How to Ensure Cybersecurity in the IoT Era

Posted on 18/07/202008/06/2021 by Anteelo Master

Without adequate security, all connected devices provide a direct gateway into our personal & professional networks. Is it possible to avoid theft of data?

Considering the pace we are all moving at, companies are continually striving to make everything connected virtually. Devices connected to IoT can ‘communicate’ with each other be it tech gadgets, smart phones, smart home equipment and machines, etc. But, without adequate security, these connected devices provide a direct gateway into our personal, corporate, and governmental networks where confidential data can be either stolen or destroyed.

Now that IoT has become a complete game-changer, cybersecurity is more relevant than ever and challenging at the same time. The question still remains, are we ready for such an increased level of connectivity? What are the IoT security risks?

Before we dive into the glaring security issues, let’s look at some IoT market statistics, shall we?

Essential Internet Of Things Statistics To Keep You Up to Speed

Overview of the IoT market

1. The global market for the Internet of things (IoT) reached $100 billion in revenue for the first time in 2017, and forecasts suggest that this figure will grow to around $1.6 trillion by 2025.

2. The total number of connected devices to IoT is projected to reach to 30.9 billion worldwide by 2025. Do note that this number includes active nodes/devices or gateways that concentrate the end-sensors, rather than consumer devices such as computers and cell phones.

3. Due to the Covid-19 pandemic, the IoT adoption rate has increased, especially in the IoT in healthcare setup.

According to Microsoft’s 2020 IoT signals report, one-in-three decision-makers plan to up their IoT investments while 41% say their existing investments will remain the same.

Statistics about IoT security threats

1. SonicWall, which blocks an average of 26 million malware attacks globally each day, recorded 40% rise in malware attacks during the third quarter of 2020 as compared to 151.9 million ransomware attacks globally through the first three quarters of 2019, marking 15% and 5% year-over-year declines, respectively. The report clearly indicates how IoT cyber security is compromised.

2. According to the 2020 Unit 42 IoT threat report, 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network. This is one huge example of IoT cyber risk.

3. The same report also points out that 57% of IoT devices are vulnerable to medium- or high-severity attacks. Also, 41% of attacks exploit device vulnerabilities that again shows IoT security challenges.

Now that you are up to date with all the data that revolves around security aspects in IoT, let’s discuss the challenges of securing IoT devices.

Internet Of Things Security Vulnerabilities And Challenges

1. Insufficient testing and updating

The major issue that comes with companies while developing IoT devices is that no one takes care of the security issue unless some major problem hits. Once IoT manufacturers launch a device they ensure that it is secure but over time it becomes prone to hackers and other security issues due to the lack of constant testing and updating. Hence, opening the door to IoT security challenges.

2. Lack of compliance on the part of IoT manufacturers

Let me explain this with examples you see in your day to day life. If you use fitness trackers, you must have noticed that bluetooth remains visible after the first pairing. A smart refrigerator can expose gmail credentials and a smart fingerprint padlock can be accessed with a Bluetooth key that has the same MAC address as the padlock device.

This can be labeled as one of the biggest IoT cyber security threats! Below are some security issues in IoT devices from manufacturers:

Weak and easily guessable passwords
Usage of old operating systems and software
Insecure and unprotected data storage and transfer
Technical issues in the hardware

3. Botnet attacks

Cyber security for IoT devices is very crucial since they are highly vulnerable to Malware attacks. They do not have the regular software security updates that a computer does. To perform a botnet attack, a hacker first creates an army of bots by infecting them with malware. Further, directs them to send thousands of requests per second to bring down the target.

Cyber security and IoT should go hand in hand in order to avoid a situation of attack. A botnet attack can easily cause a security threat for transportation systems, manufacturing plants, water treatment facilities and electrical grids, which can threaten big groups of people.

For example: A hacker can create spikes on the power grid by triggering a cooling and heating system at the same time. If this attack is planned on a big-scale it can create a nation-wide power outage.

4. Data security and privacy issues

Did you know that hackers did not spare a visionary like Elon Musk and a company like Apple which is known for its proud security claims. ? If such data comes in the wrong hands, it will not only lead to loss of money but also compromise intellectual property.

It was predicted that the Internet of Things will become a target-rich environment for hackers by 2020, attracting more than 25% of all cyberattacks. According to Microsoft, security aspects in IoT are lagging because 60% of employees use their personal devices for work purposes, and more than 80% admit to using unsanctioned web apps for work.

5. Financial crimes

Electronic payment companies that deploy Internet of Things may experience a wave of financial crimes. It will be a challenge to ensure the timely detection of fraud.

Also, due to compliance and operational issues, it will be difficult for all financial companies to launch new models of workflow. That is, unless they improve their project lifecycle and risk management strategies that include a rising threat of IoT security breaches.

6. Home invasions

You must be familiar with the concept of ‘smart homes’, which is a by-product of IoT. Cyber security for IoT becomes a huge issue when it comes to home automation. Due to unsafe devices and poor defense mechanisms, your IP addresses are trackable and it makes it easy for hackers to locate the address of the device.

7. Remote smart vehicle access

An IoT security challenge that is close to home invasion is the hijacking of your smart vehicles. This can lead to theft of personal data, vehicle theft, manipulation of safety-critical systems, etc.

Also, remote vehicle access can be a subject to ransomware, as a hacker may demand a hefty fee to unlock the car or to enable the engine. These malicious intrusions are obviously a huge threat to public safety as they can cause accidents.

Now that you have walked through the vulnerabilities and challenges that come with IoT, it’s time to talk about cyber security strategies that can help you overcome them.

How Can You Make IoT Connections Secure?

1. Secure the network

It is extremely important to secure the network that is a connecting bridge between the IoT devices and the back-end systems. This can be achieved by implementing security features like antivirus, anti-malware, firewalls and intrusion detection and prevention systems.

That being said, in order to sustain a smooth operation, there is a need for the IoT network to be protected and secured. You can effectively protect the network and secure it against attacks with the help of the above mentioned systems.

2. Authenticate the IoT devices

One of the cyber security solutions can be device authentication features for the IoT devices. Features like- multi-factor authentication and biometric systems ensure that nobody can access your devices. A potential attacker will need personal information to gain access to information and this is where you have leverage.

It is of great significance to secure your devices and reduce the probability of your data getting into the wrong hands. When you implement the suggested security options, your IoT devices become well secured against external breach of security. Thus, you will be able to enjoy the numerous benefits of having IoT devices at home, in the office, in your automobile, and anywhere you want.

3. Public key infrastructure strategy

A public key infrastructure (PKI) allows the users to engage in secure forms of communication, data exchange, and money exchange. This type of engagement is carried out using public and private cryptographic key pairs.

PKI ensures the encryption of data through two — asymmetric and symmetric encryption — processes. In asymmetric, we need two keys, one key is the public key and the other key is the private key. If something is encrypted with the public key, then decryption can only be done with the private key and vice-versa.

On the other hand for symmetric both the data encryption and decryption is done with the same key. The data encryption and decryption ensure that data privacy is maintained and the chances of data theft are reduced to the bare minimum.

4. Use IoT security analytics

You can drastically change the number of security issues you face by implementing security analytics. This involves collecting, correlating, and analyzing the data from multiple sources and can help IoT security providers by assisting in identification of potential threats.

Final Say

There is a lot of scope in IoT today and it is safe to say that the market will increase as per the projections, so now is the time to dive deep into the subject and understand it’s what’s and how’s. Also, with the discussion on IoT security challenges and solutions, we can conclude that securing applications is of paramount importance.

The security challenges must be managed, monitored and avoided by taking certain measures. You can go ahead and hire an IoT app development company that can help you overcome all your security risks, you can also choose the company based on the location, for example if you reside in the USA, then finding an iot app development company USA is better choice, as you will be able to know whether the company is genuine and knows its clients and customers choice.

Where should new security tools be deployed initially for maximum impact?

Posted on 12/07/202009/06/2021 by Tushar

You have your eye on a new piece of security technology or service and you want to evaluate it before deciding whether to commit to the effort of a full deployment. Alternatively, you may already be committed to full-scale deployment but wondering where to start. So where should you deploy it first to test it most effectively and have the greatest impact?

Human nature, caution and conventional wisdom dictate that you should put it in a lab environment or in a low-importance section of your network. That is sensible, isn’t it? The change board will give you less hassle and if there is a problem, you are going to get less flack, aren’t you?

But will that approach give you most information and practical experience about the new system’s deployment difficulties, effectiveness in your environment and what it will detect? Will it give you the maximum protection as soon as possible?

Any tool that gives you fresh insight on the behavior of your systems tends to find something interesting. Those of us who have deployed such things have the stories to go with them – from mundane discoveries such as finding that all servers in one network had the wrong DNS settings and were thus being slowed down, to critical detections of previously unobserved persistent attackers.

However, there is an argument to be made for deploying this new tool on your production systems, close to your crown jewels. These are the things you really want to protect and the environment in which it really needs to work. Yes, this approach is higher risk, but it is also higher benefit. Will a deployment on a low throughput, obscure bit of network really tell you much? On the other hand, couldn’t one real detection on your primary systems during the evaluation period convince you and your management of the system’s value?

Granted, this may not be a sensible suggestion for inline systems that process all traffic, but with the right technology it can work. Many security technologies monitor traffic and provide alerts rather than enforce actions — or at least they have a mode in which they can act in this way. A new security solution deployed on a span port or network tap may actually pose more risk to production traffic in terms of confidentiality than in disruption or performance. It is also easy to turn off or detach such solutions by removing the span connection. Other security tools rely on collecting logs from your existing devices. Building an architecture that allows forking and diverting the streams of log events can support easy introduction of such types of new security tooling.

As an example, consider the evaluation of a new security monitoring tool, perhaps one with user and entity behaviour analytics (UEBA). Will you get much information from deploying it on a test/staging environment that will typically have a small number of users and occasional traffic? Or would you get a better sense of its value from connecting it to your production active directory, primary applications and remote access system? Wouldn’t that give you a better idea of how easily it can be connected, how well it copes with actual production loads and whether it can really differentiate between normal and suspicious behaviour?

Designing taps such as those mentioned above into your network and log architectures future-proofs your environment, making it easier to evaluate other products down the road and deploy them into final production. It can also help in emergencies, as incident response teams wishing to deploy their tooling will be looking for very similar facilities overseeing your most critical systems.

So next time you have a new security system to test, think about ignoring conventional wisdom and throwing (some) caution to the wind. Sometimes the radical step is the right one. Deploying security tools on your crown jewels first may be the optimal approach.

Why does a Zero-Trust Security Paradigm in Healthcare make sense?

Posted on 11/07/202009/06/2021 by Tushar

There has been a long-held assumption that data security threats originate from nefarious external forces seeking to steal an organization’s most sensitive data. Traditional security models were therefore designed with this view in mind and on the mistaken belief that everything within the internal network is trustworthy. But there is evidence that a majority of attacks come from internal sources, with healthcare, manufacturing and financial services firms at the greatest risk.

An insider threat may be intentional or accidental but, in either case, the risk can be that much greater because it is often difficult to detect and can continue to spread.

In healthcare, having electronic health records (EHRs) that collect a patient’s data in a single record is hugely beneficial to managing patient care and to patients’ ability to gain insights into their overall health and manage their own care. Securing sensitive data is of paramount importance to prevent data theft, identity theft and reputational damage to the provider. Therefore, access must be secure and accountable, regardless of whether the data resides on hospital servers, mobile devices or cloud services.

As the healthcare industry continues to digitize — bringing together EHR data with other data about the patient, including from smart devices — and as it shifts to care without borders, interoperability of data will become even more crucial, but so too will cyber resilience. Organizations will need to focus on hardening access to digital assets as opposed to making them inaccessible.

In an era of patient-driven care, patients expect to be able to trust those caring for them to safeguard their data. Violation of that trust with security breaches affects the quality of care those patients receive. If a reputable hospital suffers a breach, it will influence where a patient will go for care, which could affect the continuity and quality of care.

This is where the security approach known as zero trust comes into its own. With zero trust, there is no assumed trust of corporate devices or networks versus untrusted public networks or personal devices. The same security checks are performed on users and devices. Everybody is equally suspect, but everybody is also equally enabled to gain the access they need. Access policies are applied wherever data is held and across the interfaces of all systems when they are being accessed.

Such a system might sound onerous to operate, but zero trust is not about putting roadblocks on innovation, collaboration and open exchange. Rather, it’s about increasing cyber defense.

In healthcare, zero trust is about finding a solution that can preserve the sharing and giving of information in a patient’s best interest but that will safeguard the information at the same time. The zero trust approach does just that and is a viable option to support digital healthcare.

To achieve the objectives of data security through a zero trust approach, healthcare organizations need to consider three key elements.

Ensure that zero trust encompasses security at multiple levels. Applications need to be subject to strict login and monitoring rules and complete API security. This is one way an application can be executed, and these interfaces are vulnerable to attacks unless they are properly protected. The network must have strong security measures, such as physical segmentation and firewalls, plus security monitoring across all users and IT systems. Multilevel security programs should also address training for staff and patients to spot phishing attempts and practice good security hygiene, such as setting strong passwords. And the infrastructure needs to monitor all users logged into the overall system. Patients who read reports that their hospital is being investigated for security breaches will choose to go elsewhere. Once a hospital’s reputation is damaged, the stigma is hard to overcome.
Ensure that all patient data and resources are accessed securely with the appropriate permissions. Knowing where data is held allows controls to be extended to wrap and protect data on-premises, in the cloud and on personal devices. Once the data is classified, the correct access policies can be enforced when that data is being accessed. Healthcare organizations need to be able to audit who has accessed information to ensure accountability.
Have in place a “least access” strategy through an identity and access management solution, and grant access only to people authorized to access data. For example, if a physician is allowed to access a patient record, only that physician should be able to do so, not other clinical staff involved in caring for the patient. The objective is to ensure that the hospital is running an environment with the proper protection in place. Zero trust needs to be ingrained in human resources policies. Since hospitals typically have a large temporary workforce and a lot of personnel changes, the identity management system can automate safeguards to identify new employees and those moving into different roles or leaving the organization. So, if a nurse or doctor leaves the hospital, that person’s authorized access will be automatically revoked.

The patients’ trust and confidence in the healthcare system rely on healthcare organizations being able to safeguard their data and ensure that it is only used legitimately. Trust drives all consumers’ experiences in terms of whom they engage with. And in an era of patient-centered care, patients expect their hospital or clinician to also care for their personal data.

Crucial ways by which Continuous Delivery improves your Security posture

Posted on 10/07/202009/06/2021 by Tushar

Continuous delivery yields a host of IT and operational benefits, including proven competitive advantages like faster deployment times, responses to customer feedback, and bug fixes. But one aspect that tends not to make it on the marquee list of benefits — and should probably be headlining it — is security.

It’s really quite simple — with continuous delivery, cruical security enhancementst, updates and fixes to applications can be pushed live in a quick and timely manner to get the enhanced security into deployment. What could be better than that?

Traditional slow and batch-oriented waterfall approach

Typically, in the traditional ITSM approach, when a security incident happens, it is captured and consolidated with other requirements to be addressed in the next application release. Sometimes an urgent patch release can be delivered sooner, in a few weeks – if it can rapidly progress through the cycle of fix, regression testing, release preparation, release testing and maintenance. But if the fix requires a major release, it could be many months until it can be made available, and in most cases, the only thing you can do in the meantime is document the incidents.

That’s too slow.

A better, faster way — continuous delivery and DevSecOps

A modern service management approach combining continuous delivery and DevSecOps supports the core tenets of information security: data confidentiality, integrity, and availability. A dedicated team provides continuous delivery by making small or incremental changes every day or multiple times a day. DevSecOps secures the continuous integration and delivery pipeline, as well as the content that’s coming through that pipeline.

You gain three key advantages:

Speed. Continuous delivery and DevSecOps dramatically improve security because they allow malicious attacks and bugs to be addressed as soon as they’re identified, not just added to some logbook. And in many cases, the window for action falls from between six and eight weeks down to minutes. Thus, far fewer incidents become problems that impact IT and business operations.

Consistency. IT teams working under traditional ITSM often worry that the continuous delivery and DevSecOps approach will create more opportunity for mistakes and bugs because more changes are happening more often. In practice, the exact opposite is true.

Flexibility. A DevSecOps approach simplifies the introduction of blue/green canary releases — implementing a new release while continuing to operate the prior release — into your delivery capacity. This allows you to redirect modest amounts of traffic to your new release, facilitating the identification of potential issues without drastically impacting many users. It also lets you rapidly shift all traffic back to the current release should a problem be identified.

The modern approach offers a variety of powerful tactics for quickly countering attacks. For example, workloads can be designed to move between cloud providers using Pivotal Cloud Foundry, containers or other homogenizing technology that offers the flexibility to move systems from one cloud provider to another. If there is a big denial of service attack in one provider, you could redeploy to another provider or back to a private data center with the click of a button. If an attack is focused on a particular IP, you recreate the environment at a new IP and block the other one completely. Structuring applications in this kind of push-button deployment mode creates opportunities for all sorts of similar scenarios.

How to move forward

Realizing the security benefits that come from implementing continuous integration and DevSecOps may require a deep, cultural change in the way your company builds and delivers software. Increasingly, security will become a secondary competency of developers, with risk ownership devolving from the central security team to application owners. In this new mode of operating, we need to make sure the right guard rails are in place and that the central security team provides necessary mentorship and support.

It’s a challenge, no question. But worth the rewards.

Successfully navigating some of these changes is explored in a recent post called “How to jump start your enterprise digital transformation.” A seven-page paper, DevSecOps: Why security is essential, is another good resource.

Self-Sovereign Identification raises the value of Data shared in an Ecosystem

Posted on 09/07/202009/06/2021 by Tushar

As organizations focus on data-driven business models to remain competitive, they will increasingly seek to collaborate with partners and exchange data. Data shared in an ecosystem is more valuable than data locked in a silo because it leads to new innovations and customer experiences. This trend is playing out in many industries including transportation, logistics, energy, manufacturing, healthcare, telecommunications and financial services. The effort of maintaining countless data repositories has made data acquisition very expensive, causing a drag on the overall competitiveness of an industry, not to mention the additional burden of adherence to the General Data Protection Regulation and personally identifiable information standards with respect to handling personal data. In the case of autonomous cars, for example, there is so much data to be had — and so much needed — that pooling it makes sense to get a sufficient amount for R&D in as timely and cost-effective a manner as possible. This moves the entire industry forward. Through a combination of internet of things, artificial intelligence, and distributed ledger technology (DLT) we will see auto manufacturers, fleet operators, OEMs and end users willing to share and exchange data as digitized assets through data marketplaces, enabling the players to benefit from new offerings based on the transparency and monetization of shared data.

Shifting from cars to mobility services

In the automotive industry, the market is shifting from selling cars to providing mobility services. A DLT-based system, combined with self-sovereign identity, makes it straightforward to build a mobility ecosystem where it’d be easy to enable new ways to engage with customers and partners, leveraging trusted and safe data exchange. For example, make it simple for customers to get the best deal on car financing (no need to re-enter their personal details to get approval at each dealership). Make customer interactions seamless by having customer history (i.e., loyalty data) immediately available with the customer’s explicit consent, without the need to store this data at each dealership or at a car manufacturer.

A trusted and verifiable data-enabled mobility ecosystem helps companies offer new services, such as car-sharing or car-exchanging that can involve dealers, for example, as drop-off and pick-up locations. This includes making the process of verifying auto insurance and driver qualifications seamless.

If I’m on vacation and don’t need my car, I can share it, or if I drive a compact car and need an SUV for a few days, I can connect with the ecosystem and benefit from this shared economy. In addition, the revenue I collect from the shared vehicle could be applied to a down payment on a new car.

Dealers benefit too. They can offer inspecting and cleaning services for the shared cars, and they get potential new customers at their location. Car makers benefit because they can grow their brand’s value and get insights into car usage.

Controlling identity, unblocking consent

Empowering an individual or an asset to control one’s own identity is a precursor to companies’ reaping the benefits of pooled data. Through self-sovereign identity, an individual will be able to consent, authenticate or verify themselves without having to present their documents. Users can access third-party-owned products and services while keeping their anonymity.

Many organizations and consortiums are contributing towards the establishment of open source decentralized identity to achieve interoperability among all participants, set protocols, and develop technologies and code in areas including decentralized identifiers (DID) and verification, storage and compute, authentication, claims and verifiable credentials. The focus of these efforts has been to decouple the trust between the identity provider and the relying party to create a more flexible and dynamic trust model such that the ecosystem benefits from increased market competition and customer choice.

In 2020, we expect to witness deployment of self-sovereign identity to unblock consent, which will help organizations leverage inaccessible data sets without breaching privacy regulations. This will facilitate decentralized data marketplaces that provide a level playing field for all market players by enabling any of them to monetize data. It allows for improved and customized offerings, thus setting higher standards and increasing the overall value of the ecosystem.

Better using AIRO in security operations-For Analysts

Posted on 08/03/202015/06/2021 by Tushar

The traditional security operations model is rapidly succumbing to the challenges and dynamics inherent in today’s cybersecurity market. Over the last few years, organizations have deployed a myriad of security technologies to combat specific threats, and as a result have inherited a collection of point product solutions with very little interoperability. This has made it difficult for operation teams to leverage these technologies as a common fabric for threat identification, correlation, detection and remediation activities.

This has also increased the amount of time it takes to detect and remediate a security breach. On average, it takes organizations nearly 6 months to detect a breach and another 2 months to remediate it. While organizations continue to operate in a reactive mode to security threats, the goal is to move to a model that is much more proactive and predictive in nature.

Compromising this goal is the lack of skilled security expertise needed to perform identification, detection and remediation activities. The talent shortage is most pronounced for Level 1 analysts in the security operations center (SOC), the “first responders” that must sift through volumes of data and determine which alerts require immediate action.

Attackers are using sophisticated approaches to exploit vulnerabilities, and the volume and velocity of known and unknown attacks continue to rise. Organizations still demand “eyes on glass” to detect and respond to security threats, but the volume of attacks originating from multiple threat vectors, and the skills challenge they face has created a scale issue where level 1 SOC analysts are overwhelmed with the amount of data that must be analyzed. In some cases, SOC analysts are dealing with petabytes of data. In addition to the scale problem, the incoming data lacks context, which makes the task of prioritizing suspicious behavior for further investigation another challenge for SOC analysts.

The Business Benefits of AIRO

To effectively address these challenges, organizations must adopt a new approach for SOC operations that addresses the need to handle the volume of data and alerts more effectively. A move toward an intelligent SOC that utilizes AI, Automation, Incident Response and Orchestration (AIRO) to increase productivity and efficiency of SOC analysts and accelerate the time to detect and contain a security breach is directionally where the market is headed. AIRO consists of the following components:

Analytics: Driving contextual insight into threat dynamics
Intelligence: Collecting and indexing sources of information
Response: Initiating the proper response based on the nature of the security threat
Orchestration: Coordinating multiple toolsets to mitigate a threat and harden the network

Using AIRO tools, organizations can better leverage existing investments in security technologies by utilizing APIs to interconnect various platforms and correlate data from firewalls, IDS sensors, endpoint devices, and external threat intelligence feeds. AIRO tools complement an existing security information and event management (SIEM) tool by acting as middleware to integrate with existing tools and provide greater visibility into indicators of compromise. This becomes increasingly important as corporate data moves from endpoint devices to on-premise infrastructure and multi-cloud environments.

AIRO tools ingest alerts from the SIEM and automate the responses to repetitive alerts, freeing up security analysts for the more challenging alerts that require human intervention. The tool should also provide valuable contextual information — such as asset information and threat enrichment data — to effectively improve the security analyst’s decision-making ability by prioritizing threats that represent the most risk to the organization.

In today’s complex environment AIRO tools can make security analysts’ work more efficient, less burdensome and more accurate by leveraging automation, analytics and orchestration. By ensuring proper integration and interoperability with existing security technologies and centralizing visibility on a security platform, security operations teams can gain greater insight and move from a reactive security posture to a more predictive and preventative approach.

Big Data and Cyber security: Together, Stronger

Posted on 19/01/202018/06/2021 by Anteelo Master

The 15 biggest data breaches of the 21st century | CSO Online

You perhaps may have heard Big Data term before—as companies have to guard themselves against all kinds of Cybersecurity attacks. But an invader only needs to have one booming effort. With those chances, you can now try to stop attacks from happening. Over the past few years, cyber attacks have grown both in amount and in approach. Newspapers, articles and the internet are filled with numerous incidents of cyber attacks occurring almost every day, throughout the globe, in various fields.

More sophisticated, streamlined and ambitious cyber attacks (with the capability of inflicting destruction to a large extent) have compelled the security experts to look for ways to up their game as well. The propagation of cloud computing which has affected the efficiency of the firewalls (set up for protecting the systems) a bit, has resulted in the security teams of various organizations in opting for strategies that would analyze the behavior of the user and the network.

Enters Big Data

Big data is nothing but extremely large data sets that comprise of structured data like SQL database stores, semi-structured data like the kind present in sensors as well as unstructured data like document files; data that can be mined for information. The approach is already being used in multiple projects throughout the world like during elections (particularly in Obama’s 2012 re-election campaign and Indian General Election 2014). Since the security experts indulged in ensuring cyber security are shifting their focus to the analysis part of the data, services like risk management and managing the actionable intelligence provided by Big Data can be utilized here.

According to CSO, the collaboration between cybersecurity and big data would be best put to use with highly trusted and accurate data along with some functionality to automatically respond to the threats present in the data (being analyzed). Using Big data for ensuring Cyber security will allow organizations to identify hackers attack vectors up to an advanced level and in discovering miscellaneous anomalies.

New victim in the town: Manipulated TeamViewer Attacks

Posted on 15/01/202018/06/2021 by Anteelo Master

Government agencies were in a state of shock when they realized that their systems have been compromised with the malicious TeamViewer software. The attacker who was responsible for this attack is a Russian speaking man. TeamViewer is one of the most popular tools for the remote access of desktop, desktop sharing, file transfer between systems, web conferencing etc. The motive behind the attack is probably financially driven. The software was manipulated by adding malicious TeamViewer DLL to the original software. This mala fide software can steal sensitive data and money from even government and financial networks.

A malicious email posing to be sent from the U.S. Department of State was delivered in the inbox of the government employees and had ‘Military Financing Program’ as its subject line. The email had a malicious XLSM attachment with embedded macro.

Employees were duped by the malicious email since the emails coming from the U.S. department of state are generally marked as top secret. Once the victim opened and enabled macro in the decoy document, two files were extracted from the hex encoded cells in the XLSM document. The first one was the genuine AutoHotkeyU32.exe program. The other one was the corrupted AutoHotkeyU32.ahk which is an AHK script used to communicate with C&C server and to download the additional script and execute it.

How did the attacker successfully deploy the attack?

There are three different kind of malicious AHK scripts including ‘hscreen.ahk’, ‘info.ahk’ and ‘htv.ahk’. These three scripts affect user’s system in different ways.

hscreen.ahk: This script takes the screenshot of the victim’s personal computer and upload it on the C&C server.

hinfo.ahk: Victim’s username and computer information is sent to the C&C server.

htv.ahk: A malicious version of TeamViewer is downloaded, executed on victim’s system and login credentials are sent to the C&C server.

The attacker hid the genuine TeamViewer interface while the TeamViewer software with malicious ‘htv.ahk’ was being run. DLL in order to take over the control of the software. This allowed the attacker to replace the genuine TeamViewer with the manipulated version.

The attack targeted Public financial sector and government officials belonging to Kenya, Italy, Liberia, Bermuda, Guyana, Lebanon and Nepal.

Earlier in the month of January, a security researcher who goes by the name of FewAtoms found a URL containing a malicious self-extracting archive which is a spyware disguised as TeamViewer.

The researchers have found a link of an avatar connected to a Russian underground forum user known as EvaPiks.

What could have been done?

Ensure that the AHK script is compiled with ahk2exe, which is the part of AHK distribution.
In order to prevent de-compilation, provide a good password.
Always check the extension of any attachments present within the email.
Organizations should implement a multi-layer defense and put mitigation protocols in place to detect intrusions and act against them.
Enhance settings for macro malware attached emails.
Ensuring the application of these methods so that the program runs normally. It will also ensure that attacker would have difficulties in modifying the program.
However, the most effective strategy is to empower employees against social engineering attacks and provide periodic knowledge imparting sessions.

Biggest cases of data breach in the first quarter 2019

Posted on 14/01/202018/06/2021 by Anteelo Master

2019 has been a good year; not for many; but definitely for cyber-criminals. While we might still be coping-up with the news of a data breach incident that would have occurred two days ago; we hear another case of an organization’s infrastructure being breached. Let’s hit the ground zero.

1. Google Chrome cast Hack

It was almost a normal day of the winters of January, when thousands of people who had been using Google’s Chromecast streaming dongles, Google Home smart speakers as well smart TVs with built-in Chromecast technology; got their systems hacked. Hackers left a display pop-up to inform users that their systems are exposed to public internet. However, the odd thing about this hack was that attackers forced people to subscribe to the YouTube sensation ‘Pewdiepie’.

2. Germany’s Biggest Cyber attack

Around the same time, Germany was hit by the biggest cyber-attack in its history. Hackers hacked into the twitter accounts of more than hundred German politicians and accessed their highly sensitive personal information including email addresses, phone numbers, private chats, photographs of victims’ ID, bills as well as the credit card information. Attackers leaked the data on a twitter account called ‘@_0rbit’. German federal police dived into an investigation and soon, a 20-year old local student was arrested.

3. Ethereum Classic lost $ 1.1 million to hackers

While German police was celebrating its victory, popular cryptocurrency exchange Coinbase Ethereum Classic, experienced one of the worst days in its history. People who were using its services were forced to pay twice the coins for any of its services. This resulted in the loss of around $ 1.1 million Ethereum Classic digital currency. This resulted in the immediate fall in the prices of the digital currency. Hours later, Ethereum Classic accepted that there were almost ‘51% successful attacks’ with multiple block reorganization. Attackers are still under the cover and Ethereum Classic is still investigating.

4. Australian Parliament Cyber-attack

In the beginning of February, Australian parliament faced one of the biggest cyber attacks with its server being hacked by what the Australian parliament referred to as ‘the work of a sophisticated state actor’.

5. Leaked Database of Chinese citizen found online

In January 2019, cybersecurity experts discovered a huge unsecured database worth 854.8 GB; lying openly on the internet. The database was stored on an instance of MongoDB and consisted records of approximately 202 million Chinese citizens who were apparently job candidates. Soon the database was taken off, however, MongoDB has displayed the list of dozen of IP addresses that have accessed this database.

6. Wiping out VFEmail.net

U.S. based email service ‘VFEmail.net’ informed its users that all their data as well as backup worth two decades of data was lost. It was discovered that the attacker’s IP address was 94[.]155[.]49[.]9 and the username was “aktv,”, apparently registered in Bulgaria.

7. Attackers were selling the information on dark web

In one of the shocking instances, it was revealed that attackers were selling information of approximately 747 million accounts on the dark web. These accounts were stolen from 24 very popular websites. Most of these websites had no idea that they were compromised with, however, a few have confirmed that they suffered from data breach.

8. Indane gas breach

LPG gas company, Indane, became the victim of yet another case of data breach, where Aadhar number of approximately 6.7 million customers were leaked.

9. Aadhar details leaked

MongoDB is once again the talk of the town. A database known as GNCTD worth 4.1 GB in size, has been found on MongoDB instance. The database consisted of approximately 458,388 individuals’ Aadhar and Voter ID numbers along with references as well as email addresses with “transerve.com” domain for users who were registered with “super admin” and “senior supervisor” designations.

10. 1 million ASUS systems affected by massive supply chain attack

Taiwan based world’s fifth largest PC maker, ASUS, revealed that approximately 1 million systems were affected by massive supply chain attack known as ShadowHammer.

11. Bithumb suffers the loss of $19 million

On March 30^th, the news of a humungous $19 million theft from the South Korean, Bithumb cryptocurrency exchange, fell into the ears of people. Hackers had compromised Bithumb’s hot EOS as well as XRP wallets and transferred approximately 3 million EOS (~ $13 million) and 20 million XRP (~ $6 million) to the newly-created accounts.

12. Georgia Institute of Technology suffers data breach

Georgia Institute of Technology was hit badly by cyber-criminals when a data breach led to the theft of the personal information of around 1.3 million current as well as formal faculty members, student as well as the applicants. According to the university, outside entities gained access to the web application of the university’s database.

What is the reason behind the success of these attacks?

The first quarter of the year has seen a number of data breaches that have targeted big organizations. Attackers are learning, adapting as well molding their modus operandi with the changing time. On the other hand, organization are still being old school.

Procrastination:

2019 took a start with Google Chromecast devices being hacked. This happened because a group of attackers exploited a bug that was lying down for five years like a ticking time bomb. Evidently, Google was aware of this vulnerability but kept on ignoring the bug.

Being Ignorant to the details:

In most of the cases, organizations are unaware of the fact that they are undergoing a cyber-attack. ASUS is one such victim since the attack was ongoing during the second half of 2018 and the company had no clue.

Lack of proper cyber-security measures:

Many a times, the data travelling in the forms of packets is not well encrypted and thus data can be easily stolen away by attackers. Indane Gas was victimized because of a vulnerability that was present in its mobile application.

What should organizations do in order to safeguard themselves?

Organizations can employ preventive cyber-security measures in order to safeguard data security and ensure that the network as well as the infrastructure of the organization is free from vulnerabilities and loopholes. Cyber-security companies ensure the same with a number of managed security services such as vulnerability assessment and penetration testing, web application testing, network penetration testing, server security testing etc. Anteelo is one of the fastest growing cyber security start-ups in the country. With its team of expert pen testers, the company has provided managed services to a number of businesses to industries like Healthcare, banking, insurance etc. These services have enabled organizations to conduct businesses without worrying about various issues related to the cyber security of the organization.

Reasons Behind Successful Phishing Attacks

Posted on 13/01/202018/06/2021 by Anteelo Master

Phishing is one of the most infamous cyber attack vectors that is widely adopted by attackers for luring victims to reveal their sensitive and confidential information. Phishing attacks are generally carried out through the medium of emails.

Attackers forge fake emails with malicious links. Once the link is clicked and the victim submits its credential, the attacker gains unauthorized access by misusing those credentials. Hence, the victim gets phished.

History of the Emergence of Phishing Attacks

The history of phishing is quite old. It has been prevalent since the good old days of the 90s. America Online (AOL) was one of the top internet service providers during the mid-90s with millions of visitors every single day.

Attackers or ‘Phreaks’ (yes! That’s what attackers used to call themselves. Fancy, right?) started trading pirated software over AOL and formed a ‘warez’ community.

This community stole AOL users’ passwords, created random credit card numbers, and spammed users.

This process was automated with the help of windows software AOHell. Once discovered, AOHell was shut down by America Online.

There are many cases that have been reported and even more that have not been reported. On average, 1.2 million phishing attacks occur annually. According to security research, phishing attacks almost doubled to 482.5 million from 246.2 million in the year 2017. Statistics show that phishing accounts for 91% of all cyber attacks.

Why do Attackers Use Phishing Attacks?

Large User base

One of the biggest reasons for the success of Phishing attacks is the widespread use of emails. At present, there are around 2.6 billion email users and this number is expected to cross 4.2 billion by the year 2022. Susceptibility rate of phishing attacks is quite high as attackers can easily find out email addresses, send phishing emails, and there, it’s done.

Humans are the weak link

The other big contributor to the success of phishing attacks is the victim itself. These days, social media has become a huge part of people’s lives. People are putting out their entire lives online. Attackers can easily access the personal information of the victim through a social networking platform that helps in creating personalized phishing attacks (also known as Spear Phishing).

Lack of awareness

Lack of security awareness among employees is also one of the major reasons for the success of phishing. Organizations should be aware of how the benefits of security awareness training can secure their employees from falling victim to phishing attacks.

In recent years, attackers have shifted their focus from individuals to employees within the organization. Statistically, 90% of the cyber attacks are the result of employee negligence. During the year 2018, a 76% increase in the number of phishing attacks was observed.

54% of the companies had experienced one or more attacks that compromised their IT infrastructure and data. According to the survey done on 19,000 people, approximately 97% of the people are unable to identify such attempts.

Leniency in the adaption of security measures

The leniency in the adaptation of security measures is one of the biggest reasons for the success of phishing attacks. Studies have shown that organizations lag in spending money on the implementation of cybersecurity measures. During the year 2018, 51% of the organizations have made no change to the budget allocated to ensure cybersecurity.

These reasons play a huge role in the success of such attacks. Therefore, it is extremely important for organizations to implement cybersecurity practices and understand the benefits of following security measures properly. Cybersecurity companies like Anteelo , ensure that your network and infrastructure are secure from cyber attacks. Anteelo offers industry-leading cybersecurity solutions and tools such as cyber attack simulation and awareness tool, email authentication and anti-spoofing solution; anti-phishing, fraud monitoring & take-down solution; phishing incident response, VAPT and secure code review.