Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Having an Actionable Disaster Recovery Plan Is Crucial in Thwarting Ransomware Attacks As we have seen over and over again, a new wave of ransomware attacks has been plaguing large parts of Europe over the last couple of weeks. While the affected individuals and organizations are struggling with the very tangible business impact of the loss of revenue and operations, it's critical to step back and review what else one could do to mitigate and minimize the damage from such attacks in the future. Not everyone seems to be agreeing on the exact name of the attack - however this particular strain is apparently from a family of attacks that uses EternalBlue, an exploit developed by NSA, along with an MS Office / WordPad vulnerability discovered earlier this year. While the previous ransomware attack was known as WannaCry, this latest attack goes by several names - Petya... (more)

Network Security Today | @CloudExpo #Cloud #AI #SDN #Security #Analytics

In its 2017 State of Malware Report, Malwarebytes Labs recorded a 267 percent increase in ransomware between January 2016 and November 2016, with over 400 different variants in total. The report noted that while malware authors mostly relied on ransomware to make the bulk of their revenues, there was an increase in ad fraud as well. Botnets and mobile malware also continue to expand and evolve. The report predicts that until IoT devices become secure out of the box, botnets will get even bigger and pose an even greater threat to the internet - and any company connected to it. Financial services organizations are facing a relentless and determined cyber assault. Many recent factors have converged to create greater complexity and threat opportunity in the network, undermining the effectiveness of security prevention solutions. Bring Your Own Device (BYOD) can act as a... (more)

Insource or Outsource the SOC | @CloudExpo #AI #SOC #Security #Analytics

These days attacks are becoming more sophisticated and more common. Mobile devices, cloud computing and the Internet of Things have increased the number of access points that must be secured. To complicate matters, CISOs are been directed to secure system without compromising the seamless experience that customers expect across channels, and if the organization is in a regulated industry, compliance issues likely increase the team's workload. To best detect threats and respond to incidents quickly, many organizations decide they need a security operations center to provide proper protection and continuous prevention. Then they must decide whether to build an internal Security Operations Center (SOC) or outsource. Advantages and Disadvantages of an Internal SOC The advantages of building an internal SOC include: A dedicated staff that knows the particular environment a... (more)

How to Turn Your Microwave into a Camera | @ThingsExpo #IoT #M2M #Security

You can turn a microwave into a camera and I’ll teach you how in a minute, but before I do, let me share this news item. In a recent interview with a reporter from the Bergen Record, Kellyanne Conway was asked about surveillance. She responded: “There are many ways to surveil each other now, unfortunately. There was an article this week that talked about how you can surveil someone through their phones, certainly through their television sets, any number of different ways. And microwaves that turn into cameras, etc. So we know that that is just a fact of modern life.” On its face, her statement about “microwaves that turn into cameras, et cetera” is ridiculous. It reminds me of the late Sen. Ted Stevens’ famous “Tubes” speech. I went right after “Uncle Ted” for his techno–faux pas, but even then, there were bigger issues to consider. It would be exceptionally easy ... (more)

DDoS Mitigation | @CloudExpo @WebairInc #IoT #Cybersecurity #DataCenter

Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Multi-Layer DDoS Mitigation Strategies As DDoS attacks evolve to become more sophisticated and complex, they have also become much more difficult to combat and block. To protect customer applications from these damaging and costly incursions and safeguard mission-critical services, a multi-layer mitigation strategy should be employed. This strategy offers protection in several different ways: mitigating attacks from the server level to the application level as well as securing both the Linux OS and firewall layers. Using open source software also provides protection over and above the server stack, while third-party systems can be effectively utilized to provide an even larger-scale cloud mitigation solution. Download Slide Deck: ▸ Here In their session at 18th Cloud Expo, Sagi Brody, Chief Technology Office... (more)

[session] A Live Hack Simulation | @CloudExpo @VinnyTroia #AI #DX #Security

Know Your Adversary: A Live Hack Simulation Using NSA's Stolen Digital Weapons When NSA's digital armory was leaked, it was only a matter of time before the code was morphed into a ransom seeking worm. This talk, designed for C-level attendees, demonstrates a Live Hack of a virtual environment to show the ease in which any average user can leverage these tools and infiltrate their network environment. This session will include: An overview of the Shadbrokers NSA leak situation A review of the first iteration of the malware - lifecycle, how it was stopped, etc. A review of iterations of the malware Some states on machines still accessible (via Shodan stats) In his session at 20th Cloud Expo, Vinny Troia, CEO of NightLion Security, will also include a live hack simulation. This will be pre-recorded but he will walk the audience through what is happening. He will cov... (more)

What Is Ransomware and How Cloud Security Mitigates It | @CloudExpo #Cloud #Security #MachineLearning

What Is Ransomware and How Cloud Security Mitigates It Ransomware attacks escalated dramatically in 2016. In fact, there was a 300 percent increase in ransomware attacks last year, according to the FBI, to an average of 4,000 attacks a day, up from 1,000 ransomware attacks a day in 2015. What's more, organizations are targeted more frequently than individuals because they generate a much bigger potential payoff. Ransomware has become a profitable criminal enterprise that continues to change and grow. Managed Service Providers often assist clients with data restoration to avoid the downtime that can be caused by a ransomware attack. They also work with clients to improve their security posture overall so they can avoid ransomware damage. Here's what your organization needs to know about ransomware and how cloud computing can help protect your organization. What is r... (more)

Mistakes Retailers Make in Digital Transformation | @ThingsExpo #IoT #M2M #DigitalTransformation

A key challenge that retailers face today is the difficulty of accurately judging where they are on the digital maturity curve relative to their competitors. There appears to be little expertise in making this assessment; for example, 79% of digital leaders don't know they are ranked as leaders, and only 56% of retailers ranked as average in our study believe they are at this level. The other 44% in the average category mistakenly believe they are either leaders or laggards. The lack of competitive clarity makes it even more difficult to develop an effective competitive strategy. Our research suggests that retailers' plans reflect neither self-awareness nor a realistic idea of what it will take to catch up or leapfrog their competitors in this highly competitive space. Namely, factors such as online sales penetration, business performance, attitudes about digital, pl... (more)

Should You Fear #ArtificialIntelligence | @CloudExpo #BigData #IoT #AI #ML

Opining about the future of AI at the recent Brilliant Minds event at Symposium Stockholm, Google Executive Chairman Eric Schmidt rejected warnings from Elon Musk and Stephen Hawking about the dangers of AI, saying, “In the case of Stephen Hawking, although a brilliant man, he’s not a computer scientist. Elon is also a brilliant man, though he too is a physicist, not a computer scientist.” This absurd dismissal of Musk and Hawking was in response to an absurd question about “the possibility of an artificial superintelligence trying to destroy mankind in the near future.” Schmidt went on to say, “It’s a movie. The state of the earth currently does not support any of these scenarios.” If You Ask the Wrong Question … Hal 9000 (2001: A Space Odyssey), WOPR (War Games) and Colossus (The Forbin Project – it’s a 70’s B-budget disaster/thriller; look it up) are all pure ... (more)

When Things Attack! | @ThingsExpo #IoT #M2M #API #Security

As I started writing this blog, I happened to be watching an episode from the new season of Black Mirror on Netflix. Black Mirror is a Sci-Fi anthology series, ala the Twilight Zone, although with a much darker perspective on both humanity and technology. I found the episode, ‘Most Hated in the Nation' somewhat apropos to my topic. The episode follows a police detective investigating the apparent murder of a columnist. This individual has been deluged with social media hate diatribes that would seem familiar to many. As the investigation continues, more mysterious deaths occur, with the victims all being targets of similar social media anger. Meanwhile, in the background, there are various news stories and visual cuts to ADIs (Autonomic Drone Insects). These tiny bee-like drones are being deployed throughout the country to replace the dying bee population, allowing ... (more)

2017 #IoT Vulnerabilities | @ThingsExpo #M2M #DevOps #AI #CyberSecurity

2017 Security Predictions - Stay Vigilant, We're in for a Wild Ride 2016 brought about more cyberattacks than we thought possible, especially involving ransomware, and we definitely won't see that trend breaking stride in 2017. By next year, we expect every single adult in the U.S. will know a blood relative that has had their identity stolen - the Internal Revenue Service reported that 2.7 million people had their identities stolen in 2014 and according to TransUnion, 19 people fall victim to identity theft every minute. Here's a quick tip: When you elect to use credit cards, stick to the ‘chip and pin' cards - no swiping. Online, use your credit card issuers ‘one-time-numbers' for purchases. Get a shredder and use it. Think of it as ‘safe recycling'. Now I'm no fortune teller, but there are a few predictions I can make for the coming year - that I think most of ... (more)