer, and locks a user's files until a ransom is paid. The program in question, dubbed keRanger, requires victims to pay one Bitcoin, which is a little more than $400, to retrieve their files. In this case, hackers managed to infect two versions of a program that installs a popular file-sharing tool called "Transmission" on Macs. Palo Alto said this is the first time a fully functional version of ransomware has been detected in Apple's operating system. The ransomware infection comes at a time when the security of Apple's products have come under intense scrutiny. What impact will ransomware in general and "keRanger" in particular have on not just Apple devices but other vendors' products as well? Send your assessment to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

Microsoft Windows Defender for Enterprises - Fighting CyberCrime in Large Organizations

Windows Defender Advanced Threat Protection service under development which will help large organizations detect and counter network attacks when it's delivered sometime this year. Microsoft also published an updated SQL Server 2016 Release Candidate that adds a preview capability to extend seamlessly to Microsoft's Azure cloud. Meanwhile, the news broke that Windows 10 is now the second most common desktop operating system in use, but has a long way to go to catch up with Windows 7. Microsoft is also preparing a developers kit for its HoloLens augmented reality headset. Microsoft has unveiled a new threat protection service that it said will help large organizations detect and counter network attacks. Windows Defender Advanced Threat Protection uses a combination of endpoint and cloud-based tools, and is intended to add a new post-breach layer of protection to the Windows 10 security stack. Cybercriminals are well organized with an alarming emergence of state-sponsored attacks, cyber-espionage and cyber terror. Even with the best defense, sophisticated attackers are using social engineering and zero-day vulnerabilities to break-in to corporate networks.  How effective will this new solution be in securing enterprise data? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

RSA Conference: Eric Schmidt to Lead Defense Innovation Advisory Board

US Defense Secretary Ash Carter unveiled the new Defense Innovation Advisory Board with Eric Schmidt during the annual RSA cyber security conference in San Francisco, saying it would give the Pentagon access to "the brightest technical minds focused on innovation."Schmidt, now the executive chairman of Alphabet Inc the parent company of Google, said the board would help bridge what he called a clear gap between how the U.S. military and the technology industry operate. Schmidt also said he saw the group looking for ways to use new technologies to solve new and emerging problem. The board is Carter's latest effort to kick-start innovation across the U.S. military by building bridges to the technology industry. The U.S. defense chief announced the board's creation on Wednesday during his third trip to Silicon Valley since taking office just over a year ago. It had been 20 years since the last U.S. defense secretary visited Silicon Valley. "If we don’t innovate and be competitive, we’re not going to be the military that the country needs and deserves," Carter told reporters. "We should have done it a while ago." Carter has argued forcefully for spending more on science and technology to maintain the U.S. military's competitive edge over Russia and China as they expand their militaries.Carter and Schmidt said they would choose up to l2 individuals to serve on the board, focusing on people who have led large private and public organizations, and excelled at identifying and adopting new technology concepts. Schmidt told reporters he had a list of possible members, but had not yet contacted them. The Pentagon said a first meeting could take place as early as April. What will be the impact of this advisory board on US DOD in general and cyber security in specific? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/