Kaspersky's Global IT Risk Report Indicates Decrease in Phishing Attacks

Kaspersky's Global IT Risk Report Indicates 4% Decrease in Phishing Attacks intrusion or hacking, and 9% fewer reported the theft of mobile devices by an external party. In fact, apart from only a few instances where perceived attacks have remained unchanged or increased by one or two per cent, attacks have decreased around the world. In China and Western Europe the theft of mobile devices by an external party dropped by as much as 12%. In North America, a perceived fall of 10% in malware and other malicious programs was the second highest in the world after China with 13%. The fall in mobile thefts may be due to better encryption being implemented on mobile devices in the past year. The reason for the perceived decline in malware is most likely down to businesses simply not realizing that a data loss event has occurred – a result of the ever more complex and stealthy techniques being implemented by cybercriminals. Even so, 54% still say that they are much more concerned about the security of mobile devices than they were a year ago. Now, let’s turn our attention to internal threats. 21% of organizations have lost sensitive data from internal threats in the past year. And 73% have had an internal security incident in 2015. The top threats came from software vulnerabilities and accidental actions by staff, including mistakenly leaking or sharing data. Is this phenomenon a one-time anomaly or the start of a longer term trend? Send your comments to the Cloud and Cyber Security Center. To read the full report visit the Kaspersky Labs' web site.

Russian Cyber Gang Targets the Oracle MICROS POS Ssytem

Days after word broke that MICROS had been infiltrated by miscreants, Hold Security informed Forbes magazine staff that POS vendors ECRS, Navy Zebra, PAR Technology, Cin7, and Uniwell were also targeted by the same group. Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month. More than 330,000 cash registers worldwide use MICROS, which ranks as one the world's three largest POS systems. Oracle has alerted its customers about the intrusion, a spokesperson confirmed, but the company declined to release any further details. "We are aware of the reported breach of Oracle's legacy MICROS systems," Marriott Hotels said in a statement provided to the E-Commerce Times by spokesperson Jeff Flaherty. "We are working closely with Oracle to better understand the situation and whether or not there may be any impact to our guests."What is next on the Russian hackers hit list? Share your comments with the Cloud and Cyber Security Center.

DARPA's Cyber Grand Challenge - How Does it Strengthen Cyber Security?

Starting with over 100 teams consisting of some of the top security researchers and hackers in the world, the Defense Advanced Research Projects Agency (DARPA) pit seven teams against each other in the Cyber Grand Challenge final event, held August 4 in Las Vegas. During the competition, each team’s Cyber Reasoning System (CRS) automatically identified software flaws, and scanned a purpose-built, air-gapped network to identify affected hosts. For nearly twelve hours teams were scored based on how capably their systems protected hosts, scanned the network for vulnerabilities and maintained the correct function of software. The Defense Advanced Research Projects Agency, or DARPA, gave us a glimpse into that future last Sunday, when it announced the winners of its Cyber Grand Challenge at DEF CON. "Our mission is to change what's possible, so that we can take huge strides forward in our national security capabilities. And if that's what our job is every single day, I think we did it today," said DARPA Director Arati Prabhakar. Taking home the US$2 million grand prize was ForAllSecure, a startup founded by a team of computer security researchers from Pittsburgh, for its Mayhem system. Winning the second place prize of $1 million was TECHx, made up of a team of software analysis experts from GrammaTech and the University of Virginia in Charlottesville. Third place finisher, Shellphish, a group of computer science graduate students at the University of California-Santa Barbara's SecLab won $750,000. How effective is DARPA's Cyber Grand Challenge in ultimately protecting both government and private sector organizations? Share your comments with the Cloud and Cyber Security Center.

ICS Cyber Security Conference - Preview (October 24-27, 2016)

The ICS Cyber Security Conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics. Over the years, the focus of the conference has shifted from raising awareness towards sharing security event histories and discussing solutions and protection strategies. As the longest-running cyber security-focused conference for the industrial control systems sector, the event will cater to the energy, utility, chemical, transporta- tion, manufacturing, and other industrial and critical infrastructure organizations. The ICS Cyber Security Conference will address the myriad cyber threats facing operators of ICS around the world, and will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices. The majority of conference attendees are control systems users, working as control engineers, in operations management or in IT. Industries represented include defense, power generation, transmission and distribution, water utilities, chemicals, oil and gas, pipelines, data centers, medical devices etc. Other attendees work for control systems vendors, security products and services companies, associations, universities and various branches of the US and foreign governments. If you have attended this conference in the past share you thoughts with the Cloud and Cyber Security Center.

Counter-Measures for Combatting Russia's Cyber Attacks on US Targets

As an increasing number of cyber-attacks hits the world's largest companies and agencies, NATO and Russia debates the creation of a roadmap to tackling cyber-threats. While the West has come up with the "Tallinn Manual of Cyber Warfare," a guide which proposes to apply the rules and principles of humanitarian international law in related cases, Russia spells out the need for a more thorough approach at an international level. Follow the debate on the cyber-security issue and the latest developments on RBTH. The Russian cyber-hacking of the Democratic National Committee is only the latest unacceptable and unlawful activity by that state. Russia has acted in flagrant violation of international law and wanton disregard for the rights of other nations. It is time and past time to take action in response. The United States is far from the only target of Russian cyberattacks. Russian hackers have been found by numerous reports and analyses to have attacked close allies including parliaments such as the German Bundestag, media outlets such as France's TV5Monde and Poland's Warsaw stock exchange.  The director of national intelligence has testified, "Russia is assuming a more assertive cyber-posture based on its willingness to target critical infrastructure systems."Which counter-measures will be most effective against Russia' onslaught of cyber attacks? Share your recommendations with the Cloud and Cyber Security Center.

ProjectSauron Cyber Espionage Group Uncovered by Kaspersky Labs and Symantec

ProjectSauron comprises a top-of-the-top modular cyber-espionage platform in terms of technical sophistication, designed to enable long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods. Technical details show how attackers learned from other extremely advanced actors in order to avoid repeating their mistakes. For example, all artifacts are customized per given target, reducing their value as indicators of compromise for any other victim.A cyber espionage group that has been operating covertly since at least June 2011 had its cover blown this week by two security vendors, both of whom said they discovered the group’s activity from malware samples submitted to them by their respective customers. Kaspersky Lab, which has dubbed the group ProjectSauron, described it as a sophisticated nation-state threat actor targeting state organizations. The group has been using a different set of attack tools for each victim making its activities almost impossible to spot using traditional indicators of compromise, the vendor said. The core payloads used by ProjectSauron to exfiltrate data from victim networks are customized for individual targets and are never used again in other attacks. “This approach, coupled with multiple routes for the exfiltration of stolen data, such as legitimate email channels and DNS, enables ProjectSauron to conduct secretive, long-term spying campaigns in target networks,” the Kaspersky Lab said in an alert earlier this week. What effect will the discovery of this group have on reducing cyber security threats? Send your comments to the Cloud and Cyber Security Center.

The Advance of Linux-based Botnet Malware - Can It Be Stopped?

The BillGates Trojan botnet family of malware - apparently so named by the virus writers because it targets machines running Linux, not Windows - has been labelled with a "high" risk factor in a threat advisory issued by Akamai's Security Intelligence Research Team. Akamai said the biggest attack to date using such a botnet occurred towards the end of 2015. Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab. DDoS attacks affected resources in 70 countries, with targets in China absorbing 77 percent of all attacks. Germany and Canada dropped out of the top 10 most-targeted countries, replaced by France and the Netherlands. The Linux server is the go-to platform for orchestrating DDoS attacks because of its latent vulnerabilities, said Charles King, principal analyst at Pund-IT.  A common problem is that they are not protected by reliable security solutions. "That makes them prime targets for hackers, especially those that leverage C&C servers to centrally manage and carry out DDoS attacks," he told LinuxInsider. "Deploying leading security solutions, as well as utilizing and updating established Linux distros, can go a long way to protecting against these issues."What impact will the rise in Linux botnets have on Internet security worldwide? Share your comments with the Cloud and Cyber Security Center.

Quadrooter High Risk Privilege Escalation Vulnerabilities Affect Android Device Security

Four undisclosed security vulnerabilities found in Android phones and tablets that ship with Qualcomm chips could let a hacker take full control of an affected device. Qualcomm processors are found in about 900 million Android phones. Almost a billion Android devices are affected by the "high" risk privilege escalation vulnerabilities, dubbed "Quadrooter," say researchers at security firm Check Point. Adam Donenfeld, the firm's lead mobile security researcher who found the flaws, explained at the Def Con security conference on Sunday. An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn't require any special permissions. (Most Android phones do not allow the installation of third party apps outside of the Google Play app store, but attackers have slipped malware apps through the security process in the past. Google's own branded Nexus 5X, Nexus 6 and Nexus 6P  devices are affected, as are Samsung's Galaxy Sy and S7 Edge. The recently-announced BlackBerry DTEK50  which the RIM says is the most secure Android smartphone is also vulnerable to one of the flaws. Just how pervasive is Quadrooter and what will its true impact be? Share your assessment with the Cloud and Cyber Security Center.