February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All Rights Reserved Worldwide

Artificial Intelligence IT Security Best Practices Securing the Power Grid Building a great SOC DDoS Attacks & Defenses Healthcare Cyber Security Vehicle Vulnerabilities QA Security Strategy …and much more…

CONTENTS

“Feds Bet on A.I. to Fix Uncle Sam’s Cyber Woes” ______5

If You Want to Prevent Breaches, Don't Make These Three Security Mistakes ______8

How We Can Secure The Energy Grid and the Smart Home Of The Future ______14

Building a Security Operations Center to Reinforce Trust ______18

Facial Recognition ______22

Browser-based Cryptocurrency Miners ______25

STANDBY VIRTUAL DESKTOPS: THE IT INSURANCE POLICY FOR MAYHEM ______28

A New Class of Cyberthreat : Digital Threats are Targeting Your Digital Innovation Programs __ 31

YES, ONE USB DRIVE CAN CAUSE HAVOC ______35

Knowledge is Power: Confronting the Intersection of Digital Transformation and DDoS ______41

Healthcare data security ______44

Protecting Against Cybersecurity’s Weakest Link: The Human Factor ______48

THE CYBER MAFIA ______52

Resolve Security Issues Involving Bugs with Better QA Strategy ______57

Two Strategies to Get More Value from Your Existing Threat Intelligence Sources ______62

The Ghost in the Machine ______66

Vehicle Vulnerabilities ______82

Ensure the Safety of Your Customers' Data throughout the Holidays ______89

Cyber-attacks thrive the market for Managed Security Services ______92

Free Monthly Cyber Defense eMagazine Via Email ______95

FROM THE EDITOR’S DESK CYBER DEFENSE eMAGAZINE Dear Readers, Published monthly by Cyber Defense Magazine We are thrilled you are and distributed electronically via opt-in Email, HTML, PDF and Online Flipbook formats. joining us on our mission to share new and exciting ideas PRESIDENT Stevin Miliefsky as well as best practices, [email protected]

tools, products and services EDITOR Pierluigi Paganini, CEH that are making a difference [email protected] in stopping cybercriminals and helping get one step ahead of the next threat. We’ll even start discussing ADVERTISING Sarah Brandow educational and job opportunities – with cybersecurity [email protected] booming – there are more than 100,000 jobs in the Interested in writing for us: [email protected] USA alone in our field that are not yet filled. CONTACT US: New and exciting technologies abound and if you’re Cyber Defense Magazine Toll Free: 1-833-844-9468 coming to the #RSAC - RSA Conference 2018, like some International: +1-603-280-4451 of our key team members including our Publisher SKYPE: cyber.defense http://www.cyberdefensemagazine.com @Miliefsky, you’ll be seeing the latest approaches to Copyright © 2018, Cyber Defense Magazine, a hardening networks and stopping breaches in their division of STEVEN G. SAMUELS LLC PO BOX 8224, NASHUA, NH 03060-8224 tracks. To that end, we have some amazing writers EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. covering incredibly important topics and It’s always free so tell your friends to subscribe. Spread the word, FOUNDER & PUBLISHER Gary S. Miliefsky, CISSP® with our appreciation. From IoT and Car vulnerabilities to the growth of ransomware and attacks against cryptocurrencies, we’re seeing 2018 shape up to be an exciting time and a busy one. Let’s make 2018 our best, most proactive year together!

To our faithful readers, Learn more about our founder at: http://www.cyberdefensemagazine.com/about- our-founder/ Pierluigi Paganini Providing free information, best practices, tips Editor-in-Chief, CDM and techniques on cybersecurity since 2012, Cyber Defense magazine is your go-to-source for Information Security.

“FEDS BET ON A.I. TO FIX UNCLE SAM’S CYBER WOES”

WE HAVE ALL HEARD THE SAYING, “DON’T BET ON THE HORSES,” BUT WHAT ABOUT BETTING ON ARTIFICIAL INTELLIGENCE?

According to the recent MeriTalk Cyber AI IQ Test study, 87 percent of Federal cyber security decision makers say they would make that wager, asserting that AI would improve the efficiency of the Federal cyber workforce. So, how exactly do Feds see AI improving cyber workers’ efficiency? According to 150 cyber Feds in the study, AI would allow cyber workers to react to attacks more quickly, allow them more time for advanced investigations, improve strategic planning and scenario training, as well as would help close the cyber security skills gap.

IS AI WORTH THE RISK?

So, what is there to lose? Making bets is a risky business and one thing Feds might fear is surrendering their jobs to computers, right? On the contrary, only 24 percent of Feds fear cyber security job losses as a result of AI, while 40 percent predict it would require additional skilled hires. There are numerous vacant cyber positions in the Federal government and AI can help close that skills gap. Programs like CDM, with a heavy focus on metrics and automation, are paving the way for the continued use of smart technologies within the Federal government.

Going one step further, cyber leaders identified how specifically AI could give agencies an edge on cyber security. Nearly three-quarters called out detecting breaches and hacking attempts as the top areas for deployment, followed by predicting threats, uncovering new patterns, training or planning for cyber-attacks, automating threat response, and predicting human behavior. Ninety one percent of Feds acknowledged AI could help monitor human activity and deter insider threats. With insider threats becoming more and more prevalent, AI can help keep both internal and external threats in check.

FEDS NOT ALL IN ON ROLLING OUT AI

Despite the clear consensus that AI is the future, just over half of Uncle Sam’s cyber defenders say their agencies have begun discussing it. Of that group, less than 50 percent have a formal strategy for implementation. Just 21 percent of Feds say they are very comfortable with the idea of using AI for cyber security – with DoD and Intelligence agencies being significantly more likely than civilian agencies to have begun discussing enlisting AI for cyber security. More than half of Feds assert that the lack of 5 Cyber Defense eMagazine – February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Federal policy around AI is holding them back, while cyber decision makers identified lack of internal skills or competency to implement, lack of necessary processes or methods to implement, and not ready from an infrastructure perspective, as additional obstacles.

AI IS WORTH THE GAMBLE MOVING FORWARD

While Feds eventually see AI as a lock for cyber security, it is evident that further direction and formal policy will be the best way to successfully proceed. Charting a path forward will require conversations to ensure IT teams are comfortable with taking on a new tool, and ensuring systems and infrastructure are in place to do so. Leveraging insights from early AI adopters will be a crucial tactic for agencies looking to introduce AI into their cyber security arsenals. Inter-agency dialogue, along with buy-in from the top-down will help eliminate risk in rolling out AI strategies for cyber.

AI might seem like a tough draw for now, but it has a bright future in the evolving battle to secure our networks. As the threat landscape changes by the minute, and the number of threat actors continues to increase exponentially, cyber security tactics must progress in a way to follow suit. To download the full report, click here.

About the Author

Emily Garber, MeriTalk

Emily Garber is a Senior Account Executive for MeriTalk, mainly working on events and research programs. Emily joined MeriTalk eight months ago, but has over seven years of events, marketing, and public relations experience in the Washington, D.C. area.

Emily is a Connecticut native but welcomes the milder winters of the mid-Atlantic.

In her spare time, Emily enjoys running, spending time with friends, and checking out D.C.’s restaurant scene.

Emily can be reached online at [email protected] and at our company website https://www.meritalk.com/

IF YOU WANT TO PREVENT BREACHES, DON'T MAKE THESE THREE SECURITY MISTAKES by Destiny Bertucci, SolarWinds Head Geek™

There's one thing that the most high-profile security breaches have had in common: they were preventable. Yet, even in the face of increased incidents, most organizations are still in reaction mode when it comes to information security. And, they are often making the same three surprising mistakes — surprising because they involve foundational parts of an enterprise security plan. I'm talking about the fundamental processes of documenting, patching, and investing in technology redundancy.

BOLSTERING THE FOUNDATION: DOCUMENTATION

Being proactive about an information security strategy starts with documenting the processes that dictate patching policies. This is a basic, foundational step in IT — and skipping documentation is a basic mistake. After all, just pulling one block from a foundation could make it fall.

Documentation provides a chain of command, enables enforcement, and helps verify whether updates were made or not. Putting processes and policies on record takes testing, implementing, verifying, and recovery planning. Such work must get granular to be effective, so it's often considered tedious, and that's why the practice can be overlooked. On the other hand, backtracking and mitigating a breach takes a lot more time and effort.

STAYING UP-TO-DATE: PATCHING

In terms of making the updates dictated by the documentation, that action is frequently viewed as downtime by the business. Ironically, such an omission is exactly the cause of downtime and worse — customer loss, financial cost, and brand reputation damage.

Take WannaCry. Microsoft® discovered a vulnerability and issued a patch in March. News of the ransomware surfaced in April, and it took down organizations in May. A simple patching policy would have prevented the attack.

The same can be said for Equifax® — a breach resulting in the perpetual exposure of personal data, and one that may eventually cost billions of dollars. We'll see the impact for so many years to come that later incidents will probably be blamed on something else. 8 Cyber Defense eMagazine – February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Remember, when mass updates are issued, those with malicious intent find out as well. Cybercriminals get to work knowing that many enterprises make the mistake of not patching.

SECURITY IS A BUSINESS ISSUE: INVESTMENT

One big obstacle to patching is that when IT says "updates," the business often hears "downtime," and foregoes patching in favor of 24/7 availability and uptime. IT must demonstrate how updates and uptime do not have to be mutually exclusive if the right systems are in place.

Since budget decisions that impact IT are made across functions, and because success is dependent on data integrity, security is clearly a business, and therefore, the C-level must become more vested in matters of information security. Looking forward into the new year, it’s likely that the steady proliferation of end points and more sophisticated cybercriminals will make hiring and managing security professionals more important than ever. IT can help by quantifying what a breach might look like long-term versus a short-term investment in technology. Those at the C-Level who are pressuring IT likely don't realize they are breaking optimal security policy, and, in fact, hurting the business.

They are doing so because they falsely believe patching disrupts continuity. Still, when there's a breach, executive leadership would (rightfully so) be the first to ask: why weren't we up to date? Or if current fixes don't work on legacy technology: why weren't we upgraded?

The reality is, IT focuses on availability as much as the business, but is hindered by mistake No. 3 — a lack of budget investment by the business to ensure a secure, ever- on environment. Funding instead tends to go toward customer-facing projects in marketing, for example, where ROI is more quickly measurable. An immediate capital expense dwarfs in comparison to the long-term cost of a breach and the harm to customers, though.

So, to achieve simultaneous updates and uptime, the business has to understand the necessity of duplicate infrastructure for critical applications. With one system on standby and one that's active, updates can be made, and testing performed, then updated applications switched over without interruption. The result is 24/7 availability AND security.

Planned downtime and uptime can occur at the same time, without going offline, but this type of continuity requires capital investment in technology.

PREPARATION EQUALS PREVENTION

If the steps of documentation, patching, and redundancy seem obvious and simple, that's because they are and should be the fabric of IT. Nevertheless, I'm continually dumbfounded by the number of organizations that bypass documentation, ignore patching, and don't upgrade — especially when there is software available to automate patching and reporting, and minimize service interruptions.

Given that breaches became almost commonplace in 2017, I expect the need for robust security tools to rise exponentially in 2018. Consider leveraging a comprehensive monitoring toolset that can outline a baseline of performance across systems, networks, and especially databases, which are particularly vulnerable to attacks.

Oddly enough, the rise in breaches is compounding the indifference around information security. Instead of raising the volume on better security practices, the regularity of incidents is turning them into noise. For everyday people, there's a level of acceptance now, and the Band-Aid® of replacing credit cards, for example, is more of an inconvenience than a threat.

Now, we're also seeing similar resignation bleeding into enterprises, as potential losses are accounted for in the annualized loss expectancy. The cost of a breach, however, far outweighs that standard number.

Plus, we are now entering a realm where those subjected to breaches will be considered criminals as well: the recently introduced Data Security and Breach Notification Act could require companies to report data breaches within 30 days. Anyone knowingly concealing an incident could be fined or go to prison.

The good news is, breaches at a large scale are preventable, but it takes collaboration. IT must ensure the foundation is strong and current, but that can only be achieved with executive support. The bottom line is: if you value your customers and your business, then you will value security.

About the Author

Destiny Bertucci is a Head Geek at SolarWinds® and a Cisco Certified Network Associate (CCNA), Master CIW Designer, and INFOSEC, MCITP SQL, and SolarWinds Certified Professional®. In her 15 years as a network manager, she has worked in healthcare and application engineering, and was a SolarWinds Senior Application Engineer for over nine years. She started her networking career in 2001 by earning CCNA/Security+ certification and launching a networking consultant business. After using SolarWinds tools for many years, she joined the company and continued earning certifications and degrees to expand her professional reach into database development and INFOSEC. Customizing SolarWinds products while working on setups and performance deepened her knowledge of the complete SolarWinds product line. She is now skilled and experienced in network, security, application, server, virtualization, and database management. https://www.solarwinds.com/

HOW WE CAN SECURE THE ENERGY GRID AND THE SMART HOME OF THE FUTURE by Uri Kreisman, COO, Bluechip Systems

On August 15th, 2012, the Saudi Arabian group Saudi Aramco suffered a malware attack called “Shamoon” that damaged about thirty thousand computers. The state- owned group runs the entire nation’s oil production, and the attack sent the nation’s entire economy into disarray. In total, eighty-five percent of Saudi Aramco’s hardware was compromised.

Shamoon highlights how a cyberattack on an energy entity could cripple an entire nation. Indeed, it’s this potential for such damage that makes them an attractive option for cyberterrorists.

Smart grids being an attractive target for cybercriminals points to a larger trend. The internet of things (IoT), powered by smart devices, gives cybercriminals the opportunity to hack devices previously unheard of even a decade ago. Since more and more homes are now attached to the smart grid through IoT, the need to secure these networks is becoming more and more vital.

All of the internet connected devices in your home that have cameras attached to them - - smartphones, smart TVs, video game consoles, baby monitors, laptops -- can be hacked and exploited to monitor and spy on residents and execute powerful botnet attacks all without your knowledge.

There is now an increasing need to be able to secure IoT devices that were never built to be secured in the first place. Instead of relying on manufacturer software updates, I believe that a hardware-isolated solution is the future. If you embed a low-power, highly flexible, hardware-isolated computational and storage container that isolates data inside the host architecture, you can secure data and processes independently of the host’s operating system or networking protocol and make them virtually impervious to attack; an innovation that will change cybersecurity as we know it today.

IOT PERVADES THE ENTIRE UTILITY AND NETWORKING GRID

As of today, there are 8.4 billion IoT devices currently in use: one device for every living person on the planet. This number is set to keep growing, especially as our homes become “smart” via their connection to the internet. Since the house of the future is pre- loaded with an ubiquitous number of these devices -- Alexa, Google Home, Smart Fridges, smart cars, smart thermostats, automatic locks and so on -- hackers can monitor and access our information when we are at our most vulnerable.

Even if you “unplug” your home and refuse to install any IoT devices, you’re still vulnerable as smart buildings are on the rise. McKinsey & Company expect the IoT installed base in smart buildings to grow by 40% until 2020. Where you work, commute and go to the gym could be exposed to hackers and used to monitor or harass.

Cyberattacks on the entire grid are becoming increasingly more common. In December 2015, three electric companies in Ukraine were targets of a cyberattack that resulted in power outages for two hundred twenty five thousand customers. Even after power was bright back several hours later, control centers still weren’t fully operational two months later.

According to ICS-CERT statistics, energy is the second-most targeted sector. Energy companies oftentimes rely on Industrial Control Systems (ICS), which have become attractive targets for cyberterrorists for several reasons, including:

● Their longevity means information on how to program (and, by extension, hack) is readily available online. ● Many ICS protocols were developed with availability and control in mind, not security, leaving systems with innate vulnerabilities. ● Many systems are decades old. Security updates and patches are often pushed off due to fears that they would cause power outages. ● The emergence of smart grids have increased the attack surface of hacking activities

HARDWARE ISOLATION IS THE KEY TO SECURING IOT NETWORKS

Software updates and best practices may have worked for one or two of the breaches in the history of IoT, but these tactics are no match for a more sophisticated solution that exploits the device firmware or hardware. Indeed, cybersecurity experts have increasingly been partnering and working together with IoT industry leaders to find out the ways in which we can harden devices that were never built with security in mind.

The only viable defense is one that relies on the inherent security of hardware isolation. By shifting all of the IoT processes to another processor, hardware solutions effectively sandbox important data and make them simply inaccessible from the IoT device itself.

I believe that the future of IoT security rests in the power of embeddable microchips and the power of process isolation. By inserting a linux-powered computer into the architecture of a non-secure IoT device, you will be able to create a Hardware Root of Trust that completely seals any endpoint from man-in-the-middle attacks, effectively preventing weaponization of such endpoint as a source of future DDoS or Mirai attacks.

This new approach to cybersecurity aims to protect an IoT device by changing the whole paradigm: if you store away data on a hardware isolated container, it cannot be accessible to an attacker. Adding an isolated self-contained layer of hardware and software protection is of paramount importance to protecting our smart energy grid and our smart homes in the future from infrastructure-level cyber attacks.

About the Author

I’m the COO of Bluechip Systems - we’re building hybrid hardware and software cybersecurity solutions for IoT and mobile. With more than 20 years of experience in the industry, I write on emerging trends and technology in cybersecurity. You can find me on LinkedIn and at our company website: http://www.bluechipsys.com/

BUILDING A SECURITY OPERATIONS CENTER TO REINFORCE TRUST by Tom Gilheany, portfolio manager for security training and certifications, Cisco Services

To succeed in today’s digital economy requires a new level of trust. Digitization is now the way enterprises innovate and grow. But it also gives bad actors many more means to disrupt operations and destroy trust. Trust is hard to earn, easily broken, and difficult to restore once it is lost. And not only is trust even harder to earn, but the impact of lost trust is also magnified in today’s digital world. Millions of customer records, an organization’s intellectual property, or even critical resources can be compromised more rapidly than ever before.

THE RISE OF THE SOC

It’s crucial that today’s organizations have Security Operations Centers (SOCs) to ensure trust. This is true whether the SOC functions internally or is provided by a third party, such as a managed security service provider (MSSP).

What is a SOC? It’s a group within an organization that monitors, detects, investigates and responds to cyberthreats around the clock. The SOC is charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems and brand integrity. This includes the connected controls found in networked industrial equipment. The SOC assumes overall responsibility for monitoring, assessing, and defending against cyberattacks.

Four trends have led to the growing importance of SOCs:

1. The need for a holistic view: A centralized real-time view of all digital assets and processes makes it possible to detect and fix problems whenever and wherever they occur. Centralization is critical for IoT systems. The sheer number of devices and the likelihood that they are widely dispersed make local monitoring impractical and inconsistent.

2. The need for departmental collaboration: Now, more than ever it’s important that organizations maintain an environment where skilled people with the right tools can react quickly and collaborate to remediate system-wide as well as local problems.

3. The need for cross-functional collaboration: It’s essential that cybersecurity tools and people work together with other critical IT functions and business operations. These departments align with business objectives and compliance needs for a high-performing operation that is efficient and effective.

4. The need for company-wide coordination and communication: During a security event, it’s essential that there’s a centralized team to communicate with the rest of the organization and ensure efficient resolution. In turn, it’s also important that the organization knows who to turn to in the event of an incident.

As the SOC has grown and evolved, so too have the associated job roles and responsibilities. Having the right team with the right skills in place is essential to optimizing an organization’s front-line defense.

ROLES WITHIN THE SOC

There are many roles within the SOC. While SOC teams vary, these roles typically include:

• Cybersecurity Analyst: Analyzes information from systems using cyber defense tools to identify, categorize and escalate cybersecurity events.

• Incident Responder: Investigates, analyzes and responds to cyber incidents.

• Forensic Specialist: Identifies, collects, examines and preserves evidence using analytical and investigative techniques.

• Cybersecurity Auditor: Measures the compliance of systems, procedures and people against cybersecurity policies and requirements.

• Cybersecurity SOC Manager: Manages the SOC personnel, budget, technology and programs, and interfaces with executive-level management, IT management, legal management, compliance management and the rest of the organization.

Together, this team works to identify and respond to cybersecurity incidents in real time.

BUILDING A SOC: A CHALLENGE AND AN OPPORTUNITY

In an increasingly digitized and networked world, SOCs are rising up as the enterprise’s front and best line of defense. The SOC is a strategic, risk-reducing asset that strengthens the security of an organization’s systems and data. Building a SOC isn’t as easy as simply hiring new team members, however.

The problem is that there aren’t enough people right now equipped with the skills to fill open cybersecurity positions. This skills shortage is one of the biggest cybersecurity challenges the industry is facing. Market intelligence firm Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021.

Not only are there too few skilled professionals to fill the cybersecurity jobs, but a series of research reports from leading industry analyst Enterprise Strategy Group indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous and prevalent threats.

How can your organization get ahead of these trends? Cybersecurity operations professionals are in high demand, and filling these roles requires individuals who are willing to train, reskill and certify to become expert security IT professionals in the modern technology landscape. Organizations can fortify existing internal teams by providing ongoing learning opportunities to expand and grow cybersecurity knowledge. They can also look for expert credentials, like certifications, when hiring to validate skillsets. Together, learning, training and certifying are essential for ensuring that organizations maximize the benefits of building a SOC team. Reinforce trust for your organization by investing in the SOC and investing in a culture of continuous learning, now and for the future.

About the author

Tom Gilheany is the portfolio manager of security training and certifications within Cisco Services. His background is diverse; he’s worked in small startups and multinational Fortune 100 companies in product management and technical marketing positions. Prior to his transition to marketing, he spent more than a decade working in Information Technology and Operations. Tom holds a CISSP, an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.

FACIAL RECOGNITION

IPHONES ARE NOT THE ONLY ONE WITH ISSUES by DRP; Cybersecurity Lab Engineer

The consumer’s focus, and subsequently manufacturer’s, has been with ease of use for their products. This continues to be a selling point. One area within this real is facial recognition. Other biometric measures, including iris, fingerprinting, and other tools, have been in use at facilities of differing levels of security for over a decade.

This aspect of applied security is one of the newer applications for security. Facial recognition is touted as a more secure option for the consumer’s smart phone. In particular, this was implemented with the Samsung S8 and S8t.

OPERATION

Nearly all consumers are relatively familiar with the operations of this security application. This operates as the user picks up the phone, looks at the phone, the phone with its front facing camera authorizes the user with this image. In essence, the user acts as though they are taking a selfie. After this, the user begins to use the phone as anyone else would. This solution provides a secure device and security.

This aspect of security is utilized with the phone’s intelligent agent Bixby and e- commerce mobile payment app Samsung Pass. In theory, this allows for a greater user experience. The user is not required to remember the password, does not have to worry about fat-fingering the digits, and don’t have to worry about bricking the phone.

USES

With this tool, the primary use is to unlock the phone. This is not a new tool or a nuance to a present technology. This functionality is well-known and used in other venues. Although intended to improve the user experience (UX), it has the potential to be a bit creepy. This, as noted, is exceptionally useful for the user’s ease. There are other unintended uses. The algorithm and results for the facial recognition are stored locally, but are accessible. In theory, this could be downloaded. This could be then used by facial recognition in the public or governmental applications. This may be used to identify who was near a crime scene or persons who look like persons who were near a

22 Cyber Defense eMagazine – February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. crime scene. A person could be included with a group of deviants, due to them appearing to have 90% of the traits of a person of interest.

COMPROMISING THE NEW SECURITY FEATURES

As this was a new use case, the researchers took this as a challenge. A simple test for this to bypass the security was to place a photo in front of the subject camera at the correct angle to act as a proxy for the person’s real face. To demonstrate the ease of this, the researchers could have used a picture from social media on another phone and place the two proximate to each other. The net effect of the ease of compromising the phone along with the data the attacker would then have access to is problematic.

ALL IS NOT LOST

The issue itself is rather troublesome. The user is not required to apply this function to the phone, thus it may be prudent to use other security features in tandem. One of these options would be to use the PIN and/or reformat this from the numbers to an alpha-numeric code. In short, it may not be prudent to only use the facial recognition given its issues in this use case.

FURTHER READING

Ducklin, P. (2017, April 3). Facial recognition on samsung’s new phone has already been cracked. Retrieved from https://nakedsecurity.sophos.com/2017/04/03/facial-recognition-on-samsungs-new-phone- has-already-been-cracked/

Gruman, G. (2017, April 4). What you should really expect from samsung’s facial recognition. Retrieved from http://www.infoworld.com/article/3186697/identity-management/what-you-should-really-expect-from- samsungs-facial-recognition.html

Khandelwal, S. (2017, March 30). Samsung galaxy s8’s facial unlocking feature can be fooled with a photo. Retrieved from http://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html

About the Author DRP began coding in the 1980’s. Presently DRP is a Cybersecurity Lab Engineer at a Tier One supplier to the automobile industry. DRP is presently completing the PhD (Information Assurance and Security) with completing the dissertation. DRP’s interests include cryptography, SCADA, and securing communication channels. He has presented at regional InfoSec conferences.

BROWSER-BASED CRYPTOCURRENCY MINERS

Towards the end of 2017, browser-based cryptocurrency mining activity increased significantly. In fact, we saw browser-based cryptocurrency miners hidden inside big- name websites, such as Showtime, Politifact, and Pirate Bay, with the intent to generate revenue at the user's expense. We’ve seen this method used previously with the inception of Bitcoin, but faded away after the large amount of processing power needed to mine Bitcoin wasn't obtainable using this method. Fast forward to today and we see Bitcoin prices at an all-time high at 137 billion dollars. It was only a matter of time until this method of mining made a comeback.

Since Bitcoin mining still requires a large amount of processing power, browser-based miners have started mining something easier—Monero. Monero (XMR) is a newer privacy-focused cryptocurrency that is popular for this type of deployment since its mining operation is optimized for PC's rather than specialized ASIC miners, which are used in Bitcoin mining operations.

COINHIVE

The front-runner for this controversial browser-based miner is Coinhive. This provides a simple, easy-to-use package that website owners can simply add to their website code. When users access the site, the Coinhive JavaScript code library executes and mines for the site owner using the user’s resources. However, what started out as a tool that lets you mine Monero with your browser, has turned into another technology abused by malware developers.

CRYPTOJACKING

We are starting to see legitimate browser extensions already packaged with miners. A Google Chrome extension, called Archive Poster, was recently found mining cryptocurrency on unsuspecting users’ PC's—one of many cryptojacking attacks, where hackers have hijacked PC's through compromised web servers and applications to mine cryptocurrency for themselves.

Unfortunately, we’re seeing more Cryptojacking incidents occur. Hackers are sneaking mining components on websites and stealing cryptocurrency off the website’s traffic. We also believe that this is a practice that will continue to evolve.

WHERE IS THIS HEADED?

We can only expect this activity to increase this year, and we’re predicting that we will also see traditional malware evasion techniques implemented into browser mining. The payout from this activity isn't going to be as high as something like ransomware, but the sheer fact of how simple this is to implement will keep attackers interested and therefore will attempt to prolong it if possible.

STAY SECURE

The challenge with mining malware is that it happens in the background where users can’t see it. If someone is cryptojacking your computer, unfortunately you won’t be able to tell, so it’s important to make sure you take the proper precautions.

There are several Anti-Virus vendors that have updated their file system to scan detections to identify where any browser-based code has been injected, enabling you to identify and remove the content. Additionally, this type of 'attack' requires network connectivity to connect to either a cryptocurrency network or a mining pool to generate hashes for this activity to be detected and blocked from a firewall.

Lastly, it’s important to block this activity, which can be done via UTM features, such as Web Categorization filtering. Sites that are known to drop these miners can be added to a blacklist or may be reclassified as malicious by your firewall vendor.

About the Author

Shawn Pope is a Security Analyst at Nuspire Networks, a state-of-the-science managed network security provider for some of the largest and most distinctive companies across the world.

For more information, visit www.Nuspire.com

STANDBY VIRTUAL DESKTOPS: THE IT INSURANCE POLICY FOR MAYHEM

By Michael Abboud

AllState's "mayhem" commercials underscore the need to protect yourself and your property from life's unforeseen mishaps. What will happen to your business operations if a natural disaster strikes? Even more common, what will your IT team do when Jim in accounting unknowingly clicks on the latest ransomware strain and cripples the entire organization’s network? Or, Susan from marketing leaves her laptop in a taxi?

According to the 2017 Data Breach Year-End Review released by Identity Theft Resource Center (ITRC) and CyberScout, the number of U.S. data breach incidents recorded in 2017 totaled a record high of 1,579 breaches. The review reveals a drastic 44.7 percent increase over the figures that were reported in 2016.

More than life's every day snafus, IT is beleaguered with natural disasters, outages, and disruptions related to cyberattacks -- and they all can have a significant impact to the bottom-line.

In fact, according to cybersecurity experts Imperva, 59 percent of 170 security professionals who attended the RSA conference last year revealed that the downtime experienced due to lack of access to systems was the most consequential effect of a ransomware attack. Thirty-two percent of respondents indicated their company had been infected with ransomware, while 11% revealed it took longer than a week to regain access to their systems after an attack.

Do you have a business continuity plan? If an outage occurs, how fast can you be operational? Is the standby environment compliant with industry guidelines and regulations? Business continuity does not have to be expensive if you take advantage of standby virtual desktop options. They are a viable option at a fraction of the cost of owning and maintaining redundant equipment.

STANDBY VIRTUAL DESKTOPS ARE THE ANSWER

Traditional business continuity and disaster recovery approaches often include replicating existing IT infrastructure. Not only is this expensive but there are physical desktops and servers idling, which are costly to maintain, especially as your IT needs continue to evolve.

Moving towards managed virtual desktops delivered via a private cloud, provides a unique opportunity for organizations to reduce costs and provide remote access while supporting business continuity initiatives and mitigating the risk of downtime.

Standby virtual desktops are pre-configured and ready to go at a moment’s notice, allowing your team to remain “business as usual” during a sudden outage.

ELIMINATE PHYSICAL REDUNDANCY AND COSTS

Implementing standby virtual desktops is a seamless process. Virtual desktops are preconfigured and are readily available if and when an outage occurs, ensuring operational uptime.

Additionally, because desktops are monitored by a managed service provider over a secure network and supported by a Service Level Agreement (SLA), end users can expect reliable, high-availability. The physical infrastructure supporting virtual desktops are continuously monitored, typically hosted within an enterprise grade datacenter, and have a high degree of redundancy.

Best of all, users are no longer tethered to any physical device, location or internet connection. Virtual desktops are accessible from any device, browser, and location providing an unapparelled level of mobility and flexibility without sacrificing performance, security, or compliance.

Overall, business continuity starts with the user. By utilizing standby virtual desktops, organizations are prepared with a true business continuity solution before a disaster or cyberattack strikes. According to industry analysts, it is not a matter of if but when. The question is, will you be prepared?

About the Author

Michael Abboud is the CEO and Founder of TetherView, a provider of private cloud environments including virtual desktops and virtual servers.

He has over 20 years of business technology, healthcare, and real estate development experience – with a focus in moving businesses to the cloud and educating stakeholders on how to properly address cyber threats. Michael studied at NYU and St. Johns.

A NEW CLASS OF CYBERTHREAT : DIGITAL THREATS ARE TARGETING YOUR DIGITAL INNOVATION PROGRAMS by Lou Manousos, CEO, RiskIQ

Everyone uses the internet, both the good guys and bad guys. In the ongoing chess match between businesses expanding their digital presence and the actors trying to exploit growing attack surfaces, those without access to automated internet reconnaissance, whether for bad or good, are at a tremendous disadvantage.

As companies continue to invest in digital transformation initiatives that improve customer engagement and enhance their products and ecosystem, cybercriminals take advantage of vulnerabilities and lax security oversight across a business’s web, social, and mobile assets. We define the cyberthreats related to their digital presence as ‘digital threats,’ a separate class that requires a fresh approach. In response to this new type of threat, organizations should be investing in digital threat intelligence and protection mechanisms that address security outside the firewall.

Successful threat actors are building internet-scale digital-threat campaigns that can overwhelm defenses—state-sponsored attacks are rampant, and every three minutes, RiskIQ blacklists one mobile app, 300 phishing pages are published, and 43.5 malicious ads traverse the digital advertising ecosystem. For the good guys, this modern digital threat landscape moves too quickly for security teams to rely on manual processes and disparate tools, which cause security teams to be prohibitively slow, inefficient, and expensive. The time has come to embrace the power of a digital defense platform strategy, built on comprehensive internet data with the ability to map your digital attack surface, monitor it, and anticipate and counter this growing class of threat before it can impact customers.

A digital threat management platform boosts cyber resiliency with fewer resources and can even help teams manage their attack surface in-house—savings which can make a strong cost-justification case to any C-suite. Two simple benefits of a digital threat management platform are the speed and precision at which they help security teams operate, advantages that not only boost cyber resiliency but also reduce expensive security team manhours. Savvy and experienced IT management teams know that a reduction in hours reins in department expenditures and frees skilled employees for additional tasks that protect the business and reduce its attack surface.

A platform approach can save time in a multitude of ways. For example, a team not using a digital threat management platform might deal with a daunting amount of data from various sources, requiring a large group of analysts logging long hours to make sense of it. However, by ingesting and analyzing data from several sources, a platform can drastically reduce the volume and increase the relevance of the data delivered to them, providing insights that can help them more efficiently triage alerts.

Speed is the other critical factor. A team managing a company’s brand against fraudulent social media accounts, phishing sites, and fake mobile apps needs to be able to identify, locate, and act on these external threats as soon as they're stood up. Unfortunately, with multiple people using multiple tools, time may be wasted, or worse, threats could be missed altogether.

Cyber adversaries rotate domains in less than five minutes, and by the time this team could piece the data together, it would be too late.

However, with a platform, once an issue is found, the team can do the same amount of work in far less time, identifying characteristics of the attacker’s infrastructure, such as IP addresses, domains, and security certificates to find and mitigate the source of the attack and proactively address future ones.

The justification for traditional cyber defense tools typically starts with their ability to prevent material damages associated with a potential data breach, but for new digital threat detection and mitigation technologies, time to respond, threats pre-empted, and time saved on investigations and takedowns can shave thousands, or even millions of dollars off of security spend.

When integrating some new security technologies, if you’re not looking holistically at the threat landscape and considering a platform approach, reducing the time to respond to threats, exploits, and cyber adversaries is difficult (if not impossible) and can lead to IT department budget overruns.

To further explore the return on investment (ROI) a digital threat management platform- based approach can deliver, Frost & Sullivan released “The Digital Threat Management Platform Advantage: Justification and Resource Optimization” report. The report established a Cyber Resiliency Framework businesses can use to properly invest in and build a digital threat management program that defends their attack surface in the face of mounting external threats.

To ensure your company’s digital threat intelligence and protection mechanism is effectively addressing security outside the firewall, make sure it provides the following elements:

1. Defend (continuously improve cyber protection platform, harden defense tools)

2. Prepare (intelligence-led assessment of systemic vulnerabilities, cyber drills/simulation exercises)

3. Absorb (ability to detect breaches/prevent attacks if possible, always on standby for next attack/breach)

4. Recover (reducing the time to respond, knowing how to respond, organization- wide stakeholder involvement)

5. Adapt (enhancing organizational cybersecurity consciousness, applying lessons learned)1

Don’t hesitate; organizations can no longer expect to be spared by the current waves of internet-scale cyber-attacks. Whether you’re modernizing your digital threat management program or just starting one, your organization must be able to scale its defenses cheaply and efficiently, which can only be done with a digital threat management platform.

1 “The Digital Threat Management Platform Advantage: Justification and Resource Optimization,” Frost & Sullivan, Jarad Carleton.

About the Author

Elias (Lou) Manousos, CEO and Founder, RiskIQ Elias is a recognized expert in Internet security and fraud prevention. He has been developing and delivering enterprise protection technologies for more than 15 years. As CEO of RiskIQ, he has spearheaded a new approach that helps Internet, financial services, healthcare, media and consumer packaged goods companies protect their brands from online fraud. Elias is also co-chair of the Online Trust Alliance (OTA) Anti-Malvertising Working Group. Visit him online at www.riskiq.com

YES, ONE USB DRIVE CAN CAUSE HAVOC

by Ruben Lugo of Kingston Technology

The wizardry one USB drive can cause and provide. Whether it’s accidentally lost, carelessly left behind or maliciously programmed and placed somewhere, it is sure to be found. A single USB drive has the potential to do some serious spoiling or add a layer of security outside the firewall if you have a standard or policy.

Ouch!

USB drives have capacities ranging from a miniscule 256MB to a titanesque 2TB. Its portability and extremely easy ability to be connected to various networks make it super susceptible to being lost and breached. And that leads to the possibility of critical, important, classified, sensitive – pick any dire-sounding adjective of your choice – data landing in the hands of some not so well-meaning individuals.

CODEPENDENCY OF CYBERSECURITY &PHYSICAL SECURITY

Security professionals face a number of issues with breached data. Due to the interrelated nature of cybersecurity and physical security, the failure of one directly impacts the other. A perfect example of this was the discovery in the fall of 2017 of an unencrypted USB flash drive in West London containing sensitive and secret information regarding Heathrow Airport.

The 76-folder/174-document drive detailed measures employed at Heathrow to protect the Queen, a timetable of security patrols, maps pinpointing CCTV cameras, the types of ID needed to access restricted areas, documentation of the ultrasound system used by Heathrow security to check perimeter fences and runways for breaches; and, a discussion regarding the type of threat the airport could face. Fortunately – by chance – an honest individual found it and gave it to the proper authorities. Unfortunately, this means a complete redesign of strategy, security details and access rights. Not an easy task when the reality of the total scope is realized.

Security experts say a critical factor in the Heathrow incident was the USB drive’s lack of encryption. Blocking or prohibiting employees from ALL USB PORTS MAY NOT BE PRACTICAL AND MIGHT LOWER PRODUCTIVITY AS WELL AS LIMIT OVERALL WORK EFFICIENCY. A BETTER WAY, EXPERTS SAY, IS FOR COMPANIES AND ORGANIZATIONS TO INSIST EMPLOYEES use encrypted USB drives, by implementing a standard with a company policy which would combine the productivity advantages of allowing USB access while protecting the information at the same time.

A standard or company policy for USB devices extends cybersecurity beyond the firewall and helps manage the port which can be considered “endpoint security.” User access and priority to the ports can be assigned by employee or group profile, or can even be more granular by allowing access from only certain types of encrypted drives.

BYOD (Bring Your Own Device) has become a standard operating procedure at many companies and organizations. But all it takes is one unencrypted USB drive to negate the millions of dollars spent on cybersecurity. A workforce can stay efficient when threats are reduced and risks are managed by deploying self-contained encrypted USB drives.

AND GOVERNMENTS REACT

It stands to reason that sooner or later various government entities around the world would step in and initiate or strengthen cybersecurity regulations to protect data, whether it is inside the firewall or out. A common requirement is that data – both “at- rest” and “in-transit” − be encrypted. Two of note are the European Union's General Data Protection Regulation (GDPR) and New York State’s 23NYCR500 cybersecurity requirements concerning financial services companies.

Replacing a 1995 directive, GDPR creates new safeguards and requirements to strengthen data protection rights for individuals within the EU. After a two-year phase-in period, a compliance deadline of May 25, 2018 marks complete implementation and strict enforcement for companies to comply. Noncompliance after that date can result in companies receiving astronomically high expensive fines. It is applicable to both EU and non-EU organizations, which process data of EU residents.

The New York regulation demands financial services companies protect customer information and related IT systems. It requires each company to assess its specific risk profile and design a program to address and manage its risks efficiently and timely. Thus, it must ensure the safety and soundness of the institution while also protecting customers’ personal information. It applies to every organization in New York state that processes corporate/personal data and took effect February 15, 2018.

HARDWARE-BASED ENCRYPTION

Secure, encrypted USB flash drives are an essential pillar of a comprehensive data loss prevention (DLP) strategy. Of these, the most effective are drives where the encryption is implemented in the device’s hardware in order to combat ever-evolving threats.

A USB drive with hardware-based encryption is an excellent, self-contained solution in protecting data from breaches, while also meeting evolving governmental regulations. They are an ideal solution for applications ranging from small-business owners to the military and all branches of government. Such devices that meet tough industry security standards offer the ultimate security in data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-contained and don’t require a software element on the host computer. No software vulnerability eliminates the possibility of brute-force, sniffing, and memory hash attacks.

They have digitally signed firmware that cannot be altered as well as a physical layer of protection. These drives come epoxy-dipped as a fundamental while other options feature epoxy-filled cases that prevent access to the physical memory. In contrast, a USB drive with software encryption uses software that runs on the host computer and has no physical layer of security making it extremely vulnerable to attacks.

Top-of-the-line hardware-based encrypted USB drives use AES 256-bit encryption in XTS mode. This ensures that anyone who finds such a drive cannot access the information, as the drive wipes itself clean after 10 attempts of a brute force attack or password guessing.

HARDWARE-BASED ENCRYPTION REQUIREMENTS

• Self-contained and physically located on the encrypted drive • The encrypted USB contains a random number generator to generate an encryption key, which the user’s password unlocks • Increased performance by off-loading encryption from the host system • Safeguard keys and critical security parameters within crypto-hardware • Authentication takes place on the hardware • Cost-effective in medium and larger application environments, easily scalable • Does not require any type of driver installation or software installation on host PC • Protects against the most common attacks, such as cold boot attacks, malicious code, brute force attack

In addition to the Heathrow Airport incident, below are a few other ‘lost’ USB flash drive events.

• In early 2016, St. Luke’s Cornwall Hospital (SLCH) in Cornwall, N.Y. suffered a potential healthcare data breach after a USB thumb drive was stolen from its facility. Potentially affected information included patient names, medical record numbers, dates of service, types of imaging service received, and administrative- type information used for internal business purposes. While Social Security numbers and electronic medical records were not included, the personal data of 29,156 individuals were allegedly affected.

• A 2016 research project conducted by Google, the University of Illinois Urbana- Champaign, and the University of Michigan randomly spread 297 unencrypted USB drives around the Urbana-Champaign campus. 290 of the drives (98 percent) were removed from their drop locations. Drives were plugged into finders’ computers within a median time of 6.9 hours. The researchers suspect that the ‘finders’ initially acted altruistically to try and find the drives’ owners, but their curiosity soon took over, as they proceeded to open other files, including one labeled “vacation photos.” Whatever their reason for opening the files, the study points out that individuals coming across an unattended USB drive will open it. If it is an unencrypted drive, the ‘loser of the drive’ risks having all manner of valuable data exposed, stolen, or lost for good.

• In July 2015, police in Brighton, Sussex England stumbled upon a stolen USB drive holding personal data of 13,000 customers of Barclays Bank. Authorities came upon it while arresting an individual for another matter. Information contained on the drive included names, dates of birth, addresses, occupation, salaries, debts, insurance policies, mortgages, and passport and national insurance numbers. It was feared that thieves may have made multiple copies of the sensitive files.

• In 2013, health-care provider Kaiser Permanente notified nearly 50,000 patients that a USB flash drive containing their personal data was missing. The flash drive contained the name, medical record number, date of birth, and medication of patients obtaining health care at the company’s Anaheim, California facility.

• In July 2013, U.S. Securities and Exchange Commission employees’ Social Security numbers were exposed after a former worker unwittingly downloaded sensitive human resources data to a thumb drive. The worker allegedly downloaded information inadvertently from agency personnel files that included employee names, birthdays, and Social Security numbers onto a USB drive before taking a new job with another federal agency.

About the Author:

Ruben Lugo is the Strategic Product Marketing Manager for Kingston’s Encrypted USB line, including the globally respected IronKey, Enterprise SSD’s, NVMe solutions and Server Premier DRAM solutions for today’s high performance servers. As a solutions, technology and security enthusiast with over 18 years’ experience, Mr. Lugo leverages his unique expertise from the CE, AV and IT Networking industries. He’s contributed to the initiation of new trends in technology from launching the first reliable wireless high definition audio video distribution system to high-bandwidth fiber optic networking solutions.

KNOWLEDGE IS POWER: CONFRONTING THE INTERSECTION OF DIGITAL TRANSFORMATION AND DDOS by Nilly Assia

Digital transformation is sweeping over enterprise, bringing with it obvious benefits for business, such as the move from CAPEX to OPEX, improved efficiency and unprecedented interconnectedness. However, while digital transformation is anticipated to be the major driver for business in the coming years, with every upside comes a downside, and in digital transformation’s case, that means increased exposure to cyber threats. In fact, since the massive move to the internet and digital platforms, distributed denial of service (DDoS) attacks, or attacks in which multiple compromised computer systems target web address or server, requiring the victim to deny service, have increased 125 percent year-over-year. And not only are DDoS attacks increasing in frequency, they are increasing in severity, duration and complexity. As a result, businesses should stay educated on DDoS threat trends and have a few simple tools on hand for protecting their networks from such attacks.

While gaming and retail companies have been the major targets of DDoS attacks, financial institutions, public services and business service providers are also facing an insurgence of DDoS attacks. This has less to do with the pay outs that the hackers get for ceasing the attacks (gaming and retail are known for their large payouts), but rather the ease of access to DDoS attack services. All a potential “hacker” needs in their arsenal is Bitcoin currency and they have everything in place to carry out a massive DDoS attack on their competitor, nemesis, or really anyone they feel like causing sorrow. While there are defense tools to prevent the wide spectrum of DDoS attacks, a few simple actions on your network can help deter DDoS attacks.

1. Know what’s connected: The saying “knowledge is power” could not have more context than it does in network security. That’s because with more devices, like the Internet of Things and BYOD, connecting to the enterprise network, it becomes more difficult to know what is connected when, which devices are given certain permissions, and most of all, where those devices go and do after they leave workspace. Once you have a network visibility tool, knowing what’s connected to your network when is an automated, off-the-cuff process. No need to educate employees, contractors and visitors – once they connect to the network, you’ll know everything about their device and bring it into compliance.

2. Automated controls: One of the older forms of DDoS attacks (but still relevant) are Local File Inclusion attacks, whereby a user gains unauthorized read access to local files on the web server. This form of attack is made possible by vulnerable devices that have access to enterprise data, but may not have the right firmware, anti-virus and security controls enabled on their device. Using automated compliance controls can be a big help for system administrators who want to put their knowledge to action. Set automated policies so that vulnerable devices will be immediately controlled and brought into compliance, or kicked off the network.

3. Secure authentication: DDoS attacks are really made possible through the “loopholes” in internet security, namely the inherent weaknesses in TCP/IP-based internet. And while there’s currently no other choice, it’s important to understand your architecture and the security of your server communications. If a hacker can create proxy users that are able to overload the system, maybe consider a different authentication method for your site, such as two-factor authentication or one-time passwords. While, eventually DDoS attacks will grow to meet higher authentication standards (as they already have), at the moment it’s more difficult for hackers to breach these levels of authentication, which makes secure authentication a good idea for all users – end users and employees alike.

Though there’s little to be done to prevent and control DDoS attacks as they spread and proliferate (aside from deploying a number of defensive tools, which, by the way, are specified for tens of DDoS attack forms), there are simple steps that system administrators can take to get their security posture in line. Once a baseline of normal network activity is established, it will be easier to spot suspicious activity and shut down the network before DDoS takes control.

About the Author

Nilly Assia. With more than 15 years of industry experience, Nilly leads the development, execution and organization of the company’s global marketing strategy. Prior to joining Portnox, she served as a Marketing Director at Gemalto, formally SafeNet, one of the largest information security companies in the world. During her time at Gemalto, she served in a variety of marketing disciplines including product, field, operations, and corporate marketing leadership roles. Before Gemalto, Nilly led the product marketing team for the USB business at SanDisk. Nilly holds an MBA from London Metropolitan University. Learn more about Nilly at https://www.linkedin.com/in/nillyassia/ and visit her online at http://www.portnox.com.

HEALTHCARE DATA SECURITY by Milica D. Djekic

Anyone using the emerging technologies would more or less deal with the data. Data are everywhere around us and what’s important to know – we should care about their security. So, what are the data? Data could get assumed as a content that could be somehow known to the user. Many experts would agree that content we are familiar with could get called data and – on the other hand, something being new to us is the information. Sooner or later – any content would get known to us – so, we would realize that we deal with the data and not that commonly with the information.

The quite significant thing to take into consideration is data security. Why that matters? First, in this digital age any content would have its monetary value – so, many malicious actors could try to sell some data being obtained through the hacker’s activities on the black market. For instance, it’s well known that the financial institutions are so usual target to the cybercrime organizations, because their resources got the quite good price anywhere.

On the other hand, many financial organizations would get aware of the threat and they would invest a lot of time and money in order to prevent the data theft. Also, no bank would be happy to share their clients’ confidential information with anyone for a reason that could affect their reputation.

If your reputation goes low, people would less trust you and you would lose your clients for a while. This is especially risky for business continuity, because if the hackers find the way to exploit your weaknesses – they could cause your business collapses. The similar situation is in the medical sector where staff would deal with poor IT skills and usually not follow the good cyber defense practice.

In other words, the healthcare organizations would get the easy catch to cyber criminals who would slightly obtain the sensitive data and sell them for 10 to 20 times better price in comparation with the bank’s details on the black market. The role of this article is to provide a comprehensive insight into a security of healthcare data and try to explain why those data are so appreciated worldwide.

Just try to imagine someone’s medical record and all the useful information about the patient, the history of his medical conditions and the applied healthcare treatments being provided into that sort of data record.

You would agree that no one would want to share such private information with the untrusted actors and everyone would vote for the best possible protection of those details. Also, you should get aware that such a comprehensive document would get so attractive to the black market which members would get ready to offer the good amounts of money in order to get in a possession of those valuable information. The modern healthcare applications would commonly be the cloud-based ones and you would normally need to know someone’s account username and password in order to make an access to that IT environment.

In addition, those sorts of systems could get correlated with so many advantages such are convenience, flexibility, user-friendly surrounding and so intuitive asset, but – on the other hand – these solutions would deal with the quite weak security. Maybe that’s the price we are supposed to pay in order to make a progress in our historical development – so, usability would always make people choose one technology over another and sooner and later – they would realize that the security is something that would dictate the new trends and tendencies. Some people would say that the sophistication is the ultimate requirement, but we would only add – that’s accurate only if it copes well with the defense.

In our opinion, one of the biggest challenges to the healthcare IT systems could be the access control. Also, what we can recognize as a concern is the part of the world with the higher level of corruption within its societies. That’s important for a reason that so many medical professionals would get created the account with some healthcare IT application and they could sell their login details to some criminal organizations. In some cases, those healthcare professionals could act as the insider’s threats attempting to make harm to their employers.

Also, as it’s well known – many organizations would follow the best security practice and issue the instruction to their staff to periodically change the passwords coping with the well-defined defense procedure. In such a case, those insider’s threats could serve as permanent collaborators to the black market, because they could release the confidential information, say, every 3 months and also contribute as medical advisors to those organized crime or terrorist groups. In other words, it’s not the rare case that in the lower-budget level counties – doctors would sell all they know in order to obtain some sort of financial advantage. Finally, we would like to discuss why any way of the good access control is so important to those cloud-based medical applications.

First, the access control is getting the must within so many commercial IT solutions and we expect that would get the case with the software dealing with the medical records. Also, the tendencies would suggest that so many IT industry leaders would propose the e-mail and SMS verification as a way of obtaining the reliable access control. In both cases – the absolute security is not promised, but let’s says at this stage of our technological development – but, also – it’s quite satisfactory if we talk about today’s security demands. 45 Cyber Defense eMagazine – February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Finally, it’s important to mention that the medical records are so sensitive and quite expensive resources and any sort of crime being linked with them could be so critical to some organization and potentially country. In other words, many governmental agencies worldwide would recognize the medical sector as a critical infrastructure and invest a lot of effort in order to protect those strategically important information. Also, it’s good to know that the modern healthcare IT assets are still the easy target to the cyber underground, so in such a way – it’s good to raise awareness about the possible complications that can occur if such an infrastructure gets hacked.

About the Author

Milica is a frequent contributor to Cyber Defense Magazine and a well-respected cybersecurity professional. Since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cyber security, and wireless systems. Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines. She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.

At RSA Conference 2018, Cyber Defense Magazine will be celebrating our 6th year as a media partner.

Thank you to the RSA Conference team.

Thank you to CDM readers!

“See you at RSA…”

PROTECTING AGAINST CYBERSECURITY’S WEAKEST LINK: THE HUMAN FACTOR by Joshua Behar

There’s no doubt about it -- users pose the greatest danger to cybersecurity in virtually all organizations. As CompTIA’s International Trends in Cybersecurity research concludes, most cybersecurity breaches result from users who are lured by links and payloads delivered via browsers and email.

Despite time, effort, and money invested in security training, employees, contractors, and other insiders are among the weakest cybersecurity link for businesses today. In fact, according to the Managing Insider Risk through Training and Culture Report conducted for Experian by the Ponemon Institute, two-thirds of the data protection and privacy training professionals surveyed indicated that employees were the greatest risk factor when trying to protect their organization from cyberthreats.

In this article, we explore why training is essential, but not sufficient to protect businesses from human factor error in preventing malware attacks. We propose an effective approach to circumvent dependence on employees’ avoidance of potentially deadly behaviors.

WE ALL KNOW THE TRICKS. WHY DO WE FALL FOR THEM?

Safety training, which encourages employees to think carefully about emails and links, and recognize telltale signs of phishing fakery, is unquestionably important and to some extent, effective. When users are calm attentive and focused, they can generally be trusted to take the analytical “slow thinking” approach they learn during training -- rationally assessing pressured appeals and carefully checking for telltale signs of phishing and spoofing.

But even the best training cannot fully root out the cognitive biases that trigger swift response when time is of the essence. These “fast thinking” shortcuts operate on the unconscious level, and streamline the hundreds of small decisions people make every day by limiting the information they must integrate and assess.

Too often, when user defenses are down – when they’re tired, distracted or overwhelmed – training just isn’t enough to overcome default reliance on cognitive shortcuts. It’s a familiar scenario: A warning email arrives from a user’s “bank” or “credit card company,” complete with logo, signature, and a call for immediate action. Stressed and distracted, even knowledgeable users succumb to “fast thinking” and open unknown attachments, click on links, or enter confidential personal information into (seemingly) familiar accounts.

THE DANGER OF SOCIAL ENGINEERING

The most successful and dangerous cyber criminals are keen social engineers who excel at taking advantage of these cognitive shortcuts and biases. Hackers depend on users’ kneejerk reactions, snap judgements, and hasty actions. For these black hat psychologists, it’s all too easy to manipulate people into clicking links that they’ve been taught to avoid. Distracted by hectic, multi-tasking, jam-packed workdays, most employees don’t stand a chance against the social engineering smarts of malicious agents.

That’s why, for organizations today, establishing a strong perimeter defense is key to protecting business-critical data and the users who too often put it at risk.

CYBERSECURITY WITHOUT HUMAN FACTOR DEPENDENCE

Remote browser isolation technology offers a highly effective new approach to securing organizational systems. It eliminates dependence on the human factor while ensuring Internet accessibility and user productivity.

Browsing sessions are executed remotely, away from the endpoints and network, in Linux containers located in the DMZ or the cloud. Within the containers, virtual browsers render websites as safe content streams. Sent to device browsers, the streams provide a natural interactive user experience. Through integration of content disarm and reconstruction (CDR) solutions, organizations can further protect themselves from malware and other malicious payloads that are erroneously downloaded.

A CYBERTHREAT TSUNAMI

According to a 2017 G Data Security report, 14 new malware specimens emerge each minute. Hackers are smarter, more cunning, and are relying on human errors through social engineering to find a way in. Last year, the global reach of WannaCry, NonPetya, and Bad Rabbit served as deadly reminders of just how exposed organizations are across all industries.

With the Internet growing more engrained in all business operations, a new approach is needed to close the gaps in today’s security frameworks. Connectivity and mobility enable organizations to achieve unprecedented efficiencies, but also generate dangerous new security vulnerabilities if they’re not properly managed.

Remote browser isolation represents the next approach to cybersecurity, making it much more difficult for hackers to successfully leverage attacks based on appeals sure to trigger human errors. Analyst firms agree, for this reason among others; Gartner believes RBI technology will continue to evolve into a must-have solution and IDC's cybersecurity report on "validating the known" further illustrates the sophistication of defenseless solutions.

Remote browser isolation is a “win-win” for enterprises that empowers them to protect their networks yet grant users full, unimpeded access to the Internet. As organizations increasingly deploy remote browser isolation as part of their overall defense-in-depth strategy, hackers will just have to find new weaknesses and vulnerabilities to exploit. After all, they’re human too.

About the Author

Joshua Behar is the President and CEO of Ericom Software, a provider of enterprise-grade secure remote access, desktop virtualization, and web security solutions.

He has more than 25 years of experience focused on sales, operations, management, and consulting. Joshua holds a BA in Economics from UCLA and an MBA in Marketing from Bar-Ilan University.

THE CYBER MAFIA

RISE OF DIGITAL GANGS AND VIGILANTES by Marcin Kleczynski, CEO and Co-Founder, Malwarebytes

If you’re reading this article, you’re likely already familiar with the frequency and variety of cyberattacks that happen on an almost daily basis. In fact, it seems like almost every week, there’s a new story about how company X was breached and lost millions of customer records or data. And while it used to be common to imagine hackers as hoodie-wearing, Mountain Dew-drinking, computer nerds sitting in dark basements surrounded by stacks of computer parts, the reality is, the sophistication behind today’s attacks goes far beyond what most of us could previously have imagined.

And while the nuances of cybercrime may be unclear to many, the structure, execution, and purpose of these attacks are reminiscent of well-known criminal organizations throughout history, but instead of tommy guns and violin cases, today’s criminals rely on digital weapons like malware and ransomware to extort and intimidate their victims.

At Malwarebytes, we recently commissioned a study to take a closer look at today’s cybercriminals to better understand and educate the marketplace on how to fight back. What we found was very interesting.

THE RISE OF CYBERCRIME

As the world has become more interconnected, hacking—once considered the wheelhouse of hobbyists and enterprising individuals—has taken a more sinister turn. In the last 20 years, cybercrime has evolved from computer viruses and worms that commandeered a select number of PCs to massive security breaches and cyberattacks affecting millions of individuals and companies.

Motivated by the potential for a quick profit, unprecedented control, and the ability to cause widespread panic, criminal organizations, nation states and ideologists alike have turned to the digital landscape as their new preferred medium for nefarious activity. And because of the low barrier to entry, individuals, and groups can be up and running in with relative anonymity in a very short time, creating a vicious cycle. As more people and organizations engage in criminal activity, cybercrime becomes more sophisticated, which in turn means a greater number of individuals and businesses are at risk.

Furthermore, the pace at which cybercrime is evolving is having harmful effects on the behaviors of both individuals and businesses. For individuals, news of the latest threats and the spread of cybercrime has created a sense of fear that may overstate the risks. For businesses, the difficulty in identifying more sophisticated means of cybercrime can create a false sense of confidence.

MISUNDERSTANDING THE THREAT

There are several ways for cybercriminals to target businesses and individuals, these include: theft of funds, theft of personal/customer information, wide-scale data breaches and IP theft to name a few. Any delay in identifying such attacks can lead to confusion around the size and scope of what is really at stake. The growing sophistication of cybercrime and the ability of criminals to evade detection, means that businesses often only discover that they are a victim months or years down the line—a troubling fact when you consider how quickly cybercrime is rising.

According to PwC’s global economic survey, 32 percent of 6,000 respondents reported having experienced cybercrime in 2016 compared to 24 percent in 2014. Recent data from Malwarebytes confirms this increase, finding that in the first 10 months of 2017, the number of attacks had already surpassed the total for all of 2016.

Turing to the consumer side, we find that things aren’t much better. Because many individuals have only limited first-hand experience dealing with cybercrime, factual coverage and fictional depictions of the realities of cybercrime are often blurred. One of the unfortunate side effects of relying on the news for cybercrime awareness is that there is a tendency to emphasize sensational headlines—usually at the expense of valuable contextual details. Take for example the WannaCry attack in May 2017. Many news outlets reported on the 200,000 infected machines in 150 countries, but far fewer noted that hardly any money had actually exchanged hands—only £108,000 by August 2017.

THE NEW GANGS

As mentioned earlier, the relatively low barrier to entry and availability of information online has made it easy for new participants to take up cybercrime. This in turn has transformed cybercrime from isolated events into pervasive, wide-scale operations run by distinct groups of individuals. Similar to the criminal gangs that dominated major cities like New York in the 1930s, these new participants are largely attracted to the potential for riches and power. 53 Cyber Defense eMagazine – February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Similarly, these new cybercriminals often resort to fear, intimidation, and a feeling of helplessness to achieve their goals. Just like mobsters who would muscle into a business with threats of violence or “accidents,” cybercriminals are taking command of computers and sensitive personal information, which they use to threaten their victims. These distinct groups— traditional gangs, state sponsored attackers, ideological hackers, and hackers-for-hire—have become the new gangs of cybercrime. And while each has a unique set of motivations, they all employ a constantly evolving array of tactics to infiltrate, strong-arm and create terror.

As these new gangs continue to evolve and grow, security breaches and cyberattacks have grown in scale as well with ransomware emerging as the latest tool of choice for cybercriminals. The rate of ransomware attacks, as detected by Malwarebytes, exploded by 289 percent in 2016. In fact, between September 2015 and September 2017, the number of ransomware attacks detected increased by 1,988.6 percent. These figures, as well as the high-profile WannaCry and Petya attacks of 2017, illustrate just how quickly the methods of cybercrime can evolve and how quickly they can spread around the world.

FIGHTING BACK

Although many law enforcement agencies and regulatory bodies have developed specialist teams devoted to cybercrime, the fragmented, global nature of technology makes it difficult to identify and thwart these illicit activities.

But this is where you can help! Individuals and businesses alike can help the global effort against cybercrime groups by sharing collective experiences to build knowledge and awareness. Creating an environment where the risks are better communicated and understood enables individuals and businesses alike to better identify and prevent threats.

Individuals and businesses with first-hand knowledge of cybercrime can prove invaluable to the creation and sharing of intelligence. Although law enforcement agencies will continue to make great strides, individuals and businesses have the power to change mindsets and help take protection into their own hands.

Unless we begin to accept, share and learn from our collective experiences, cybercriminals will continue to operate in the shadows. We need to start a dialogue to normalize and demystify cybercriminal’s activities.

Marcin Kleczynski is the CEO and Co-founder of Malwarebytes. He oversees the strategic expansion of the business, as well as the long-term vision for the research and development teams. Marcin has been recognized for his work in cybersecurity, receiving the Ernst and Young Entrepreneur of the Year award, and being named to the Forbes 30 Under 30. Follow Marcin on Twitter: https://twitter.com/mkleczynski.

RESOLVE SECURITY ISSUES INVOLVING BUGS WITH BETTER QA STRATEGY

The main objective of software testing of an application is to search the bugs in it and make efforts to the make the software testing bug free. When a bug is found have a conversation with a developer. Prior to report the bug, assure that the bug is well documented with the phases to repro, situations under which this bug is happening, how many times it happens and the projected outcome of the bug.

The bug report must be complete and correct, so that the developer can know the exact reason of failure. As a result, developer gets the correct idea of issue faced by the user and it helps in resolving the issue accurately. To expedite this task, the tester must repro the bug and confirm that this is a bug and add similar repro stages with instance and attach screenshots which proves that a bug is encountered. Also, attach the associated logs that provide the activities regarding the time of bug occurrence.

At the time of reporting the bug, it must be allocated into different classifications, such as Business or Functional, that will help to classify the bugs in the bug management.

The method of the tester will help a lot in getting the bug fixed accurately and quickly. Prior adding a bug assures that you don’t add any duplicate bug that is already logged. Most of the bugs tracking systems identify or prevent to add duplicate bug if any that restricts adding unnecessary bugs that will help in reducing the rework in the event of bug management.

[Recommended Read: Top Defect/Issue Tracking Tools of 2018 ]

Together with bug report, adding a little additional information would help the developer in getting the exact steps or scenarios for understanding the issue such as environment configuration, versions (like Browser name and version), types of hardware and software and setup, etc.

Different fields in which you can see the bug:

• Bug Title: It helps in identifying the bug in one liner explanation. • Bug Identifier: It is auto produced unique ID for identifying the bug. This field is auto populated in the Bug Tracking Tool. • Description: This covers the description of bug together with the precise stages for reproduce, estimated result and actual result. • Status: This field specifies the exact status of the bug in Bug life cycle. • Bug Assignee: This is the developer name that is accountable for resolving the bug. • Bug Cc: This adds the manager and indicates the email address in the CC list. It is auto populated based on configuration in the Bug Tracking Tool. • Reported On: This specifies date on which the bug is occurred and reported. • Browser: This field specifies on which version and browser this problem is occurred.

• Bug Type: The bug is classification into different classifications, such as Navigational, Functional, GUI, etc. • Environment: This indicates on which OS platform this bug is occurred. • Component: This field specifies the sub modules of the product. • Priority: The priority is set up as P1 to P5, where P1 implies ‘first fix this bug’, which means priority is highest and P5 implies ‘no urgent’; when you get the time fix it. • Severity: This signifies regarding the influence of the bug. • Reproduces: This section indicates that you have options like Sometimes and Always. • URL: The URL indicates the page on which the bug is occurred. • Build Number: This field defines the number of Build on which the Bug is found.

Create a Bug Report and Resolve the Issues

1. Report the Problem As Early As Possible

At the time of automation software testing, if you detect any bug, then immediately add this bug in the Bug Tracking Tool. Avoid waiting for writing the bug in detail later. If you think to report the bug afterwards, then there is a possibility that you may miss some essential reproduce stages. Immediately reporting the bug will help in writing a good bug report that helps the developer in getting a precise idea of issue faced by the user.

2. Double Cross Check the Bug Prior to Reporting the Bug

The bug must be reproducible by using additional ‘stages to reproduce’ in the bug report. If you think that the bug does not reproduce continually, then it must be reported in the bug using the field ‘Reproduces: Sometimes’ field in the bug report.

[Related Read: How to Reproduce a Non Reproducible Bug]

3. Check if the Same Bug is Occurring in Some Other Related Module

Most of the time similar problem might occurs in different module of the project as well. So, there is a possibility that happening of the similar problem in different module. Carefully check this prior to filing a bug and if is occurring then this must be added in the bug report.

4. Write a Good Bug Summary

Built on the bug summary the developers are able to identify the nature of bug. If the summary of bug is not that good, so because of bad quality bugs will unnecessary rise in the bug cycle. The summary of bug must be good enough and well communicated so that the developer must understand the particular issue.

5. Avoid Using Aggressive Language in Bug

Finding bug is good but this doesn’t mean that will use aggressive language in bug as against developer or any person or must not blame the developer.

6. Review the Bug Report before Clicking Submit Button

This is a good practice for reading the bug prior reporting it. You must check the Title, Stages and Summary to repro in the bug report. Once again check the use of aggressive language in the bug report. You can add screenshots that helps to prove that a bug is encountered.

Conclusion

The Bug Report is the communicator between the manager, developer, tester and lead regarding the bugs in the system. So, it is the bug quality document report that must be high. A good bug report saves the time of tester and developer. Therefore, while automation software testing take proper time and resolve all the issues.

About the Author

Munish Garg, is a Senior Coordinator QA Engineer & Editor associated with Bugraptors. His passion for helping people in all aspects of software testing flows through in the expert industry coverage he provides.

In addition to writing for Software testing, he expands his knowledge and tact’s for decoding all the critical issues while doing software testing several domains.

TWO STRATEGIES TO GET MORE VALUE FROM YOUR EXISTING THREAT INTELLIGENCE SOURCES

USING NORMALIZATION AND MACHINE LEARNING TO GET MORE FROM YOUR THREAT DATA

by Wayne Chiang, Chief Architect and Co-Founder, ThreatQuotient

While the year-end results haven’t been tallied, 2017 saw a record number of breaches with 3,833 reported through the end of September 2017, exposing over 7 billion records. Obviously, the Equifax breach skews the number of records exposed, but the number of reported breaches is still up 18% compared to the same period in 2016.

As organizations look to better protect themselves from such attacks, they may think more threat intelligence will help. But organizations typically have more threat intelligence than they know what to do with. They have multiple data feeds, some from commercial sources, some open source, some industry and some from their existing security vendors – each in a different format. On top of that, each point product within their layers of defense has its own intelligence.

More threat data isn’t necessarily the solution. The biggest challenge is organizing the data you do have and optimizing the value to your enterprise. This requires aggregating intelligence from disparate sources into a central repository and designing a strategy for normalizing data and minimizing segmentation.

When it comes to organizing the data, one of the first tasks is the mapping of different attributes for indicators of compromise (IOCs) that all refer to the same thing. For example, using Lockheed Martin’s Cyber Kill Chain, we frequently see several variants from different feeds: Command and Control, C2, C&C, C2IP, C and C, Command & Control and CnC.

How can we prevent segmentation when these values all point to the same thing? An example of how this rears its ugly head, is when we search for IOCs created within the past 48 hours that fall within the Command and Control stage of the attack phase. Without a proper segmentation strategy, we will have to perform multiple searches with different variants of the C2 value or devise some sort of convoluted wildcard search. These manual and time-intensive methods result in a less than ideal situation that may even cause IOCs to slip through the cracks.

Here are two strategies to approach this challenge:

1. Normalization. This approach involves defining a schema of standardized values. For example, the “Impact” indicator attribute can only come from a list of possible values: low, medium, high and critical. Standardized values prevent segmentation by ensuring that all values within the system are limited to approved values. When coming up with a predefined list of values, we will have to consider future flexibility to account for the constantly changing threat landscape and the ways to describe adversaries’ tools, techniques and procedures (TTPs). This also results in one of the challenges with standardizing values: creating a comprehensive schema that will cover all different threat intel artifacts.

Using a central repository to aggregate and correlate threat intel you can quickly see all IOC attributes available within your environment. This can be a good starting point for seeding your initial schema values and understanding what kind of data your providers are publishing. Once you build a schema, you can use the repository to automatically enforce standardized values by preventing users from creating new values within the system. When users want to add a new attribute to an IOC, they will have to select it from the schema list.

When it comes to normalizing values from different vendors, we can also employ a translation layer strategy. For example, if any of these incoming values equal “Fancy Bear, Operation Pawn Storm, Strontium, Sednit, Sofacy, Tsar Team,” we can rename the output value to the organization’s designated name: APT28. This “rosetta stone” allows the various values used by different vendors to be remapped and enables analysts to reduce confusion. Something to think about with this strategy is determining whether to store the original value from the vendor for the purposes of handling future data integrity. It is also important to note that normalization often requires work on the analysts’ part as the mappings will eventually become their own.

2. Machine learning. In this approach, we leverage machine learning as an innovative way to predict the meaning of various types of values. With a sufficiently large dataset, we can analyze the overlap of different artifacts such as adversary names or malware families and reduce the variants into a single shared value. For example, the following malware family names can be distilled into a common shared value: Ramnit

a. Win.Trojan.Ramnit-1847 b. W32.Ramnit.C!inf c. Win32/Ramnit.N d. Win32.Nimnul.a e. Virus.Ramnit.I f. VBS/Ramnit g. Backdoor.Win32.IRCNite.bwy

An otherwise manually intensive process of pivoting back and forth between IOCs can quickly be solved by applying some novel machine learning. Not only does this reduce confusion with a simplified common language, but we can also derive new, interesting relationships that may exist between different objects. This is especially true when we start to look at intrusion datasets that share common artifacts. We can start to build an understanding of how various events are tied together as well as the various vendor-applied names used to describe the attacks. As an organization’s threat library grows, the predictive accuracy of machine learning can increase with the addition of new threat artifact relationships. However, it is important to remember that machine learning will always require analysts to correct any mistakes or add new values it missed. In other words, machine learning is NOT a silver bullet and does require human oversight.

To start to reverse the upward trend of breaches each year, organizations need to devise ways to make better use of the threat intelligence they have. These two strategies for tackling data segmentation within your team will help. As your team starts building requirements for your threat intelligence repository, fine details like indicator normalization with play a critical role in the effectiveness and usability of your data. Balancing flexibility and preventing data schema abuse is a persistent challenge within the industry but one that is surmountable with the right strategies, tools and talent working together in concert.

About the Author

Wang Chiang, Chief Architect and Co-Founder, ThreatQuotient Wayne is a cybersecurity professional with a passion for implementing elegant solutions to complex problems and perpetually optimizing everything he touches. He leverages his cross-functional industry experience in software engineering and cybersecurity to develop innovative strategies in mitigating risk from advanced cyber threats. Wayne is also exceptionally precise and adept in describing his accomplishments in the third person.

THE GHOST IN THE MACHINE

INVESTIGATING THE COST OF DIGITAL FRAUD AND WHAT PUBLISHERS CAN DO TO COMBAT IT. by Jay Horton, SVP, DEV/CON Detect Ad Tech Security®

Publishers and advertisers have become dependent on the programmatic ecosystem. What was once a somewhat closed marketplace, managed with direct oversight of manual insertion orders, has added millions of advertisers with unfettered access to audiences of millions of Web sites. According to Forrester, U.S. digital marketing spend will approach $120 billion by 2021. Investment in paid search, display advertising, social media advertising, online video advertising and email marketing will pace to 46 percent of all advertising in five years.

For all the benefits of an open marketplace, there is a dark side. Bots and botnets, arbitrage, ad injectors, domain spoofing, and more are all types of digital fraud that has infiltrated the system and has exploded over the past several years. When multiplied by millions of users, all layers of the advertising ecosystem are affected from a traffic perspective AND, more importantly, a revenue perspective.

AD FRAUD COSTS PUBLISHERS BILLIONS

Today, the ad fraud estimates are astounding. For the billions of impressions lost, the resulting loss of revenue was projected to be nearly $10 Billion in 2017, effectively doubling the annual loss in just six years. If prevention efforts are not intensified, 54 percent more marketing dollars will be lost per year. More than half. Can publishers really afford to lose more than half?

Methbot, the most aggressive and insidious fraud suspects of 2016, is thought to have stolen between $3 million and $5 million per day. It does so by disguising itself as a credible publisher, then targeting video ad inventory by simulating human actions, and masking data center origins.

In late 2017, the Wall Street Journal reported on the Hyphbot attack, taking $500,000 a day from advertisers that would have otherwise gone to publishers. It is estimated that this type of fraud costs advertisers $2 billion annually.

The significance of the Methbot and Hyphbot attacks cannot be underestimated. More than 6,000 publishers were directly affected, causing distorted metrics that result in higher scrutiny by advertisers. And while “bots” do account for a substantial percentage of the fraud experienced by publishers, it is not the only source. The human factor is just as relevant to the fraud discussion.

In the case of one mid-sized publisher, the fraud came from a human source. By merely changing code and redirecting traffic, this hacker was able to embezzle up to $900,000 in less than twelve months. For fraudsters, all it takes is a few simple key strokes, some new code and redirects. It’s that easy and extremely profitable for someone to engage in ad fraud.

Here’s one publisher’s story – a mid-sized publisher in the U.S. was experiencing tremendous success with about one million unique visitors each month and 3.5 million page views. But as these numbers continued to grow, revenue began to decline inexplicably. It can happen to anyone.

Here are some of the warning signs for publishers to look for:

● Traffic increases, declining revenue ● Missing impressions ● Reporting inconsistencies ● Defensive employees

For this publisher, declines became more significant monthly and something had to be done, but the publisher couldn’t identify the problem, only the symptoms. The publisher partnered with DEV/CON Detect, an ad tech security vendor and what was found was shocking. Malicious changes to the code itself were found as well as fraudulent tags throughout the system.

This triggered a thorough system audit and a full-scale fraud mitigation search. This process included much more than just unearthing the issues; it involved updating the code, changing the organizational structure to develop a better system of checks and balances and ongoing scanning to detect unauthorized access.

The result was an indictment for the internal bad actor, aided by thorough documentation from the ad tech security vendor. The publisher also saw immediate revenue increases, with an exploited ad tags that were redeployed delivering up to 275% more ad dollars the very next month.

As ad fraud continues to grow and new methods of perpetrating this fraud are unearthed, revenues will continue to decline sharply. Analytics will come into question as results do not meet expectations.

Today, the publishing industry is under attack and it must engage in aggressive measures to protect the integrity of data and revenue. Once viewed as a national problem, digital ad fraud has been seeping into the fabric of regional and local publishing as well.

On the local level, it’s difficult for increasingly smaller publisher teams to possess the resources and knowledge to navigate the complexities of the digital landscape, which makes these smaller markets easy prey. Despite vendors’ efforts at due diligence, programmatic solutions on the regional and local level are primarily responsible for opening the door to these attacks.

Bad actors are constantly adapting to manipulate these solutions. The risk is compounded by the exploits in direct buy campaigns and ad serving from content partnerships. The same diligence exercised at global level needs to trickle down to the local markets, making ongoing monitoring a crucial and necessary strategy for publishers. The door has to be closed.

Attacks on programmatic videos are seen as one of the greatest opportunities for fraud growth. Especially given that nearly 35 percent of traffic at any given time is done by these bots. With videos on the rise as the preferred target of bots, they are not the only advertising asset at risk. “Click injection” is project to garner increased attention this year as well. The fake clicks are bolstered by bots. In 2015, more than 20 percent of video ad impressions were directly linked to bots.

WHAT CAN PUBLISHERS DO?

Reporting. Reporting. Reporting.

Consistently identifying and proving the validity of the numbers will produce more accurate ROI numbers and protect the business side of publishing. More filters means more control, which means better numbers.

By initiating fail safes, the publishing industry can enhance its standing as a trusted partner further minimizing advertiser concerns that digital ad dollars may be at risk. Prudent advertisers are verifying and re-verifying all analytics, data, and traffic measurements. They are diving deep into the numbers to scrutinize the cost per thousands for their campaigns. If anything looks out of place, they will question it.

By locking down the data, both publisher and advertiser share the same view, cementing stronger partnerships and truly protecting the integrity the industry.

Maintain Good Ad Tech Hygiene.

The complex ad tech ecosystem requires checks and balances to thrive. Publishers should be able to answer questions like these to protect their own interests and those of advertisers and users:

● Who at your organization is the person responsible for maintaining ad tech hygiene? ● How often are security protocols reviewed? ● Do you have a system for tracking and auditing your website’s Javascript, plug- ins and/or modules?

Consistent documentation, audits and updates are crucial since turnover is typically high in Ad Ops positions.

Partner with a Trusted Ad Tech Security Vendor.

DEV/CON Detect helps publishers grow revenue by resolving ad tech issues, as evidenced by our partnership with this mid-sized publisher. Our team of digital advertising professionals, white-hat hackers, and data scientists leverage our patent- protected technology to: detect, fix, and monitor both technical and organizational vulnerabilities to protect and increase agency and publisher revenue. Ultimately, by working together, the industry becomes much more stable. The numbers become real numbers again. And the industry thrives.

About the Author

Jay Horton is the Senior Vice President for DEV/CON Detect Ad Tech Security® and has spent the last two decades driving revenue growth for local media companies, including Knight Ridder, Gannett, The E.W. Scripps Company and more. Additional writing contributions for this article include Casey Hester Vice President of Customer Success with Jennifer Shaw. Additional Research for this feature from Maggie Louie, CEO, and Josh Summitt, CTO.

VEHICLE VULNERABILITIES

INSECURE COMMUNICATION STRIKES AGAIN by DRP; Cybersecurity Lab Engineer

Consumers have spoken and the OEMs have listened. The consumers want increased connectivity not simply for productivity’s sake but also for convenience. It is by far easier to, for example, interact through the head unit and display an interactive map as the user drives the vehicle towards their destination, versus putting the address into the user’s cell phone’s app and trying to watch the map on the phone and drive. Some may tern this distracted driving, which is strictly frowned on. The response has been rather resounding from nearly all OEMs with the increase in apps, functionality, and ease of use. There is presently in use apps for the Android and iPhone devices, Android Auto and Apple CarPlay, that use the smart phone for the head unit (HU) display. Although this is a benefit for the user, there have been issues for the OEM, and their suppliers with their apps and functionality. One such occurrence was last year with Hyundai’s Blue Link.

OPERATIONS

The Blue Link is a mobile application for users to implement as they interact with their vehicle. With this in place, the users are able to lock, unlock, start and stop the air conditioning or heat, and start the vehicle from a remote location. An additional secondary benefit to the app is it allows for stolen vehicle recovery and vehicle health reports to be emailed to the user and other parties. These functions are not an anomaly in the market. These have been in use for some time with other OEMs. These are however well received by the users, as they are in their office in an cold January and they start their car from their desk located in a warm office.

Overall, the app is exceptionally useful and has improved the user experience with the vehicle. This app is available for the Android and iOS platforms.

ISSUE

With any product line, there are incremental versions, manifested by the improvements and enhancements. It is not conceivable to have every aspect included into the first initial versions. Each new version includes the improvements, adjustments, and other modifications to improve its operations. In this case Hyundai introduced version 3.9.4 on December 8, 2016.

Although this did download increased functionality, it likewise introduced a bug. The issue was detected and researched by Rapid7. The vulnerability indeed appeared with version 3.9.4, however continued with 3.9.5. The Blue Link was intended to improve the user experience; however the functionality did not fully incorporate cyber-security as it should have.

The app was coded to transmit the logs to a static IP over HTTP (port 8080). The logs contained login credentials, PIN, user’s email address, and GPS data. The logs themselves were encrypted with a simple static key, which was 1986I12Ov09e, which was symmetric. The passwords were hard-coded. Individually, these may not have been the optimal choice for the app. When combined, this was not implemented well or with significant security-oriented forethought.

METHOD

Unfortunately, prior to the fix, this vulnerability could be exploited with a simple MitM attack. The attacker would be analyzing situations when the user is not on a secure Wi- Fi connection. This could be the office Wi-Fi. This may be for the employee’s use, however it can be monitored by the Admin’s and others. The office may have a Guest Wi-Fi account, which the user would connect with. Other locations known for having issues are coffee shops, hotels, schools, and other retail operations. The scope for this attack would be rather narrow.

The attackers would have to target a user on the insecure Wi-Fi for this to be effective. If the user would not connect to one of these Wi-Fi locations, the enterprising attacker could always place a Wi-Fi hotspot, which they would completely control, near parking areas. The free Wi-Fi is a rather substantial bait.

DEVIANT USES

The target at the time would have been the 2012 and newer model years without the patch and with versions 3.9.4 and 3.9.5. This could in theory be used to access and take control over certain operations of the subject vehicle (e.g. unlock the doors so anyone could have access).

The thief could start the car so it would be nice and warm when stolen, unlock the doors, and drive away in the already heated vehicle. Once the vehicle would be stolen, the attacker could then spoof the GPS, effectively bypassing the stolen vehicle recovery feature. It is important to note there were no reported malicious thefts reported from this vulnerability. This however could have been exploited to the user’s detriment.

MITIGATED

This specific issue was from 2016 and was corrected with the app version 3.96. The updated version was released for Android devices on March 6, 2017 and for iOS March 8, 2017. This issue was also noted with the ICS-CERT CVE-2017-6052. The vulnerability was rated as a Medium Severity with the MitM vulnerability. The hard coded cryptographic key issue was noted with CVE-2017-6054 with a high severity.

Lessons Learned … Again

This is a continuing issue. The underlying problem of info- and cybersecurity not being applied at the beginning of the project is still alive and well. When there is an update, generally the process would re-test the update to ensure this did not create another vulnerability. These interfaces, while coded by professionals, may have issues unknown without further testing. These apps and associated functions take a significant amount of time to research, test, and report on.

The issue generated by the vulnerability is pertinent and timely. The user would not want an unauthorized person accessing the vehicle, the user’s private information being secured and distributed, and/or the other party being destructive with the vehicle.

This issue is only going to increase in importance. The new autonomous vehicles will primarily leave the user out of the driving loop. A vulnerability exploited here is much more dangerous for the vehicle, the individual driver and passenger, and anyone within 75 feet of the infected vehicle.

The future driver will be the computer. These systems will be as susceptible to attack, just as the user’s home and office PC are. The home PC, if thoroughly infected with malware and a rootkit, may be reformatted or scanned with anti-virus (AV) a few times

84 Cyber Defense eMagazine – February 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. to remove the threat, as much as possible. The factory reformat may be a necessity, however either route takes time and is a significant inconvenience.

For comparison, how much of an inconvenience is it for a vehicle with an exploited vulnerability to have its operations removed from its processor’s controls at 75 mph on I- 75 during rush hour. The vehicle is transformed from a simple tool to move from point A to point B to a weapon. The implications are rather significant and serious.

Now is the time to implement cybersecurity into the vehicles from the beginning of the project, new version, or modification. If the project has begun, the cybersecurity person should be present during the meetings and in the project flow as much as possible.

Bolting security on at or near the end of the project has not, does not, and will not work.

RESOURCES

Armasu, L. (2017, April 26). Hyundai ‘blue link’ vulnerability allows thieves to start cars remotely. Retrieved from http://www.tomshardware.com/news/hyundai-blue-link- vulnerability-thieves.34248.html

Bisson, D. (2017, April 26). Flawed hyundai app could have helped hackers break into cars. Retrieved from https://www.grahamcluley.com/flawed-hyundai-app-could-have- helped-hackers-break-into-cars/

Dark Reading. (2017, April 25). Hyundai blue link vulnerability allows remote start of cars. Retrieved from http://www.darkreading.com/attacks-breaches/hyundai-blue-link- vulnerability-allows-remote-start-of-cars/d/d-id/1328719

Edelstein, S. (2017, April 25). Hyundai fixes blue link app after researchers identify vulnerabilities. Retrieved from http://www.thedrive.com/tech/9652/hyundai-fixes-blue- ink-app-after-researchers-identify-vulnerabilities

Hyundai Forums (2017, April 27). Bluelink vulnerabilities. Retrieved from http://www.hyundai-forums.com/lf-2015-sonata-:45/559530-bluelink-vulnerabilities- patched.html

ICS-CERT. (2017, April 25). Advisory (ICSA-17-115-03). Retrieved from https://ics- cert.us-cert.gov/advisories/ICSA-17-115-03

Information Security Newspaper. (2017, April 27). Retrieved from http://www.securitynewspaper.com/2017/05/27/security-vulnerabilities-hyundai-bluelink-mobile-app-allowed-hackers-steal-vehicles/

Kerner, S.M. (2017, April 25). Hyundai mobile app patched for car hacking vulnerabilities. Retrieved from http://www.eweek.com/security/hyundai-mobile-app- patched-for-car-hacking-vulnerabilities

Krok, A. (2017, April 26). Hyundai patches blue link app to remove vulnerabilities. Retrieved from https://www.cnet.com/roadshow/news/hyundai-patches-blue-link-app-to- remove-vulnerabilities/

Leyden, J. (2017, April 25). Hyundai app security blunder allowed crooks to ‘steal victims’ cars’. Retrieved from https://www.theregister.co.uk/2017/04/25/hyundai_blue_link_app_security/

Mimoso, M. (2017, April 25). Hyundai patches leaky blue link mobile app. Retrieved from https://threatpost.com/hyundai-patches-leaky-blue-link-mobile-app/125182

Puthran, N. (2017, April 26). Hyundai upgrades blue link app citing vulnerability to car theft. Retrieved from https://www.cartrade.com/car-bike-news/hyundai-upgrades- bluelink-app-citing-vulnerability-to-car-theft-134157.hmtl

Todb. (2017, April 25). R7-2017-02: Hyundai blue link potential info disclosed (FIXED). Retrieved from https://community.rapid7.com/community/infosec/blog/2017/04/25/r7- 2017-02-hyundai-blue-link-potential-info-disclosure-fixed

Ullrich, J. (2017, April 26). SANS internet storm center daily network security and information security podcast. Retrieved from https://isc.sans.edu/podcast.html

About the Author

DRP began coding in the 1980’s. Presently DRP is a Cybersecurity Lab Engineer at a Tier One supplier to the automobile industry. DRP is presently completing the PhD (Information Assurance and Security) with completing the dissertation. DRP’s interests include cryptography, SCADA, and securing communication channels. He has presented at regional InfoSec conferences.

ENSURE THE SAFETY OF YOUR CUSTOMERS' DATA THROUGHOUT THE HOLIDAYS

HOLIDAY SAFETY TIPS FOR CUSTOMER DATA SAFETY by Evan Morris, Network Security Manager at Mwrinfosecurity.com

Online shopping and mobile payments are quite popular today. In fact, around the holidays this shopping is what most people prefer. However, there's always a concern about fraud looming in the back of people's minds. This is why customer data protection must be at the forefront of your mind. Unfortunately, the statistics in the news really don't help reduce that fear either. Instead, these statistics cause people to grow even more concerned.

WHY IT'S IMPORTANT TO KEEP YOUR CUSTOMERS' DATA SAFE

According to Blue Pay, fraud attempts grew 31% during the 2016 holiday season, in comparison to the fraud rate in 2015. Most of these attempts occurred on Christmas Eve, as well as the days when shipment was cut off. This makes sense because these are also the days when most people do their shopping. However, it's also eye-opening considering that this means fraud occurred in one out of every 97 transactions.

Loss Prevention Media believes that fraud increased even more throughout the 2017 shopping season. In fact, they believe that it'll increase by 5%. It's typically the smaller businesses that thieves go after too. These are labeled “crimes of opportunity.” Fortunately, there are strategies companies can carry out to help them slow or stop fraud throughout the holiday season.

7 WAYS OF GUARANTEEING YOUR CUSTOMERS DATA REMAINS SAFE

Threat detection strategies are something your business can't afford to overlook today. With this in mind, here are 7 strategies that will help you prevent retail fraud throughout the holiday season:

 Spend more time training your employees about proactive security measures. When they know how people commit fraud they'll be more apt to find any risks or vulnerabilities you may have overlooked, including knowing when your POS was possibly tampered with. Knowledge of the red flags that are indicative of online transaction fraud can be delivered through augmented reality (AR) training. This allows your employees to practice what you've taught them by encountering suspicious situations “for real.” In doing so, they're not only better equipped to handle these situations, but they can also share other ways of handling it that you might not have even thought of before.

 Besides making sure that everyone in your business knows what indications to look for regarding stolen customer data you also want to teach them how to stop a fraudster in their tracks. The best ways of doing this are by using an address verification service (AVS), asking for security codes, and verifying things like the device, IP geolocation, and IP address.

 Make sure your business is PCI compliant, which is mandatory anyway if you accept credit card payments. By displaying your PCI compliance logo on your website you'll discourage some fraudsters. This is similar to how you should display your home security company’s sign in front of your home. This is something you'll want to add to your checklist before launching a website. You should also look into the rules for when you have more than one website.

 Make use of an open source intrusion detection system to add more security layers. This will prevent customer data from being hacked by various emerging threats. The reality is adding more security layers today is really all you can do to ward off any threats. These extra layers of biometrics, passwords, patches, and updates frustrate thieves because they can't quickly get the information they want and then leave. Since thieves are lazy, they'll typically give up and go somewhere else because with every layer of security you add you're adding another wall between your business and a criminal.

 Work with other retailers to gang up on the fraudster by sharing their information with one another. In the past, this was as simple as sharing the names of people who were known for writing bad checks. This was a great way for businesses to know beforehand that they shouldn't accept a check from these people. Businesses can use a similar strategy today by sharing information about the threat. You can

get this information through open source threat intelligence communities. These groups are so powerful that they'll make your business more efficient, especially since you can now quickly share this information online and with an even larger number of businesses than in the past. The premise here is true: When one business is hurt by fraud, every business is hurt.

 PCI compliant companies already realize what information they can and cannot save, regardless of the circumstances. Essentially, your business can only save customer information that's necessary for tracking shipments and handling returns. This means that you should never store credit card numbers. Storing them only places you at risk for mishandling your customer's information, especially by one of your company's employees. Remove this temptation from them as soon as a transaction is complete.

 Watch for Structured Query Language (SQL) attacks. This is a programming computer language that communicates with your company's database. It uses SQL because this is what's typically used in managing a company's database system. Unfortunately, these are growing much more common today. They create a very dangerous threat to your customer's information because hackers get this code then brainwash your system's applications so that they do what the fraudster wants. This includes providing the fraudster with access to your customer's data. The best way of combating these attacks is by using an API that identifies SQL vulnerabilities and then helps you prevent such a breach. It's important that you continually update this software and have security checks on a regular basis – especially before and after the holidays.

BE READY WHEN THE HOLIDAY ARRIVES

Fraudsters return with a vengeance every holiday season. Regardless of the location of your business' sensitive data, it's time to tighten your security. When you arm yourself with as much security as possible, you're taking a proactive approach to protecting your customers. You can honestly shut fraudsters down in their tracks so you have more time to focus on enjoying the holidays instead of focusing on cleaning up their mess.

About the Author Known for his boundless energy and enthusiasm. Evan works with MWR Infosecurity (Mwrinfosecurity.com) as a Network Security Manager, an avid Blog writer, particularly around Technology, Cyber security and forthcoming threats which can compromise sensitive data. Having vast experience of ethical hacking. Evan can be reached online at [email protected], @MorrisEvan4.

CYBER-ATTACKS THRIVE THE MARKET FOR MANAGED SECURITY SERVICES

GROWING VOLUMES OF DATA ON ACCOUNT OF INCREASED IOT ADOPTION AND INCREASED MOBILE DEVICE USAGE AMONG CORPORATE EMPLOYEES HAVE MAINLY FUELED THE DEMAND OF MANAGED SECURITY SERVICES ACROSS THE WORLD. by Kevin Stewart, Research Manager, Research Cosmos

Managed security services market has witnessed an upthrust with the advent of new innovations and increased cyberattacks inside the Information Technology (IT) industry. As the name itself indicates, managed security services are the protection provided to any company's network or the information system within in the organization or by some trusted third-party providers. Some of their work includes incident responses, intrusion detection and alerts, firewall monitoring, security audits, system upgrades, vulnerability assessments, and so on.

The global managed security services market is predicted to have a net worth of USD 17 Billion in 2016 and is estimated to cross USD 35 Billion by 2022, with market size growing at an annual rate greater than 14% in between the years. The recent market study also discloses that around 82% of IT professionals are interested in using or already using the facilities of managed security services.

The increase in cybercriminal activities, complex cloud infrastructures, and continuous log monitoring and auditing have become a great challenge for IT industries to depend solely on their internal security processes. This, in turn, led to the proliferation of managed security services from external providers directly impacting the growth of its market share. The market analysis also confirms that the shortage of in-house skilled professionals, advanced cyber threats, and affordable third-party services had risen the significant demand for managed security services.

CONTEMPORARY TRENDS IN THE MARKET:

Mobile devices market rise had tremendously influenced the need for security services. The migration of workforce to cloud and the use of big data analytics has also impacted the market size lately. The introduction of technology in almost all the fields have also been a great concern and propels the need for managed security services.

Of all the verticals that use the managed security services, the Banking, Financial Services, and Insurance (BFSI) segment bags the major portion of market revenue. The strict regulations to protect the customers' confidential data and transactional information had kept the emphasis on banking and financial institutions to use trustworthy security services. The continuous cyber-attacks for theft and increased concerns of customers are also driving the managed security services market growth.

Compared to large-scale businesses, Small and Medium Enterprises (SMEs) are observed to gain more interest in using the managed security services. The requirement for advanced security at an affordable cost is the prime factor influencing the market growth in SMEs. Also, SMEs are the easy targets in many cyber-attacks due to their insufficient infrastructure and it helps the SMEs to lead the market revenue for managed security services in future as per the market forecast.

Intrusion preventions systems (IPS) and intrusion detection systems (IDS) of the managed security services applications have gained a wide fame dominating the global market share. The continuous monitoring for any unwanted intrusions and their management has garnered the demand for IPS/IDS services.

GEOGRAPHICAL PRESENCE:

The prevalence of cyber-crimes across distinct parts of the globe has raised the demand for managed security services. With respect to the regions, North America holds the major chunk of managed security services market. The increased focus on information security, more investments in technology, growing security service providers, and strong financial status are some of the major factors owing to the market growth in North America. The United States of America is the strongest contributor to market in North America. The frequent occurrence of cyber-attacks has led to the demand for managed security services in the Asia Pacific and the Middle East in recent times.

MAJOR MARKET VENDORS:

Cybersecurity has raised the bar for growing managed security services providers and potential to unlock great fortunes. However, there are some key market contributors that hold the international markets for a long time now. The top players among those are IBM Corporation, Symantec Corporation, SecureWorks Inc, Cisco Systems, AT&T, HP, CSC, BT Group, Fortinet Inc., Verizon Communications, Solutionary, Inc., Rapid 7 Inc., and Trustwave Holdings, Inc.

A sample of the report is at: https://www.researchcosmos.com/request/1804057967

About the Author

Kevin Stewart, currently working as a Research Manager is having a considerable amount of experience in IT industry. Kevin is having a strong analytical and strategic mind and good at providing compelling insights for the business development. He is well-versed in the research process which includes reviewing the collected data, authoring reports and making business-oriented recommendations to clients. He also holds firm knowledge at predictions and identifying the trends that can impact the market and business growth. Kevin can be reached online at [email protected] and at https://www.researchcosmos.com

FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best ideas, products and services in the information technology industry. Our monthly Cyber Defense e-Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here to sign up today and within moments, you’ll receive your first email from us with an archive of our newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

MARKETING AND PARTNERSHIP OPPORTUNITIES

BANNERS, E-MAILS, INFOSEC AWARDS, DOWNLOADS, PRINT EDITIONS AND MUCH MORE…

Copyright (C) 2018, Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC. PO Box 8224, Nashua, NH 03060-8224. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. [email protected] Cyber Defense Published by Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC. Cyber Defense Magazine, CDM, Cyber Defense eMagazine, Cyber Defense Test Labs and CDTL are Registered Trademarks of STEVEN G. SAMUELS LLC. All rights reserved worldwide. Copyright © 2018, Cyber Defense Magazine. All rights reserved. No part of this newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the publisher except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.

JOB OPPORTUNITIES

Send us your list and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at [email protected]

Cyber Defense Magazine

Our New Office Addresses coming soon: NEW YORK (US HQ), LONDON, HONG KONG Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 02/28/2018