Facebook to face lawsuit regarding 'worst security breach ever'

Facebook Inc. failed to fend off a lawsuit over a data breach that affected nearly 30 million users, one of several privacy snafus that have put the company under siege.

The company’s disclosure in September that hackers exploited several software bugs to obtain login access to accounts was tagged as Facebook’s worst security breach ever. An initial estimate that as many as 50 million accounts were affected was scaled back weeks later.

A federal appeals court in San Francisco, rejected the company’s request to block the lawsuit on June 21 , saying claims against Facebook can proceed for negligence and for failing to secure users’ data as promised. Discovery should move 'with alacrity' for a trial, U.S. District Judge William Alsup said in his ruling. He dismissed breach-of-contract and breach-of-confidence claims due to liability limitations. Plaintiffs can seek to amend their cases by July 18.

'From a policy standpoint, to hold that Facebook has no duty of care here ‘would create perverse incentives for businesses who profit off the use of consumers’ personal data to turn a blind eye and ignore known security risks', Judge Alsup said, citing a decision a separate case.

The world’s largest social network portrayed itself as the victim of a sophisticated cyber-attack and argued that it isn’t liable for thieves gaining access to user names and contact information. The company said attackers failed to get more sensitive information, like credit card numbers or passwords, saving users from any real harm.

Attorneys for users called that argument 'cynical', saying in a court filing that Facebook has 'abdicated all accountability' while 'seeking to avoid all liability' for the data breach despite Chief Executive Officer Mark Zuckerberg’s promise that the company would learn from its lapses. The case was filed in San Francisco federal court as a class action.

Facebook didn’t immediately respond to a request for comment.

The Menlo Park, California-based company faces a slew of lawsuits and regulatory probes of its privacy practices after revelations in early 2018 that it allowed the personal data of tens of millions of users to be shared with political consultancy Cambridge Analytica. As lawmakers have focused greater scrutiny on the company, Zuckerberg called for new global regulation governing the internet in March, including rules for privacy safeguards.

The case is Echavarria v. Facebook Inc., 3:18-cv-05982 , U.S. District Court, Northern District of California (San Francisco).

Author: Kartikay Mehrotra and Aoife White

Source: Bloomberg

How to prevent and deal with big data breaches

On average, every data breach affects about 25,000 records and costs the affected organization almost $4 million. This cost comes in the form of brand damage, loss of customer trust, and regulatory fines. As data increases, so does your liability should a breach occur. More data also means that your systems become more valuable and appealing to potential attackers.

Since no system is 100% secure you should prepare yourself for the inevitable attempted or successful breach. In this article, you’ll learn how big data is vulnerable. This should help you keep your data safe. You’ll also learn some best practices for handling any breach that does occur and how to minimize the damage caused.

How is big data vulnerable?

Generally, big data is as vulnerable as the system it’s stored in. It is also vulnerable due to the ways it is collected, stored and accessed, and also because of the personal information it often contains.

Poor data validation

Big data is collected from many sources, some of which may be insecure. The speed and quantity of data ingestion present many opportunities for attackers to tamper with data or introduce malicious data or files. When collecting data, you open yourself to risk if you do not verify where your data is coming from or ensure that it is safe and reliable. This includes verifying that it is transferred securely.

Insufficient protection

Big data tools, particularly open-source tools, often don’t have native or comprehensive security features. So, you must extend security from your existing tools and services. This 'bolted on' security may not interface well with your tooling and can leave gaps that you’re unaware of.

Lack of data masking or encryption

You often need to manipulate big data to use it in analyses. The access required for this manipulation creates times when data may not be masked or encrypted. Data masking is when you obscure identifying details from users and interfaces. During access times, data is vulnerable to breach, tampering, or corruption.

Insecure interfaces

Big data may be accessed from a variety of interfaces, including web consoles, cloud portals, and third-party integrations. These interfaces enable potential attackers to view, manipulate, and manage data. Vulnerabilities in these interfaces can provide direct access to your data and your systems.

Distributed storage

Big data is often stored in multiple locations, such as across distributed databases. While this creates redundancy and availability, storing data in multiple locations also makes it difficult to monitor and secure. Multiple storage locations provide a broader attack surface and increase the chance that attackers can access data through other parts of your system.

Best practices for dealing with a big data breach

Big data breaches often involve both data loss and compromised privacy. Both present a significant risk to you and your customers. The following best practices can help you deal with breaches appropriately and, hopefully, reduce these harms.

Be transparent and notify all relevant parties

When you discover a breach, it is important to be transparent and timely with your disclosure. This includes informing stakeholders, authorities, regulatory boards, and customers. You should also keep in mind that many regulatory agencies require notification within a specific period. In general, try to notify within 24 to 48 hours. 

In your notifications, you should include known facts about the breach and the steps you are currently taking. It is better to prepare your shareholders and customers for the worst case than to understate the situation. This will improve your thrustworthiness. On top of that, if you discover that the breach is less serious, it will be a relief for stakeholders and customers.

After the breach is contained and recovered from, you should share what steps were taken and what will be changed to prevent future breaches. You should not provide the specifics of actions taken throughout the response and recovery processes. Doing so can undermine your efforts by sharing information with attackers. Rather, provide clear, general statements about what is known and how you are taking action.

Follow your Incident Response Plan

You should already have an Incident Response Plan (IRP) in place. This plan outlines the responsibilities of your responders and how procedures should be followed and provides information on response priorities. An IRP ensures that your security team can carry out an efficient and effective response.

Make sure to follow this plan and the procedures it outlines. If you deviate from the plan you are likely to overlook steps or contaminate evidence. Following the processes that you have already created and practiced can help reduce stress on responders and prevent them from making mistakes. Following your IRP also can ensure that responses are comprehensive and that actions are documented appropriately.

Maintain privileged documentation

Maintaining consistent documentation of your response measures is often necessary for regulatory compliance, and auditing after a breach. Document all actions you take, including who is performing the action and the tools and methods they are using. Include any approval of processes and the time and date of all related communications.

As part of this documentation, make sure to keep a secure chain of custody of any breach evidence found. A chain of custody helps ensure that you can prosecute the responsible parties if they’re found. If you fail to document evidence or who has handled it, you risk losing valuable threat information and proof of the attacker’s actions.

Learn from your mistakes

While you cannot undo a breach, you can learn from your mistakes. It is vital to analyze data from the breach itself as well as your response to the breach. Refine your IRP and security policies and procedures based on your evaluation.

Your first priority should be addressing vulnerabilities that were uncovered in the breach. This includes vulnerabilities that an attacker discovered but did not successfully exploit. Often attackers will return and attempt to infiltrate systems again and there is no excuse for their being able to reuse the same exploits.

If you uncovered vulnerabilities during your response that were not associated with the breach, you should address these as well. Likewise, you should use the breach as an opportunity to discuss security with your teams, shareholders, and customers. Reinforce proper security measures and practices with training and information that they all can apply.

Conclusion

Despite your best efforts, at some point or another an attacker is likely to infiltrate your systems and data. When this happens, you need to respond quickly and efficiently. The sooner you can detect and contain an attack, the less data an attacker can steal.

Hopefully, this article helped you understand how big data is vulnerable and the steps you can take to ensure an effective response. To reduce your chances of having to deal with a breach in the first place, take the time to properly secure your system. You can start by performing a vulnerability assessment to identify where your weaknesses are.

Author: Gilad David Maayan

Source: Dataversity

Keeping the data of your organization safe by storing it in the cloud

We now live within the digital domain, and accessing vital information is more important than ever. Up until rather recently, most businesses tended to employ on-site data storage methods such as network servers, SSD hard drives, and direct-attached storage (DAS). However, cloud storage systems have now become commonplace.

Perhaps the most well-known benefit of cloud storage solutions is that their virtual architecture ensures that all information will remain accessible in the event of an on-site system failure. However, we tend to overlook the security advantages of cloud storage with traditional strategies. Let us examine some key takeaway points.

Technical Experts at Your Disposal

A recent survey found that 73% of all organizations felt that they were unprepared in the event of a cyberattack. As this article points out, a staggering 40% suspected that their systems had been breached. It is therefore clear that legacy in-house approaches are failing to provide adequate security solutions.

One of the main advantages of cloud-based data storage is that these services can provide targeted and customized data security solutions. Furthermore, a team of professionals is always standing by if a fault is suspected. This enables the storage platform to quickly diagnose and rectify the problem before massive amounts of data are lost or otherwise compromised. 

Restricted Digital Access

We also need to remember that one of the most profound threats to in-house data storage involves its physical nature. In other words, it is sometimes possible for unauthorized users (employees or even third parties) to gain access to sensitive information. Not only may this result in data theft, but the devices themselves could be purposely sabotaged, resulting in a massive data loss.

The same cannot be said of cloud storage solutions. The information itself could very well be stored on a server located thousands of miles away from the business in question. This makes an intentional breach much less likely. Other security measures such as biometric access devices, gated entry systems, and CCTV cameras will also help deter any would-be thieves. 

Fewer (if Any) Vulnerabilities

The number of cloud-managed services is on the rise, and for good reason. These platforms allow businesses to optimize many factors such as CRM, sales, marketing campaigns, and e-commerce concerns. In the same respect, these bundles offer a much more refined approach to security. 

This often comes with the ability to thwart what would otherwise remain in-house vulnerabilities. Some ways in which cloud servers can offer more robust storage solutions include:

• 256-bit AES encryption
• Highly advanced firewalls
• Automatic threat detection systems
• Multi-factor authentication

In-house services may not be equipped with such protocols. As a result, they can be more vulnerable to threats such as phishing, compromised passwords, and distributed denial-of-service (DdoS) attacks. 

The Notion of Data Redundancy

The “Achilles’ heel” of on-site data storage has always stemmed from its physical nature. This is even more relevant when referring to unexpected natural disasters. Should a business endure a catastrophic situation, sensitive data could very well be lost permanently. This is once again when cloud storage solutions come into play.

The virtual nature of these systems ensures that businesses can enjoy a much greater degree of redundancy. As opposed to having an IT team struggle for days or even weeks at a time to recover lost information, cloud servers provide instantaneous access to avoid potentially crippling periods of downtime. 

Doing Away with Legacy Technology

Another flaw that is often associated with in-house data storage solutions involves the use of legacy technology. Because the digital landscape is evolving at a frenetic pace, the chances are high that many of these systems are no longer relevant. What could have worked well yesterday may very well be obsolete tomorrow. Cloud solutions do not suffer from this drawback. Their architecture is updated regularly to guarantee that customers are always provided with the latest security protocols. Thus, their vital information will always remain behind closed (digital) doors.

Brand Reputation

A final and lesser-known benefit of cloud-based security is that clients are becoming more technically adept than in the past. They are aware of issues such as the growth of big data and GDPR compliance concerns. The reputation of businesses that continue to use outdated storage methods could therefore suffer as a result. Customers who are confident that their data is safe are much more likely to remain loyal over time. 

Cloud Storage: Smart Solutions for Modern Times

We can now see that there are several security advantages that cloud storage solutions have to offer. Although on-site methods may have been sufficient in the past, this is certainly no longer the case. Thankfully, there are many cloud providers associated with astounding levels of security. Any business that hopes to remain safe should therefore make this transition sooner rather than later. 

Author: George Tuohy

Source: Dataversity

Microsoft takes next cybersecurity step

Microsoft just announced they are dropping the password-expiration policies that require periodic password changes in Windows 10 version 1903 and Windows Server version 1903.  Microsoft explains in detail this new change and the rationale behind it, emphasizing that they support layered security and authentication protections beyond passwords but that they cannot express those protections in their baseline.  

Welcome move

This is a most welcome step. Forcing users to change their passwords periodically works against security, it means consumers have to write them down to remember them and it does nothing to stop hackers from stealing current passwords. Hackers generally use stolen passwords very quickly, and password complexity does little to prevent use of stolen passwords either, since hackers can just as easily capture or steal a complex password as they can a simple one.

The time has long passed for organizations to stop relying on interactive passwords that users have to enter altogether. Hopefully this move by Microsoft will help move the transition to more secure forms of authentication. Finally a big tech company (that manages much of our daily authentication) is using independent reasoned thinking rather than going along with the crowd mentality when the crowd’s less secure password management practices are, however counterintuitive, less secure.

Alternative authentication forms and decentralized identity (DID)

Biometrics on their own can also be hacked. So can one time Passwords, especially those that use SMS and other authentication methods where man-in-the middle or man-in-the browser attacks are possible. What is more secure (and private) is another method Microsoft and many other organizations are starting to support: Decentralized Identities, where users control their own identity and authentication information.

Using this method, the user’s credential and identity data is maintained in a hardened enclave only accessible to the user using their own private key that is typically unlocked using the user’s private mobile phone and optionally another authentication factor. In the end, the consumer just gets a notice from the site they are trying to log into to confirm the log in on their mobile phone (or other device) by just clicking 'yes' (to the login request) or additionally and optionally by using a biometric, e.g. a fingerprint or an iris scan.

The bottom line is there is layered user authentication and the user doesn’t have to remember or enter an insecure password. And most importantly the user owns their own secured credential and identity data and no one can access it without user permission.

Decentralized identities, the path to individual control

DIDs are supported by many organizations today. Most (but not all) mega tech companies are joining the move to standardize DID technology. The companies not joining are generally the ones that continue to earn a living by monetizing consumer data, largely through advertising and data resell activities.  Adding fuel to the fire, some of these companies have an abysmal record when it comes to securing consumer data.

Hopefully consumers will start protesting the monetization of their data by adopting DID as an authentication mechanism. It’s certainly a chicken and egg problem but there is gradual adoption across sectors. For example, even the Bitcoin network just started accepting DIDs, and British Columbia in Canada has also implemented them for small business identification.

Web 3.0

For sure, I will gladly sign up for a DID as soon as someone asks me too. I really am at my limit in tolerating password management policies. And I’m even more tired of being subject to continuous massive data breaches that steal my most personal and sensitive information, just because I live and transact.

I don’t think anything else short of a massive re-architecting of the web and how we manage identity data will solve all these problems of data breaches and consumer data monetization and abuse.

Author: Avivah Litan

Source: Gartner

Multi-factor authentication and the importance of big data

Big data is making a very big impact on multi-factor authentication solutions. Here's how and why this is so important to consider.

Big data is already playing an essential role in authentication, and as security risks mount, this concern will become greater than ever.

Kaushik Pal wrote an insightful article on Technopedia a couple of years ago about user authentication and big data. The importance of user authentication has risen more and more since that article was first published. Experts are now discussing the role of multi-factor authentication (MFA) solutions. Big data is proving to be a vital component to that.

How does big data influence multi-factor user authentication?

In today’s day and age cybersecurity issues are ever/growing, and simple passwords as security measures are no longer safe. According to some sources, 86% of passwords are notoriously insecure. But even passwords that seem to be secure are vulnerable if they aren’t managed well and protected with additional authentication options.

As soon as your password has been exposed by malicious parties, they will access your account and they can do whatever they want with it. Fortunately, multi-factor authentication solutions came into existence. But what exactly is a big data based multi-factor authentication? And how canthese solutions help you? If you’re interested to learn more, then keep on reading.

What is multi-factor authentication?

Multi-factor authentication or MFA recognizes online users by carefully validating two or more claims offered by the users, from various types of validation. And this would not be possible without contributions from big data. The basic types of validation used include:

1. Something you have, like a trusted and known device.
2. Something you know, like a PIN or password.

The theory behind the multi-factor authentication is that the joint factors of validation are stronger compared to their individual aspects.

To make the definition simpler MFA incorporates a second, regularly physical method to verify a person’s real identity. Furthermore, MFA is rapidly becoming a standard for more secure as well as safer logins. Big data is playing an important role in addressing these shortcomings.

Reasons why you should use multi-factor authentication solutions

Big data has made multi-factor user authentication possible. But what are the core benefits? We list 5 of the many reasons to use MFA for you here:

1. Enhance security

Multi-factor authentication is one of the best solutions that you may want to take advantage of, especially if your main goal is to improve security. Big data has made this easier than ever.

The main benefit of MFA is that it offers additional protection and security by adding new layers of protection. The more factors or layers in place, the smaller the risk of digital burglars obtaining important systems and data.

2. Increase productivity and flexibility

Another benefit of using this type of solution is that it replaces the encumbrance of passwords by changing them with alternatives that have the capability to improve productivity. Predictive analytics and other big data technology have made this possible.

In addition, multi-factor authentication solutions can also bring an improved usability experience because of the improved flexibility of factor kinds.

3. Achieve compliance

Big data is vital for ensuring compliance. With multi-factor authentication, you will be able to attain the important compliance requirements particular to your organization that in turn alleviate audit findings as well as avoiding possible penalties.

4. Simplify the login process

As we all know, a difficult password does not excel in user-friendliness. Despite the fact that multi-factor authentication adds additional steps, it actually makes the login process a lot easier.

Single sign-on, for instance, is one-way multi-factor authentication accelerates the said process. For example, a person using an Office suite needs to sign in through multi-factor authentication especially if it is his/her first time to use the app in his/her device.

5. Location restrictions

You can use multi-factor authentication to limit or allow login access depending on the current location of the user. If you’re working outside your office frequently or using your personal device, you are putting your company and personal data at risk from physical theft. Multi-factor authentication, on the other hand, can be also used to recognize when a certain user is looking for access from unknown locations.

Big data is essential for ensuring multi-factor authentication

Big data is very important for making sure user security is adequate. It has helped by introducing multi-factor authentication. Multi-factor authentication solutions can be of great help, especially if you have been compromised or an unknown person tries to use your password as well as username. Hopefully, you have learned a lot from this post.

Author: Sean Mallon

Source: Smart Data Collective

Preventing fraud by using AI technology

As fraudsters become increasingly more professional and technologically advanced, financial organizations need to rely on products that use artificial intelligence (AI) for to prevent fraud.

Identity verification technology vendor Jumio released Jumio Go, a real-time, automated platform for identity verification. Coming at a time when cybersecurity is at risk more than ever because cybercriminals are becoming more and more technologically advanced, Jumio Go uses a combination of AI, optical character recognition and biometrics to automatically verify a user's identity in real time.

Jumio, founded in 2010, has long sold an AI for fraud prevention platform used by organizations in financial services, travel, gaming and retail industries. The Palo Alto, Calif., vendor's new Jumio Go platform builds on its existing technologies, which include facial recognition and verification tools, while also simplifying them.

Jumio Go, launched Oct. 28, provides real-time identity verification, giving users results much faster than Jumio's flagship product, which takes 30 to 60 seconds to verify a user, according to Jumio. It also eliminates the need to add a component, meaning the process of matching a real-time photo of a user's face to a saved photo is entirely automated. That speeds up the process, and enables employees to take on other tasks, but also potentially could make it a little less secure.

The new product accepts fewer ID documents than Jumio's flagship platform, but the tradeoff is the boost in real-time speed. Using natural language processing, Jumio's platforms can read through and extract relevant information from documents. The system scans that information for irregularities, such as odd wordings or misspellings, which could indicate a fraud.

AI for fraud prevention in finance

For financial institutions, whose customers conduct much more business online, this type of fraud detection and identity verification technology is vital.

For combating fraud, 'leveraging AI is critical', said Amyn Dhala, global product lead at AI Express, Mastercard's methodology for the deployment of AI that grew out of the credit card company's 2017 acquisition of Brighterion.

Through AI Express, Mastercard sells AI for fraud prevention tools, as well as AI-powered technologies, to help predict credit risk, manage network security and catch money-laundering.

AI, Dhala said in an interview at AI World 2019 in Boston, is 'important to provide a better customer experience and drive profitability', as well as to ensure customer safety.

The 9 to 5 fraudster

For financial institutions, blocking fraudsters is no simple task. Criminals intent on fraud are taking a professional approach to their work, working for certain hours during the week and taking weekends off, according to an October 2019 report from Onfido, a London-based vendor of AI-driven identity software.

Also, today's fraudsters are highly technologically skilled, said Dan Drapeau, head of technology at Blue Fountain Media, a digital marketing agency owned by Pactera, a technology consulting and implementation firm based in China.

'You can always throw new technology at the problem, but cybercriminals are always going to do something new and innovative, and AI algorithms have to catch up to that', Drapeau said. 'Cybercriminals are always that one step ahead'.

'As good as AI and machine learning get, it still will always take time to catch up to the newest innovation from criminals', he added.

Still, by using AI for fraud prevention, financial organizations can stop good deal of fraud automatically, Drapeau said. Now, combining AI with manual work, such as checking or double-checking data and verification documents, works best, he said.

Author: Mark Labbe

Source: TechTarget

Straffen voor foutief gebruik van data nemen naar verwachting toe

Het aantal boetes voor het foutief omgaan met gebruikersgegevens, alsmede de hoogte ervan, zal in de komende jaren stijgen.

Dat stelt DSA Connect op basis van onderzoek. Meer dan een derde (37%) van de werknemers verwacht dat zowel het aantal als de hoogte van de boetes tegen 2025 zal stijgen. Van de respondenten verwacht zes procent een ‘dramatische stijging’, terwijl drie procent vermoedt dat de cijfers juist zullen dalen in de komende jaren.

Volgens het onderzoek is een van de belangrijkste redenen voor de stijging het feit dat werknemers over veel meer data beschikken in de toekomst (en het heden). Vorig jaar gaf dertig procent van de werknemers al aan dat zij met meer data werken.

Databeleid

Als het gaat om het verwerken en opslaan van data, vindt 76 procent van de werknemers dat hun bedrijf het goed doet. Bijna de helft (47%) van de ondervraagde werknemers weet niet of hun bedrijf een beleid kent voor het verwijderen van data.

“Met ontwikkelingen zoals het Internet of Things (IoT) hebben werkgevers te maken met meer data dan ooit tevoren. Ze hebben ook te maken met een toename van het aantal cyberaanvallen steeds strengere wetgeving rond de bescherming van klantgegevens en hoe ze die gebruiken”, aldus Harry Benham, voorzitter van DSA Connect.

Volgens DSA Connect moeten werkgevers meer tijd en middelen investeren in het verbeteren van hun strategieën om de omgang met klantgegevens te verbeteren en de kans op cyberaanvallen te verminderen.

Bron: TechZine

Technology advancements: a blessing and a curse for cybersecurity

With the ever-growing impact of big data, hackers have access to more and more terrifying options. Here's what we can do about it.

Big data is the lynchpin of new advances in cybersecurity. Unfortunately, predictive analytics and machine learning technology is a double-edged sword for cybersecurity. Hackers are also exploiting this technology, which means that there is a virtual arms race between cybersecurity companies and cybercriminals.

Datanami has talked about the ways that hackers use big data to coordinate attacks. This should be a wakeup call to anybody that is not adequately prepared.

Hackers exploit machine learning to avoid detection

Jathan Sadowski wrote an article in The Guardian a couple years ago on the intersection between big data and cybersecurity. Sadowski said big data is to blame for a growing number of cyberattacks.

In the evolution of cybercrime, phishing and other email-borne menaces represent increasingly prevalent threats. FireEye claims that email is the launchpad for more than 90% of cyber attacks, while a multitude of other statistics confirm that email is the preferred vector for criminals.

This is largely because of their knowledge of machine learning. They use machine learning to get a better understanding of customers, choose them them more carefully and penetrate defenses more effectively.

That being said, people are increasingly aware of things like phishing attacks and most people know that email links and attachments could pose a risk. Many are even on the lookout for suspicious PDFs, compressed archives, camouflaged executables, and Microsoft Office files with dodgy macros inside. Plus, modern anti-malware solutions are quite effective in identifying and stopping these hoaxes in their tracks. The trouble is that big data technology helps these criminals orchestrate more beleivable social engineering attacks.

Credit card fraud represents another prominent segment of cybercrime, causing bank customers to lose millions of dollars every year. As financial institutions have become familiar with the mechanisms of these stratagems over time, they have refined their procedures to fend off card skimming and other commonplace exploitation vectors. They are developing predictive analytics tools with big data to prepare for threats before they surface.

The fact that individuals and companies are often prepared for classic phishing and banking fraud schemes has incentivized fraudsters to add extra layers of evasion to their campaigns. The sections below highlight some of the methods used by crooks to hide their misdemeanors from potential victims and automated detection systems.

Phishing-as-a-Service on the rise, due to big data

Although phishing campaigns are not new, the way in which many of them are run is changing. Malicious actors used to undertake a lot of tedious work to orchestrate such an attack. In particular, they needed to create complex phishing kits from scratch, launch spam hoaxes that looked trustworthy, and set up or hack websites to host deceptive landing pages. Big data helps hackers understand what factors work best in a phishing attack and replicate it better.

Such activity required a great deal of technical expertise and resources, which raised the bar for wannabe scammers who were willing to enter this shady business. As a result, in the not-so-distant past, phishing was mostly a prerogative of high-profile attackers.

However, things have changed, most notably with the popularity of a cybercrime trend known as Phishing-as-a-Service (PHaaS). This refers to a malicious framework providing malefactors with the means to conduct effective fraudulent campaigns with very little effort and at an amazingly low cost.

In early July, 2019, researchers unearthed a new PHaaS platform that delivers a variety of offensive tools and allows users to conduct full-fledged campaigns while paying inexpensive subscription fees. The monthly prices for this service range from $50 to $80. For an extra fee, a PHaaS service might also include lists of email addresses belonging to people in a certain geographic region. For example, the France package contains about 1.5 million French 'leads' that are 'genuine and verified'.

The PHaaS product in question lives up to its turnkey promise as it also provides a range of landing page templates. These scam pages mimic the authentic style of popular services such as OneDrive, Adobe, Google, Dropbox, Sharepoint, DocuSign, LinkedIn, and Office 365, to name a few. Moreover, the felonious network saves its 'customers' the trouble of looking for reliable hosting for the landing sites. This feature is already included in the service.

To top it all off, the platform accommodates sophisticated techniques to make sure the phishing campaigns slip under the radar of machine learning systems and other automated defenses. In this context, it reflects the evasive characteristics of many present-day phishing waves. The common anti-detection quirks are as follows:

• Content encryption: As a substitute to regular character encoding, this method encrypts content and then applies JavaScript to decrypt the information on the fly when a would-be victim views it in a web browser.
• HTML character encoding: This trick prevents automated security systems from reading fraudulent data while ensuring that it is rendered properly in an email client or web browser.
• Inspection blocking: Phishing kits prevent known security bots, AV engines, and various user agents from accessing and crawling the landing pages for analysis purposes.
• Content injection: In the upshot of this stratagem, a fragment of a legitimate site’s content is substituted with rogue information that lures a visitor to navigate outside of the genuine resource.
• The use of URLs in email attachments: To obfuscate malicious links, fraudsters embed them within attachments rather than in the email body.
• Legitimate cloud hosting: Phishing sites can evade the blacklisting trap if they are hosted on reputable cloud services, such as Microsoft Azure. In this case, an additional benefit for the con artists is that their pages use a valid SSL certificate.

The above evasion tricks enable scammers to perpetrate highly effective, large-scale attacks against both individuals and businesses. The utilization and success of these techniques could help explain a 17% spike in this area of cybercrime during the first quarter of 2019.

The scourge of card enrollment

Banking fraud and identity theft go hand in hand. This combination is becoming more harmful and evasive than ever before, with malicious payment card enrollment services gaining momentum in the cybercrime underground. The idea is that the fraudster impersonates a legitimate cardholder in order to access the target’s bank account with virtually no limitations.

According to security researchers’ latest findings, this particular subject is trending on Russian hacking forums. Threat actors are even providing comprehensive tutorials on card enrollment 'best practices'.

The scheme starts with the harvesting of Personally Identifiable Information (PII) related to the victim’s payment card, such as the card number, expiration date, CVV code, and cardholder’s full name and address. A common technique used to uncover this data is to inject a card-skimming script into a legitimate ecommerce site. Credit card details can also be found for sale on the dark web making things even easier.

The next stage involves some extra reconnaissance by means of OSINT (Open Source Intelligence) or shady checking services that may provide additional details about the victim for a small fee. Once the crooks obtain enough data about the individual, they attempt to create an online bank account in the victim’s name (or perform account takeover fraud if the person is already using the bank’s services). Finally, the account access is usually sold to an interested party.

To stay undetected, criminals leverage remote desktop services and SSH tunnels that cloak the fraud and make it appear that it’s always the same person initiating an e-banking session. This way, the bank isn’t likely to identify an anomaly even when the account is created and used by different people.

To make fraudulent purchases without being exposed, the hackers also change the billing address within the account settings so that it matches the shipping address they enter on ecommerce sites.

This cybercrime model is potent enough to wreak havoc in the online banking sector, and security gurus have yet to find an effective way to address it.

These increasingly sophisticated evasion techniques allow malefactors to mastermind long-running fraud schemes and rake in sizeable profits. Moreover, new dark web services have made it amazingly easy for inexperienced crooks to engage in phishing, e-banking account takeover, and other cybercrimes. Under the circumstances, regular users and organizations should keep hardening their defenses and stay leery of the emerging perils.

Big data makes hackers a horrifying threat

Hackers are using big data to perform more terrifying attacks every day. We need to understand the growing threat and continue fortifying our defenses to protect against them.

Author: Diana Hope

Source: SmartDataCollective

The 4 major cybersecurity threats to business intelligence

Everywhere a business looks, there are risks, pitfalls, threats, and potential problems. We live in a world where there’s very little separation between the physical and the digital. While this may be beneficial in some ways, it’s problematic in others. When it comes to cybersecurity, businesses have to account for an array of technical and intensive challenges protecting their intelligence.

4 Major cybersecurity threats

For better or worse, cloud computing, the internet of things (IoT), artificial intelligence (AI), and machine learning have converged to create a connected environment that businesses must access without exposing themselves to hackers, cyber criminals, and other individuals and groups with unsavory intents. In 2019, it’s the following issues that are most pertinent and pressing:

1. The rise of cryptojacking

As the swift and malicious rise of ransomware has shown, criminal organizations will go to any lengths to employ malware and profit. This year, cryptojacking is a major topic.

“Cryptojacking, otherwise known as “cryptomining malware”, uses both invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims,” according to SecurityMagazine.comc. “Cryptojacking is a quieter, more insidious means of profit affecting endpoints, mobile devices, and servers: it runs in the background, quietly stealing spare machine resources to make greater profits for less risk.”

2. Lack of confidence in the marketplace

There’s a widespread lack of confidence in cybersecurity among customers and consumers in the marketplace. This limits many of the opportunities businesses have to implement much-needed change.

This lack of confidence stems from highly publicized data breaches and cybersecurity issues. Take the US presidential election in 2016, for example. Despite that no proof of election tampering has been found, the media has led people to believe that there was some sort of breach. In the process, the notion of online voting seems unsafe, despite the fact that it’s something we need.

In the context of business, every time there’s a major data breach, like Target or Experian, consumers lose trust in the ability of companies to protect their data. (Despite the fact that thousands of companies protect billions of pieces of data on a daily basis.)

The challenge moving forward will be for individual businesses to practice data integrity and promote the right cyber security policies to rebuild trust and gain confidence from their customers.

3. Supply chain attacks

As businesses continue to build up their defenses around key aspects of their businesses, cyber criminals are looking for a softer underbelly that’s less fortified. Many of these attackers are finding it in vulnerable supply chains where risks aren’t completely understood (and where there has to be better cooperation between partners who rarely care to be on the same page).

As we move through 2019, businesses would do well to consider what sensitive information they share with vendors. It’s equally important to consider the risk level of each vendor and which ones are worth working with.

4. Insider threats

According to a recent survey by Bricata on the top network security challenges facing businesses in 2019, 44% of respondents identified insider threats as an issue. (The next closest threat was IT infrastructure complexity at 42%.)

In the context of this survey, insider threats aren’t necessarily malicious actions from employees. Instead, it’s often the result of accidental incidents and well-intended actions that go wrong. Businesses can counteract some of these insider threats by using tools like SAP Cloud Identity Access Governance, which allows businesses to use real-time visualizations to monitor and optimize employee access to data and applications.

Better employee education and training is also a wise investment. Far too many employees remain unaware of the risks facing their employers, continuing to make foolish mistakes without realizing they’re making them.

Moving toward a safer digital future

While some would say we’re already living in the future, it’s important for business leaders to remain cognizant of what’s coming down the innovation pipeline so that the right strategic initiatives can be put into place. In doing so, we can all bask in the optimism of a brighter, safer digital future.

Author: Anna Johansson

Source: SAP

Imagine being able to communicate effortlessly with the devices around you. This means having your devices fully automated and connected by sharing data through the use of sensors. This will definitely improve the quality of life and make our day to day activities much easier. This will also make businesses more efficient and facilitate in driving new business models.

Well, there is no need to imagine as this is already a reality. These are the wonders of the innovation brought about by the Internet of Things (IoT), which simply refers to the network of devices, such as vehicles and home appliances, that contain electronics, software, sensors, actuators and connectivity that allows them to connect, interact and exchange data. The emergence of IoT brings about numerous benefits, but also poses a huge threat to security as it creates new opportunities for all the information it gathers to be compromised.

Cybersecurity is already at the top of the agenda for many industries, but the scale and scope of IoT deployments escalate security, making it harder than ever to protect businesses and consumers from cyber attacks. intelligent organizations already need to protect their data and information, but cybersecurity is growing more important than ever with the emergence of IoT devices. Although IoT developments have made life easier on so many levels, it has also brought about serious security implications, as the scale of connected devices greatly increases the overall complexity of cybersecurity, while the scope of the IoT which isn’t operating as an independent device but an ecosystem magnifies these challenges — any data breach can cause significant damage to a whole business database.

As HP found out, 70% of the Internet of Things devices are vulnerable to external attacks. With the technical vulnerability of most of these devices, it can only escalate these threats. Also, with its constant evolution and little attention to security, the potential for damaging cyber attacks can only tend to increase in the future. The implementation of IoT networks opens up the grid to malicious cyber attacks and any form of compromise in the network could lead to great data leakage.

8 IoT threats to cybersecurity in the future

8 IoT threats to cybersecurity in the future

1. Complexity

Variation of devices connected to a network is accompanied by risks worsening cybersecurity worries with its diverse and wide ecosystem.

2. Volume of Data

With IoT’s great need of data to work, it opens up nearly every part of our lives to the Internet, posing an important threat to the possibility of data manipulation. As a result, we must consider what this kind of access to the Internet means for your digital and personal security, as the availability of numerous access points leads directly to an increase in the risk of a breach or hack.Unified attacks can bring down a system or a network of data that is relied upon by millions. IoT is an incredible idea with the potential to change our lives dramatically but brings with it a flurry of concerns that will stretch your abilities and require you to be on your toes at all times.

3. Continuous Expansion

The IoT evolution doesn’t seem like slowing down anytime soon and, in fact, it continues to evolve and expand rapidly. This makes it difficult for cybersecurity to keep up with the pace.

4. Over-Dependence On the Cloud

With the cloud infrastructure, IoT has a heavy reliance on the cloud for safety, which makes cyber attacks to be targeted to the cloud. With this knowledge, it’s important to look for more ways to reduce those threats. More monitoring will be highly needed for cloud configuration, as well as logging. This monitoring can also be done with the use of external tools — These includes antivurus softwares and VPNs needed to be reviewed and compared carefully. These reviews and comparisons will enable you to choose the tool best suited for your device and needs, while the use of these tools will go a long way in securing your internet connections.

5. Privacy Issues

The issue of privacy is generated by the collection of personal data in addition to the lack of proper protection of the data.

6. Deficiency In Authentication

This area deals with ineffective mechanisms being in place to authenticate to the IoT user interface and/or poor authorization mechanisms whereby a user can gain a higher level of access than allowed with regard to their weak authentication mechanisms. For example, there is usually a large amount of data that is not sufficiently encrypted and these data are transmitted via wireless networks, many of which are public and lacking in security.

7. Insecurity

Over the past two years,AT&T’s Security Operations Center has logged a 458% increase in vulnerability scans of IoT devices. The risk with this is that the IoT device could be easier to attack, allowing unauthorized access to the device or its data. Most IoT manufacturers concentrate more on the efficiency of the device and less on the security, making devices vulnerable to cyberattacks. It is also difficutl to secure these devices after they become an end product, which only increases the challenges of cybersecurity.

8. Industrial IoT

According to Forcepoint, in 2019 attackers will break into industrial IoT devices by attacking the underlying cloud infrastructures. This target is more desirable for an attacker, as access to the underlying systems of these multi-tenanted, multi-customer environments represents a much bigger payday.<

What does the future hold?

Due to the aforementioned IoT-related weaknesses, which give cybercriminals more access to manipulate connected devices, it’s clear that IoT is painting a scary future for cybersecurity. However, it’s noteworthy that no system can ever be perfect. A continuous effort has to be put into work in order to provide more effective cybersecurity measures to ensure more safety in our day-to-day use of the IoT devices around us.

Author: Joseph Chuckwube

Source: SAP

The issue of employee reluctance when it comes to cybersecurity training

Although 75% of all US and UK companies were exposed to cyber incidents in the past year, employees still hate cybersecurity training sessions. Considering most cyberattacks capitalize on human error, employee reluctance continues to play into the hands of malicious actors in the shadow of this avalanche of cyber attacks.

Despite the overwhelming belief of cyber executives that their organizations have a solid security culture, recent data gathered by email security expert Tessian suggests that these leaders may be deluding themselves, revealing an unsettling gap between security experts and the rest of the business.

Cybersecurity training is boring to most employees

While 85% of employees participate in cybersecurity training or awareness programs, “How Security Cultures Impact Employee Behaviour” research revealed that 64% do not pay full attention, and 36% find their organization’s training about cybersecurity uninteresting. Do you know how businesses could utilize AI in security systems?

The survey found that security leaders generally agreed on the recipe of good security culture, but Tessian said it was evident that those at the top still had a lot of work to do, given the stubbornly high incident counts.

“Everyone in an organization needs to understand how their work helps keep their co-workers and company secure. To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work,” said Kim Burton, Head of Trust and Compliance at Tessian.

“It is the security team’s responsibility to create a culture of empathy and care. They should back up their education with tools and procedures that make secure practices easy to integrate into people’s everyday workflows. Secure practices should be seen as part of productivity. When people can trust that security teams have their best interest at heart, they can create true partnerships that strengthen security culture.” she added.

The study demonstrated how cybersecurity training exercises, which frequently consist of brief PowerPoint presentations created by legal and compliance professionals without a true grasp of how people interact with instructional materials, have no overall positive effect on employees.

For instance, only one in three respondents said they were satisfied with the communications from their IT or security team, and 30% of respondents said they didn’t think they had a personal role to play in keeping their company secure. Similarly, 45% of respondents didn’t know how to report a security incident or who to report it to.

Over half of those surveyed claimed that behaviors including downloading apps to work devices, transmitting private information to personal email addresses, exchanging passwords among coworkers, and connecting to open or public Wi-Fi networks on work devices are not caused concerns.

Over 40% of respondents said they didn’t see an issue with blatantly hazardous behaviors, such as reusing passwords, leaving business devices unattended or unlocked, downloading unsolicited attachments, or clicking links in emails from unfamiliar sources.

Scaring people with cybersecurity risks doesn't solve anything

The leadership’s propensity to utilize cybersecurity training to spread fear and uncertainty as a motivation appeared to be a significant source of estrangement.

For instance, according to Tessian’s survey, 50% of participants reported having a “bad experience” with a phishing simulation, as shown by the 2021 account of a phishing test that went horribly wrong at West Midlands Trains.

Many others clicked on the link in what appeared to be an email from corporate leadership explaining a thank-you bonus for workers who had endured the pandemic, only to be reprimanded for not being vigilant enough about security. Officials from the union called the stunt “crass and reprehensible.”

Such strategies can “cripple employee decision-making, creative thought processes, and the speed and agility that businesses need to operate in today’s demanding world,” according to Marc Dupuis, assistant professor at the University of Washington Bothell, and Karen Renaud, chancellor’s fellow at the University of Strathclyde.

Tessian listed five actions security leaders should do to improve employee understanding of cybersecurity protocols.

For instance, security leaders must take a more active part in important touchpoints like onboarding, position or office changes, and offboarding during an employee’s “journey” with the company. According to Tessian, the onboarding of new employees offers a fantastic opportunity to grab people’s interest before they grow weary and bored, while more thorough and careful offboarding procedures can assist in preventing the loss of crucial data when a person departs.

Establishing open lines of communication throughout the entire organization and paying close attention to how much information is shared, who it comes from, via what channels, and how frequently are other things that any security leader should be doing.

Tessian provided four essential guidelines for accomplishing this successfully (page 28):

• You must speak the same language as your employees to communicate effectively. That means stripping out the jargon, technical terms, and acronyms and only providing need-to-know information.
• Tailor communications to specific people, teams, or departments to help everyone understand threats, consequences, and solutions. Data, real-world examples, and specific “what-if” scenarios can help you paint a clear picture.
• Security teams should choose a cybersecurity awareness champion to deliver updates or requests and be the point of contact for all questions.
• Develop a consistent format and cadence (for example, a monthly bulletin) to streamline communication and ensure employees have a source of truth to reference.

Finally, there are technology solutions that, when wisely implemented, can support the organization’s development of cyber “self-efficacy.”

Tessian’s research was created by OnePoll, which surveyed 2,000 US and UK-based employees, along with 500 IT security leaders.

The research we examined today revealed why some cybersecurity training and awareness initiatives are far from being effective. However, none of this changes the fact that cyber attacks can bring a company down. 

Author: Kerem Gülen

Source: Dataconomy

Veilig thuiswerken met behulp van 10 eenvoudige tips

Biedt jouw organisatie thuiswerkmogelijkheden? Is je informatie voldoende beschermd? Passen de voorzieningen bij de maatregelen om veilig werken te garanderen? In deze blog staan 10 eenvoudige tips ten aanzien van (informatie)veiligheid en thuiswerken.

1. Bied je medewerkers een gestandaardiseerde, beheerde werkplek

Als je geen controle hebt over hoe je jouw applicaties en informatie ontsluit dan loop je mogelijk onnodige risico’s. Een hele familie kan bijvoorbeeld een willekeurige laptop voor diverse doeleinden gebruiken, waardoor het risico bestaat dat door één verkeerde klik de beschikbaarheid, integriteit en vertrouwelijkheid van bedrijfsgegevens in gevaar komt. Bied daarom een gestandaardiseerde werkplek die voldoet aan de door jouw gestelde veiligheidseisen, ten minste op het gebied van identificatie, authenticatie en autorisatie.

2. Gebruik een VPN

Virtuele privé-netwerken bieden de mogelijkheid om over publieke netwerken veilig informatie uit te wisselen tussen gebruiker en applicaties. Een VPN biedt een extra beveiligingslaag die de unieke netwerk karakteristieken van je gebruikers verbergt, gegevensoverdracht versleutelt en de locatie van de gebruiker maskeert. In combinatie met een gestandaardiseerde, beheerde werkplek kun je data veilig ontsluiten naar je medewerkers.

3. Cloud? Storage?

Cloudopslagoplossingen stellen gebruikers in staat om op elk (beheerd) apparaat toegang te krijgen tot gegevens buiten het kantoor en het kan voorkomen dat medewerkers hun eigen persoonlijke opslag- of berichtenservices gebruiken, waardoor risico's worden verminderd.

4. Complexe wachtwoorden

Wachtwoorden worden gemakkelijk geraden. Dwing sterke wachtwoordvereisten af en zorg dat je deze regelmatig bijwerkt. Als je een extra niveau aan identificatie en authenticatie wilt toevoegen, kun je overwegen ook een multi-factor authenticatie oplossing te gebruiken.

5. Multi-factor authenticatie

Multi-factor authenticatie, ook wel MFA genoemd, voorziet in tweestapsverificatie of 2-factor-authenticatie. Multi-factor authenticatie voegt een extra niveau toe wanneer het nodig is om een gebruiker te identificeren. Bijvoorbeeld wanneer je je aanmeldt bij een nieuw apparaat of een actie met een hoog risico uitvoert die acties kan inhouden, zoals het wijzigen van een wachtwoord of het overmaken van geld.

6. Toegangscontrole

Het toewijzen van machtigingsniveaus, ofwel autorisaties, aan werknemers op basis van hun rol binnen de organisatie kan het risico op datalekken verminderen als hun account wordt misbruikt of gecompromitteerd. Zero-trust, secure by design en private by design zijn termen waar u zich verder in kunt verdiepen of waarover je met leveranciers en dienstverleners in gesprek kunt gaan.

7. Leveranciersbeoordelingen

Is jouw zwakste schakel de persoon zijn die de sociale media-accounts beheert, e-mails verzendt of de IT-infrastructuur beheert? Werken deze mensen ook vanuit huis? Tot welke gegevens hebben zij toegang? Een beoordeling uitvoeren van deze partijen en hoe zij beveiligingscontroles implementeren rond de bescherming van deze informatie is wellicht cruciaal! Is jouw leverancier of partner geaccrediteerd met een ISO/IEC 27001 certificering bijvoorbeeld?

8. Bewustwording

Phishing-e-mails zijn een van de meest voorkomende soorten cyberaanvallen. Cybercriminelen hebben optimaal gebruik gemaakt van de coronapandemie door de intensiteit van aanvallen te verhogen. Het verhogen van bewustwording van de belangen van veilig werken en mogelijke risico’s verkleind het aanvalsoppervlak.

9. Wi-Fi en IoT

Hoeveel apparaten in je huis zijn verbonden met jouw Wi-Fi? Je laptop, mobiele telefoon, smart-tv, tablet, domotica, speakers, thermostaat... Hoewel deze apparaten geweldig zijn, maakt het Internet of Things ons thuis kwetsbaar. Is er een reden dat de mobiele app van je koelkast toegang nodig heeft tot je contactpersonen, bel- en locatiegegevens? Gebruik thuis, als het kan, een apart Wi-Fi netwerk om privé en zakelijke communicatie te scheiden.

10. Implementeer een ISO 27001 Information Security Management System

De internationale standaard ISO/IEC 27001 helpt je bedrijfsvoering te beschermen tegen alle mogelijke bedreigingen, waaronder werken op afstand en toegang tot bedrijfsinformatie. De norm schrijft een methodiek voor voor het ontwerpen, implementeren en exploiteren van een information security management system. Op deze wijze kun je borgen dat er doelgericht, doelmatig en doeltreffend met veiliheid van je bedrijfsgegevens wordt omgegaan.

Bron: Managementbase

What is the impact of AI on cybersecurity?

In today's technology-driven world we are becoming increasingly dependent on various technological tools to help us finish everyday tasks much faster or even do them for us, artificial intelligence being the most advanced one. While some welcome it open-handed, others are more wary, urging for increased protection.

We cannot deny how much AI has infiltrated our lives. We are surrounded by it every day, which many don't even realize. Some of its simplest forms are virtual assistants (VA) used by 72% of the consumers in the USA. AI is advancing super-fast, causing serious ethical discussions.

Not long ago some of the world's most brilliant minds like Stephen Hawking and Elon Musk have warned about the possible ramifications if the development of artificial intelligence wasn't controlled. Hawking even stated that AI could be the worst event in the history of our civilization. But whether we like it or not, the dominance of autonomous technology is inevitable.

Security in the first place

When it comes to cybersecurity, companies are spending huge amounts of money on maximizing its efficiency, in the face of the continually growing rates of cybercrime (up by 11% since last year). It's not surprising since the average cost of cybercrime has increased to $13 million, with average 145 security breaches in 2019, and counting.

Companies should not worry only about losing money and their own sensitive data, but about losing their customers as well. An IBM poll showed that 78% of respondents think that the company's ability to safeguard their private data is 'extremely' important, while 75% would not buy any of their products, no matter how great they are, if they don ́t believe they are able to protect their data.

Due to a huge shortage of qualified cybersecurity professionals, with almost 3 million open positions, companies are more and more turning to implement AI into their cybersecurity protection systems. It is expected that by 2024 AI cybersecurity market will reach a staggering $35 billion, with businesses recognizing the need to implement an advanced technology which will keep pace with the fast-evolving cybercrime.

But how safe is AI?

While AI can contribute to an increased level of cyber protection, by assisting cybersecurity experts in reducing their workload and in time, with their learning algorithms, by adapting and detecting new threats much faster (today it takes more than half a year in average to detect a data breach), there is also the other side of the coin to consider.

Just as cybercriminals can manipulate people to obtain sensitive information, they can do the same with artificial intelligence, taking spear-fishing to a whole new level. This represents a serious concern, with a vast majority (91%) of US and Japan professionals expecting that companies' AI will be used against them. The same applies to VAs, which record and store everything we say (personal information, business-related information, passwords, financial information…) which can be obtained by hackers.

Detecting new vulnerabilities can become much easier with AI, while their ability to make independent decisions can be compromised, which can stay undetected for a while. This represents a huge potential for cybercriminals to launch massive attacks in disguise, especially if they use their own AIs to make these attacks more sophisticated or to build new types of malware. Another concern is that with an AI cybersecurity protection system in place, employees might fall into a false sense of security, thus becoming less cautious.

Conclusion

With AI inevitably becoming an integral part of business protection systems worldwide, it is important to consider all of its aspects when introducing it, both good and bad. 

With companies investing huge resources in their perfection, cybersecurity experts should simultaneously focus on minimizing any possibilities of AI being exploited by cybercriminals.

Source: Datafloq