ARCHIVE FOR THE ‘cyber-security’ CATEGORY

Mobile workforce using public Wi-Fi and unsecured home networks is a serious security hazard, warns cybersecurity expert.

The pandemic forced millions of workers to leave their offices and work remotely, creating new cybersecurity challenges for companies globally.

Cybercriminals took notice, causing companies to experience record-setting losses brought about by data breaches.

However, remote work is not a passing phenomenon - according to Gartner, 51% of knowledge workers will work remotely by 2022, which is a 24% increase when compared to 2019.

If remote work meant working from home at the beginning of the pandemic, it is now changing towards working from anywhere. Cybersecurity-wise, this means that an increasing number of workers will access their work networks through vulnerable networks, and additional security measures have to be put in place to mitigate the connected risks.

WFA: the dangers of public Wi-Fi and unsecured remote locations

The switch to home offices left managers dealing with several cybersecurity threats stemming from unsecured home devices and networks, as well as unprotected internet traffic.

When the majority of employees work from a single location, there is only a need to protect the main network - which is less demanding than protecting as many endpoints as there are employees.

The problem becomes even more evident once employees are not working from a fixed location like home but are, for example, traveling while working and have no choice but to use public internet access.

"Adapting to working from home was a challenge to cybersecurity personnel everywhere, but the growing trend of working from anywhere entails a new set of threats to consider," said Algirdas Sakys, Information Security Manager at NordLayer. "Working from anywhere usually means using unencrypted public Wi-Fi, which can lead to information being intercepted, malware being distributed. There is an array of ways in which hackers exploit unsecured public networks, and businesses have to adapt their cybersecurity strategies accordingly."

The Castle-and-moat approach to cybersecurity is no longer viable

Since every remote employee is a potential threat to the integrity of a given company's data, businesses are shifting their cybersecurity strategies away from the castle-and-moat approach. Now, network security solutions based on the Zero Trust principle are replacing traditional, static defense strategies.

In the Zero Trust framework, the given network is protected by granting users and devices access to only those parts of the network that are essential to their task. In such a system, every user is authenticated before being allowed to access the needed data through an encrypted tunnel. Because of this, even if a device gets compromised, it can't cause network-wide damage.

Organizations that have Zero Trust-based system in place enhance their cybersecurity in three key areas: secure access, secure browsing, and increased cybersecurity training opportunities, added the NordLayer expert:

"First, a comprehensive security framework of this kind allows the remote employees to safely connect to the company network without putting the whole network at risk. Second, web browsing becomes considerably safer, allowing cybersecurity personnel to ensure employee browsing habits are not potentially harmful to the company. Finally, due to the automated nature of Zero Trust-based systems, managers gain more time to educate their personnel on best cybersecurity practices, which is crucial because defrauding humans is one of the chief enablers of successful cyberattacks."

Further Reading:

• Read more about Digital Transformation @ www.fieldservicenews.com/digital-transformation
• Read more about Cyber Security on Field Service News @ www.fieldservicenews.com/cyber-security
• Read more about the impact of COVID-19 on FSN @ www.fieldservicenews.com/covid-19
• Find out more more about NordLayer @ nordlayer.com/
• Learn more about NordLayer @ twitter.com/NordLayer

Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre, and Sam Curry, chief security officer at Cybereason, comment on the news that Apple has updated its software for iPhones to address a critical vulnerability.

It has been reported that Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist. Researchers from the University of Toronto's Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.

STAYING ON TOP OF ALL OPERATING SYSTEM UPDATES IS THE ONLY REAL PATH FOR END USERS TO PROTECT THEMSELVES AGAINST ZERO-CLICK SOFTWARE AND APPS

The urgent update that Apple released yesterday plugs a hole in the iMessage software that allowed hackers to infiltrate a user's phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.

Commenting on this, Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre, said "Zero-click software or apps should be a high concern for any mobile device user. This class of software doesn’t require any interaction by the user, so no explicit download and no explicit consent is granted. While there are legitimate uses for this class of software, the secretive nature of the installation makes it particularly appealing to malicious or criminal groups. The only real path for end users to defend against such software is to keep on top of all operating system updates, vendor updates, and maintain an up to date anti-malware solution."

Sam Curry, chief security officer at Cybereason, added "Monday’s emergency software updates for a critical vulnerability discovered in iPhones, Apple Watches and Macs, shouldn't be cause for panic. Yes, this newest Pegasus spyware delivery mechanism is novel, invasive and can easily infect billions of Apple devices, but stay calm and simply get control of your device and download the software updates available from Apple. Do that and move on. Follow Apple's instructions if you think you are infected and consult your IT department at work, school, etc. Failing that, Apple’s Genius Bar will be able to help. With nearly 2 billion iPhone active around the world, 100 million Apple Watches being used and more than 100 million Macs, security can’t be a luxury for Apple and it’s not, it’s a responsibility they take seriously.

This type of software is generally a scourge. This specific package has been known a while. What's novel is the subtle installation. These have happened in the past and should be a top priority to identify and fix for any vendor. Relating to Apple security, failing is OK. Failing consistently is not. Let's see how Apple addresses this. They are a generally more secure platform, but they must continue to invest and demonstrate commitment going forward. The most secure platform in the world can be cracked given time unless the security is maintained. An incident or two are not a cause for pitchforks and torches to come out. That comes later if things recur or are dealt with in a cavalier manner."

Further Reading:

• Read more about Digital Transformation @ www.fieldservicenews.com/digital-transformation
• Read more about Cyber Security on Field Service News @ www.fieldservicenews.com/cyber-security
• Read more about Software & Apps on Field Service News @ www.fieldservicenews.com/software-and-apps
• Find out more more about Synopsys @ www.synopsys.com
• Learn more about Cybereason @ www.cybereason.com

Cyber security provider F-Secure launched F-Secure Elements: a new cloud-based platform that streamlines how organizations provision cyber security services.

Available from F-Secure’s service partners with fixed-term license subscriptions, or usage-based billing for greater flexibility, F-Secure Elements empowers organizations to pick cyber security services on terms that accommodate their needs.

Many organizations operate in complex environments dominated by a range of dynamic risks and opportunities. Keeping these complexities in mind, as well as the rising costs of security and the lack of experienced security professionals, it’s no surprise that an overwhelming number of organizations want to simplify how they source cyber security capabilities.

F-SECURE ELEMENTS IS THE FIRST CLOUD-BASED PLATFORM CREATED TO EMPOWER ORGANIZATIONS WITH FAST, FLEXIBLE, AND EASY ACCESS TO CYBER SECURITY SERVICES.

F-Secure Executive Vice President of Business Security Juha Kivikoski says these demands are driving a shift toward providing cyber security as services rather than products.

“Even with updates, products are static and can’t adapt fast enough to keep up with threats, or businesses, as they evolve. Services help businesses stay agile and are more cost-effective when delivered right, which is why the future of our industry is in delivering everything as a service,” he explained. “Having a platform designed for the servitization of cyber security can help organizations get better protection, which is why simplicity and flexibility are F-Secure Elements’ core design principles.”

F-Secure Elements is a modular platform that combines endpoint protection, endpoint detection and response, vulnerability management, and collaboration protection for cloud services (such as Microsoft Office 365).

F-Secure Elements’ key capabilities and benefits include:

• Comprehensive situational awareness and meaningful visibility across assets, configurations, vulnerabilities, threats, and events.
• Streamlined and autonomous operations to ensure efficient workflows and faster responses to real threats.
• Real-time, connected data flow between elements to enable faster detection of threats.
• Intelligent, extended detection and response capabilities for data-informed decisions.
• On-demand option to elevate difficult cases to F-Secure experts.

Usage-based pricing simplifies path to growth

A recent Forrester report emphasized the increasing importance for flexibility and usage-based pricing*: "During the pandemic, many clients became frustrated when vendors wouldn't lower license usage below baselines, even though the organization's usage had dropped off because of staff furloughs. Examine contracts and ask for flexibility to alter the licensing baseline under certain conditions and for the ability to carry forward unused license entitlements into the next year without additional charge."

With the transparency on usage provided via F-Secure Elements’ detailed invoicing for usage-based billing, organizations can make informed decisions on how to control security investments to prevent paying for idle licenses, or services they don’t need.

“Usage-based pricing helps organizations develop and adjust their security capabilities to focus on outcomes, and move from ownership to usership,” said Kivikoski.

F-Secure Elements was launched at SPECIES, F-Secure’s annual global partner conference. Video is available here: https://www.youtube.com/watch?v=axLDbj1_Nb4.

More information on F-Secure Elements is available here: https://www.f-secure.com/elements.

*Source: Forrester: How To Save Money In Security Software Negotiations: Techniques For Preparing For And Conducting Security Software Negotiations To Increase Value. Paul McKay, Sean Ryan, and Mark Bartrick, October 13, 2020.

Further Reading:

• Read more about Servitization @ www.fieldservicenews.com/servitization-and-advanced-services
• Read more about Cyber Security @ www.fieldservicenews.com/cyber-security
• Learn more about F-Secure @ www.f-secure.com
• Read more about F-Secure on Field Service News @ www.fieldservicenews.com/f-secure
• Follow F-Secure on Twitter @ twitter.com/FSecure

The logistics industry, currently one of the greatest winners in the 2020 pandemic world, is under enormous threat going into 2021 as one of the UK’s prime business sectors is targeted by sophisticated cyber-destructors and intellectual property thieves.

“The logistics sector is at a major crossroad... and the real winners and losers will more accurately be defined in the next couple of years” said Robert Garbett, Founder of Drone Major Group, and one of the world’s leading advisors on the advanced capabilities of unmanned systems (drones).

“This year’s lockdowns and now the Christmas rush of pent-up demand have provided virtually all logistics companies with a rapid accelerator for growth, and most have fared extremely well. But in 2021 and beyond, there will be a massive division between those in the logistics sector who have recognised the need to embrace fast evolving new technologies, and in particular those which are safeguarded against cyber espionage, and attackers targeting their supply chains, and those logistics companies who have simply ridden the wave.”

MODERN LOGISTICS MUST CREATE NEW TYPES OF INFRASTRUCTURE TO ADAPT TO A RAPIDLY EVOLVING LANDSCAPE

Last month’s report by IBM’s ‘threat intelligence taskforce’ highlighted how hackers ‘probably backed by a nation state’(1) appeared to be trying to disrupt or steal information about the key processes to keep the newly approved Covid vaccines cold as they travel from factories to hospitals and doctors' offices. “The potential for disruption of supply chains is enormous” said Garbett and, “until recently, logistics organisations have felt they have been relatively safe... but the stakes are getting higher as the need for more sophisticated logistics services, such as unmanned (drone) conveyance is increasingly in demand.”

The economic significance of the logistics sector is huge. Trade association, LogisticsUK, has confirmed that there are over 194,000 logistics enterprises in the UK, with 2.6 million employed in the wider industry. The logistics sector has a £1 trillion turnover, contributing £130 billion Gross Value Added (GVA) to the UK economy, which is 10.2% of the contribution to the UK non-financial business economy.(2) In comparison, the scale of this industry is far greater than UK construction (3), energy (4) and manufacturing(5) among others.

Garbett added: “Data security at every point in a logistics system is paramount and like any IOT (internet of things) system there are many points which will need protection, and a strong culture of cyber security will need to exist to avoid the inevitable human error and threat from malicious human interference, which are the cause of the vast majority of cyber breaches in any system. Modern sophisticated logistics must create new types of infrastructure on a world stage to adapt to a rapidly evolving threat landscape.

Further Reading:

• Read more about Parts Pricing and Logistics @ www.fieldservicenews.com/parts-pricing-and-logistics
• Read the UK Logistics Report 2020 @ logistics.org.uk/logisticsreport
• Learn more about Drone Major Group @ dronemajor.net
• Read the IBM X-Force Threat Intelligence Index @ www.ibm.com/xforce-threat-intelligence-index-map/
• Follow Drone Major Group on LinkedIn @ www.linkedin.com/drone-accelerator/

Cyberattacks on internet-connected devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to the latest Nokia Threat Intelligence Report.

The report found that Internet-connected, or IoT, devices now make up roughly 33% of infected devices, up from about 16% in 2019. The report’s findings are based on data aggregated from monitoring network traffic on more than 150 million devices globally where Nokia's NetGuard Endpoint Security product is deployed.

Adoption of IoT devices, from smart home security monitoring systems to drones and medical devices, is expected to continue growing as consumers and enterprises move to take advantage of the high bandwidth, ultra-low latency, and fundamentally new networking capabilities that 5G mobile networks enable, according to the report.

The rate of success in infecting IoT devices depends on the visibility of the devices to the internet, according to the report. In networks where devices are routinely assigned public facing internet IP addresses, a high infection rate is seen. In networks where carrier-grade Network Address Translation is used, the infection rate is considerably reduced because the vulnerable devices are not visible to network scanning.

THE REPORT HIGHLIGHTS COVID-19-THEMED CYBERCRIMINAL CAMPAIGNS AIMED AT EXPLOITING USER DATA

The Threat Intelligence Report also reveals there is no let up in cybercriminals using the COVID-19 pandemic to try to steal personal data through a variety of types of malware. One in particular is disguised as a “Coronavirus Map” application – mimicking the legitimate and authoritative Coronavirus Map issued by Johns Hopkins University – to take advantage of the public’s demand for accurate information about COVID-19 infections, deaths and transmissions.

But the bogus application is used to plant malware on victims’ computers to exploit personal data. “Cybercriminals are playing on people’s fears and are seeing this situation as an opportunity to promote their agendas,” the report says. The report urges the public to install applications only from trusted app stores, like Google and Apple.

Bhaskar Gorti, Nokia Software President and Chief Digital Officer, said: “The sweeping changes that are taking place in the 5G ecosystem, with even more 5G networks being deployed around the world as we move to 2021, open ample opportunities for malicious actors to take advantage of vulnerabilities in IoT devices. This report reinforces not only the critical need for consumers and enterprises to step up their own cyber protection practices, but for IoT device producers to do the same.”

Commenting on this, Boris Cipot, senior security engineer at Synopsys, said "The Nokia Threat Report is a welcome confirmation for security professionals that mobile platforms are not something that can be disregarded as a risk. If we think about it, today we have more processing power and memory in our smartphones than we did just a few years ago on our laptops and desktops. Most individuals now jump on their phones or tablet to browse the internet or read their emails. Use cases have shifted from traditional desktop/laptop to mobile device and as such, it is normal that cyberthreats have followed this trend. Nevertheless, that is not to say that individuals should disregard standard PC threats. While mobile threats are rising, this does not imply that PC threats are decreasing. On the contrary, these threats are growing in number too.

"In fact, we are now entering a new era of technology; that is the 5G era, which brings along with it another set of threats. New threats are to be expected with new technology. One has to be prepared for them and to take appropriate action to build resilience. The world of IoT is evidence that we are still a long way from achieving this. Breached baby monitors, video cameras, cryptocurrency mining… all of these are recent incidents we have faced and continue to face. Whether it is the Android platform or the RTOS of an IoT device that is under attack, the root of the matter typically comes down to vulnerabilities in the software. Therefore, secure development and the Security by Design principle needs to be at the foundation of every software development process. The use of tools such as SAST, SCA or IAST are mandatory to keep the whole ecosystem safe. The reason being that even the smallest security hole delivered by the smallest application in a mobile phone or PC could be responsible for a whole device becoming exploitable.“

Further Reading:

• Read the Nokia Threat Intelligence Report @ www.nokia.com/threat-intelligence-report
• Read more about Digital Transformation @ www.fieldservicenews.com/digital-transformation
• Watch Nokia's video 'Vulnerability of IoT Devices' @ youtu.be/ume8OldqvUY
• Watch Nokia's video '5G Can Help Secure Devices' @ youtu.be/XghAvFgTv2k
• Follow Nokia on Twitter @ twitter.com/nokia

F-Secure report documents ransomware getting more fearsome, but there’s reason for optimism...

Cyber criminals continued a barrage of attacks in 2019, spurred on by botnets of infected IoT devices and by attacker interest in the Eternal Blue vulnerability. A new report from cyber security provider F-Secure, Attack Landscape H2 2019, documents a steep increase in attack traffic in 2019 that was unmatched by previous years.

F-Secure's global network of honeypots saw 2.8 billion attack events in the second half of the year. After 2.9 billion in the first half of the year, the yearly total rings in at 5.7 billion attacks. For comparison, 2018 saw just over 1 billion attacks, while 2017 saw 792 million.

Traffic was dominated by attacks hitting the SMB protocol, indicating attackers are still very much interested in using worms and exploits related to Eternal Blue. Telnet traffic and attacks hitting SSH were also high, indicating continued, high attacker interest in IoT devices. Malware found in the honeypots was dominated by various versions of Mirai.

While ransomware spam was observed to have dropped during the course of the year, ransomware itself became more targeted and impactful, inflicting greater damage, targeting enterprises, and demanding sums in the hundreds of thousands of dollars. Modular malware employed a range of tricks, one of which was dropping ransomware as a second stage payload.

The report also features a look back at the past ten years of information security, a decade marked by spates of breaches, the emergence of nation state malware, and devastating supply chain attacks. But going forward, there is reason for optimism, says Mikko Hypponen, Chief Research Officer at F-Secure.

“The last decade was pretty bad for information security, but the next one will be better,” says Hypponen. “It doesn't always look like it, but we are getting better. In the middle of news on major breaches and data leaks, it might look like it's getting worse, but it isn't. If you look at the level of security tools we were using in 2010 and today, it's like night and day. We are going in the right direction.”

Machines in the Netherlands are most likely to encounter cybercrimes; Ireland is least likely

The severity of cyber-breaches has become more and more intense in recent years. As a result, security experts at Specops Software sought to find out which (Western) European countries are the most cyber-insecure for citizens.

To find out, Specops Software calculated which country is most likely to encounter cyber-crimes by analysingthe percentage of cloud provider attacks on Azure and the monthly percentage of machines that encountered cryptocurrency mining, malware and ransomware.

The results show the Netherlands is the most vulnerable European country to cyber-crime, with the highest rate of cybercrime. This could be due to the large number of cloud provider incoming attacks (16.28%) to Microsoft Azure in their country.

Next is Bulgaria, who have experienced 17.55% incoming attacks/encounters. In third place is Belarus (10.83%), followed by Ukraine (10.35%) and Bosnia and Herzegovina (7.06%).

The United Kingdom rank 17^th, due to a high number of cloud related attacks, in comparison to other European countries. 

Ireland are ranked as the least vulnerable country in Europe, where they had the lowest cybercrime encounter rate in every category, except cloud provider attacks – where there is 0.36% recorded incoming attacks on Azure, detected by Azure’s Security Centre.

Cloud attack encounters:

The Netherlands received the highest number of cloud provider incoming attacks, with data stating that 16.28% of Azure accounts have faced breaches. They are followed closely by Bulgaria (11.68%).

Other countries among the highest cloud attack encounters include France (2.73%), United Kingdom (2.02%) and Finland (1.72%).

Cryptocurrency encounters:

On average, Belarus has the highest number of cryptocurrency mining encounters every month, with 0.42% of machines recording the issue.

Next is Ukraine (0.33%), Bosnia and Herzegovina (0.25%) and Bulgaria (0.17%).

The least vulnerable country is Ireland, where only 0.01% of machines encountered cryptocurrency mining. 

The United Kingdom, Norway, Denmark, Switzerland, Sweden, Finland, Austria, Germany and Netherlands are second least likely to encounter cryptocurrency mining, as only 0.02% of machines in each country had.

Malware encounters:

Belarus has the most malware encounters in Europe, with 10.17% of machines in the country encountering them each month on average. 

In second place is Ukraine (9.57%), followed by Bosnia (6.76%), Romania (5.92%) and Bulgaria (5.66%).

The country with the least malware encounters is Ireland, where only 0.7% of machines in the country encountered malware each month on average.

Finland (1.27%), Norway (1.33%), Netherlands (1.33%) and Denmark (1.35%) are among the countries least vulnerable to malware encounters.

Ransomware encounters:

0.09% of machines in Ukraine encountered malware on average every month, making them the most insecure country to malware encounters in Europe. 

Belarus are second most vulnerable, with 0.06% of machines encountering malware, followed by Bosnia (0.05%), Romania, Bulgaria, Hungary, Latvia, Greece and Croatia (0.04%).

Ireland, United Kingdom, France, Germany, Sweden, Switzerland, Denmark, Netherlands, Norway and Finland encountered the smallest number of ransomware threats, with only 0.01% of machines facing them each month.

Companies join to bring a powerful device level protection that helps secure the most vulnerable IoT and edge devices, in markets such as industrial and utilities, from outsiders, insiders, and supply chain attacks.

NanoLock Security, the market leader of flash-to-cloud protection for IoT and connected edge devices, announced it is joining with Adesto Technologies Corp.  to collaborate on flash-based embedded security and management solutions for low-density flash memory devices used in products such as smart meters, sensors and controllers in smart energy, water utilities, industrial facilities and more.

The Adesto and NanoLock solution provides a hardware root-of-trust in the device’s flash memory that blocks unauthorized modifications to prevent persistent control of the device. The control of flash updates is moved from the vulnerable remote edge device to a trusted entity in the utility data center, ensuring that only validated commands and updates will modify the flash. In addition, the hardware root-of-trust provides reliable and valuable data such as attack alerts, status reports, and detailed forensic data.

The solution is particularly important for critical infrastructure, where threats can come from various attack sources, e.g., outsider attacks (such as state-level attackers), insider attacks, and off-shore supply chain attacks. To keep infrastructure safe, it is crucial that remote connected devices, such as smart meters, are protected throughout their entire lifecycle from production line to end-of-life.

NanoLock’s technology protects connected edge devices from the moment they are created on a factory floor by prohibiting malicious code from being written into the flash, and provides protection and monitoring throughout the device’s entire lifecycle. This approach is both processor-and operating system-agnostic and requires virtually zero system processing power, which is critical for power-sensitive IoT devices.

“The addition of NanoLock’s flash-to-cloud security and management technology to our flash memory devices can provide robust, device-level defense and trustworthy management for a wide range of low-density IoT devices from smart meters to door locks,” said Graham Loveridge, VP marketing, semiconductor products, Adesto. “Traditionally, providing this level of security in low-density flash devices has been a challenge. We’re excited to team with NanoLock to show that we can provide it at an attractive price point.”

“NanoLock’s patented technology alongside Adesto’s novel flash technology delivers an important additional layer of protection and monitoring for utilities and industrial companies,” said Eran Fine, NanoLock CEO. “Through our alliance with Adesto, we are able to seamlessly secure a variety of IoT devices, such as smart meters, controllers and sensors, to bring new levels of protection and control to connected infrastructure.”

Revenue expected to reach $25.1 bn in 2020, growing 4.8% year-on-year.
The rising number of data breaches and cyberattacks globally, as well as the increasing awareness of the state-sponsored cyberattacks, have led to an increased demand for cybersecurity software solutions.

According to data gathered by PreciseSecurity.com, the overall cybersecurity software revenue is expected to reach $25.1 bn in revenue this year, growing 4.8% year-on-year. The rising trend is set to continue in the following years, with the entire market reaching $27 bn worth in the next three years.

Cybersecurity as Global Concern

Cybersecurity has become one of the biggest concerns for both citizens and businesses all around the world. The growing demand for eCommerce platforms, technology developments including AI and IoT, and the rising number of connected devices have led to the massive adoption of cybersecurity solutions.

The cybersecurity software market refers to all software solutions aiming to protect individual computing devices, networks, or any other computing-enabled device. It includes antivirus software, management of access, data protection and security against intrusions, and any other system-level security risks, both in local installation and cloud service.

In 2012, the global cybersecurity software market reached $17.5 bn worth. In the next seven years, the market revenue grew by nearly 40% and reached a $23.9 bn value in 2019. The statistics indicate that the entire market is expected to grow at a CAGR of 2.5% in the next three years.

The US is the Leading Cybersecurity Software Market

In global comparison, the United States is the leading cybersecurity software market in the world. The statistics indicate the entire US market is set to reach $10.1 bn value this year.

With $1.5 bn value or 6.5 times less than the US market, the United Kingdom ranked as the second-biggest market globally. The 2020 data show Germany is expected to reach $1.1 bn market value this year, followed by France and Canada as other leading markets.