ARCHIVE FOR THE ‘security’ CATEGORY

Machines in the Netherlands are most likely to encounter cybercrimes; Ireland is least likely

The severity of cyber-breaches has become more and more intense in recent years. As a result, security experts at Specops Software sought to find out which (Western) European countries are the most cyber-insecure for citizens.

To find out, Specops Software calculated which country is most likely to encounter cyber-crimes by analysingthe percentage of cloud provider attacks on Azure and the monthly percentage of machines that encountered cryptocurrency mining, malware and ransomware.

The results show the Netherlands is the most vulnerable European country to cyber-crime, with the highest rate of cybercrime. This could be due to the large number of cloud provider incoming attacks (16.28%) to Microsoft Azure in their country.

Next is Bulgaria, who have experienced 17.55% incoming attacks/encounters. In third place is Belarus (10.83%), followed by Ukraine (10.35%) and Bosnia and Herzegovina (7.06%).

The United Kingdom rank 17^th, due to a high number of cloud related attacks, in comparison to other European countries. 

Ireland are ranked as the least vulnerable country in Europe, where they had the lowest cybercrime encounter rate in every category, except cloud provider attacks – where there is 0.36% recorded incoming attacks on Azure, detected by Azure’s Security Centre.

 

Cloud attack encounters:

The Netherlands received the highest number of cloud provider incoming attacks, with data stating that 16.28% of Azure accounts have faced breaches. They are followed closely by Bulgaria (11.68%).

Other countries among the highest cloud attack encounters include France (2.73%), United Kingdom (2.02%) and Finland (1.72%).

Cryptocurrency encounters:

On average, Belarus has the highest number of cryptocurrency mining encounters every month, with 0.42% of machines recording the issue.

Next is Ukraine (0.33%), Bosnia and Herzegovina (0.25%) and Bulgaria (0.17%).

The least vulnerable country is Ireland, where only 0.01% of machines encountered cryptocurrency mining. 

The United Kingdom, Norway, Denmark, Switzerland, Sweden, Finland, Austria, Germany and Netherlands are second least likely to encounter cryptocurrency mining, as only 0.02% of machines in each country had.

Malware encounters:

Belarus has the most malware encounters in Europe, with 10.17% of machines in the country encountering them each month on average. 

In second place is Ukraine (9.57%), followed by Bosnia (6.76%), Romania (5.92%) and Bulgaria (5.66%).

The country with the least malware encounters is Ireland, where only 0.7% of machines in the country encountered malware each month on average.

Finland (1.27%), Norway (1.33%), Netherlands (1.33%) and Denmark (1.35%) are among the countries least vulnerable to malware encounters.

Ransomware encounters:

0.09% of machines in Ukraine encountered malware on average every month, making them the most insecure country to malware encounters in Europe. 

Belarus are second most vulnerable, with 0.06% of machines encountering malware, followed by Bosnia (0.05%), Romania, Bulgaria, Hungary, Latvia, Greece and Croatia (0.04%).

Ireland, United Kingdom, France, Germany, Sweden, Switzerland, Denmark, Netherlands, Norway and Finland encountered the smallest number of ransomware threats, with only 0.01% of machines facing them each month.

 

F-Secure’s experience working with operators is a critical asset to help telecommunications sector tackle connected home security challenges.

F-Secure discovers security flaw with the potential to turn hundreds of thousands of load balancers into beachheads for cyber attacks.

Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product. Adversaries can exploit these insecurely configured load balancers to penetrate networks and perform a wide variety of attacks against organizations, or individuals using web services managed by a compromised device.

 

The security issue is present in the Tcl programming language that BIG-IP’s iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands which could be executed in the security context of the target Tcl script.

 

Adversaries that successfully exploit such insecurely configured iRules can use the compromised BIG-IP device as a beachhead to launch further attacks, resulting in a potentially severe breach for an organization. They could also intercept and manipulate web traffic, leading to the exposure of sensitive information, including authentication credentials and application secrets, as well as allowing the users of an organization’s web services to be targeted and attacked.

 

In some cases, exploiting a vulnerable system can be as simple as submitting a command or piece of code as part of a web request, that the technology will execute for the attacker. To make matters worse, there are cases where the compromised device will not record the adversaries’ actions, meaning there would be no evidence that an attack took place. In other cases, an attacker could delete logs that contain evidence of their post-exploit activities – severely hindering any incident investigations.

 

“This configuration issue is really quite severe because it’s stealthy enough for an attacker to get in, achieve a wide variety of objectives, and then cover their tracks. Plus, many organizations aren’t prepared to find or fix issues that are buried deep in software supply chains, which adds up to a potentially big security problem,” explains F-Secure Senior Security Consultant Christoffer Jerkeby. “Unless you know what to look for, it’s tough to foresee this problem occurring, and even harder to deal with in an actual attack.”   

 

Jerkeby discovered over 300,000 active BIG-IP implementations on the internet during the course of his research, but due to methodological limitations, suspects the real number could be higher. Approximately 60 percent of the BIG-IP instances he found were in the United States.  

 

The coding flaw and class of vulnerability is not novel and has been known, along with other command injection vulnerabilities in other popular languages, for some time. Not everyone using BIG-IP will be affected, but the load balancer’s popularity amongst banks, governments, and other entities that provide online services to large numbers of people, combined with the relative obscurity of the underlying security issues with Tcl, means any organization using BIG-IP needs to investigate and assess their exposure.

 

“Unless an organization has done an in-depth investigation of this technology, there’s a strong chance they’ve got this problem,” continues Jerkeby. “Even someone incredibly knowledgeable about security that works at a well-resourced company can make this mistake. So, spreading awareness about the issue is really important if we want to help organizations better protect themselves from a potential breach scenario.”

 

BullGuard VPN for Windows, Mac, Android and iOS makes it simple for consumers to create military-grade encrypted connections.

Cybersecurity company, BullGuard, today announced the expansion of its cybersecurity product line with the launch of BullGuard VPN. Designed to be easily used across multiple devices, BullGuard VPN features a simplified user interface and quick connect functionality, enabling consumers to fly under the radar and surf the internet in stealth mode while retaining complete anonymity via military-grade encryption. Available for Windowsâ, Macâ, Androidâ and iOSâ operating systems, BullGuard VPN is available for download and purchase on the Apple App Store, Google Play and the BullGuard website.

 

“Cybersecurity to date has been primarily focused on keeping consumers and their devices safe from online threats, but cybercriminals also pose a threat to consumer privacy,” said BullGuard CEO, Paul Lipman. “In today’s cyberthreat landscape, security and privacy must be equally addressed in order to adequately protect consumers. BullGuard VPN enables consumers to safeguard their online privacy in a fast, easy and seamless way – from their desktop, laptop, tablet or smartphone – wherever they go.”

 

BullGuard VPN secures and protects up to six devices simultaneously – desktop computer, smartphone, laptop or tablet – and consumers can easily switch between 16 different country locations, including the U.S., Canada, U.K., Germany, Austria, The Netherlands, Belgium, France, Spain, Switzerland, Denmark, Norway, Sweden, Ireland, Singapore and Australia. BullGuard VPN hides a consumer’s origin IP address, preventing others – including ISPs (Internet Service Providers) and government organizations – from monitoring their online browsing activity, including what websites they visit, what they download or what services and applications they use. BullGuard VPN customers have access to 24/7 customer support.

 

Online consumer privacy is under siege on a near daily basis – from huge breaches where personal data is stolen and cybercriminals absconding with personal information and identities to Facebook and Internet Service Providers caught selling consumer data without consent. BullGuard VPN puts privacy control in consumers’ hands and is the perfect choice for consumers when using an unprotected Wi-Fi hotspot when away from home in airports, hotels or cafes. BullGuard VPN users receive secure connections in to hotspots, which protect them against data theft, privacy breaches, malware and cyber attacks via Wi-Fi. 

Report highlights that threat actors are advanced and persistent, but companies are using outdated systems and technology to save money. Poor security posture, prioritization, and awareness are also gifts to attackers. 

Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time.

As energy companies save costs against the backdrop of lower oil prices, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences.

“Espionage and sabotage attacks against CNI organizations have increased over the years and I don’t think we have seen it all yet,” says Sami Ruohonen, Labs Threat Researcher at Finnish cyber security company F-Secure.

Connecting Industrial Control Systems (ICS) to the Internet is increasing, and a considerable number of CNI systems in use today were installed and built before 24/7/365 internet connections were the norm and the advent of Stuxnet. Many Operational Technology (OT) components have built-in remote operation capabilities, but are either partly or entirely lacking in security protocols such as authentication.

Moreover, cyber security was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Transitioning these systems to the Internet has opened them up to attacks from a myriad of angles.

“Critical Infrastructure due to its nature is an interesting target for a foreign nation-state, even during peacetime,” Ruohonen explains.

F-Secure’s report shows that:

• A variety of different adversaries, each with their own motivations and tradecraft, constantly strive to compromise organizations that operate critical infrastructure
• Attackers have more time than their targets and will take months to plan their attack
• People are the weakest link in production, with company employees seemingly being criminals’ go-to target
• Attackers continue to succeed mainly due to organizations’ lack of mature cyber security practices
• Nation-state sponsored Advanced Persistent Threat (APT) groups are relentless, and continue to seek network foothold positions on CNIs and espionage opportunities in the interests of exercising political leverage
• Nine different attackers/malwares/techniques targeting the energy industry stand out, with spear phishing being the most common initial supply chain attack technique
• Keeping a small attack surface in the energy industry – while often pitched as the best way to mitigate the risk of a cyber attack – is simply not possible

While breaches are a certainty, Ruohonen advises organizations review their cyber security posture to implement latest technologies such as an endpoint detection and response (EDR) solution.

“EDR is a quick way to tremendously increase capabilities to detect and respond to advanced threats and targeted attacks which might bypass traditional endpoint solutions,” he explains. “Managed EDR solutions can provide monitoring, alerting, and response to cover the needs 24/7. This means organizations’ IT teams can operate during business hours to review the detections while a specialized cybersecurity team takes care of the rest,” says Ruohonen.

The complete report is available here.

Machine learning and threat intelligence capabilities in SIEM solutions will augment the productivity of security analysts, finds Frost & Sullivan.

Security Information and Event Management (SIEM) vendors have begun to inject greater versatility into their platforms as well as incorporate new security functionalities and analyst-friendly dashboards. Also, managed SIEM providers are offering cloud-hosted SIEM solutions to lower the per customer cost-to-serve to penetrate the SMB market.

These advances will drive the $1.98 billion global SIEM market toward $3.23 billion by 2023. "SIEM 3.0, with its high degree of automated response and remediation, can detect malicious threats attempting to penetrate the environment and automatically perform actions to thwart attackers’ advances,” said Mauricio Chede, Senior Industry Analyst, Digital Transformation. "The integration of several functionalities, such as user & entity behavior analytics (UEBA), security operation and automation response (SOAR), and forensic analysis, is essential to effectively compete in the SIEM market."

Frost & Sullivan’s recent analysis, Security Information and Event Management (SIEM)—Global Market Analysis, Forecast to 2023, examines the market drivers, restraints, and market distribution channels of the SIEM market. It presents revenue forecasts and key findings to help participants make the most of the market potential. The study covers the four product types of physical appliance, virtual appliance, software, and Software-as-a-Service (SaaS).

You can read the full report here.

New study also reveals incidents rose in latter half of year with companies struggling to identify when systems are compromised.
Research by cyber-security provider F-Secure has shown that cyber attacks in 2018 increased by 32% compared to the previous year.

The survey consulted 3350 IT decision-makers, influencers and managers from 12 countries also highlighted a lack of awareness in detecting incidents, suggesting firm's preventative measures such as firewalls were insufficient.

Findings also revealed that the Finance and ICT sectors were most commonly targeted by attackers while healthcare and manufacturing received fewest, with the majority of attacks affecting US-based IP addresses.

Leszek Tasiemski said today's cyber-attacks had evolved significantly and questioned whether or not companies were even aware of the issue. "Today's threats are completely different from ten or even five years ago," he said. "Preventative measures and strategies won't stop everything anymore, so I've no doubt that many of the companies surveyed don't have a full picture of what's going in with their security."

You can read the full report here.

New research suggests adherence to GDPR compliance will influence company's spending around cybersecurity.

Cyber security revenues in 2018 were $160.2 billion and will jump $11.2 billion during 2019, as the focus moves to GDPR compliance. Growth will slow to around $9.8 billion per annum, spiking once a in 2023/4 as AI based Cybersecurity escalates, reaching $223.7 billion, says the report from Rethink Technology Research.

The European Union’s GDPR (General Data Protection Registrar) has set the agenda for legislation over data privacy and protection worldwide and that is generating a spike in spending on security measures that ensure compliance. This will continue to ripple around the world between 2019 and 2021.

North America is expected to continue to spend the most on security (27%), but both Europe (22%) and China (20%) which are rapidly accelerating their spend, with the rest of Asia following closely behind on 16%. North America is expected to lead on almost every market with the exceptions of Industrial and Automotive, where China leads, by a small margin.

You can read the full report here. 

The use of Android tablets and handhelds are on the rise in business but security remains a concern, according to the latest research from Panasonic Business.

On average, 72% of tablets and handheld devices in businesses (excluding mobile telephones) use the Android operating system. And with 60% of device buyers saying Android was still being integrated into their organisations, the number of devices is expected to rise with the majority seeing growth for the next three years.

Top three benefits of Android over other operating systems were said to be flexibility, security and affordability.

The top three benefits of Android over other operating systems were said to be flexibility (59%), security (58%) and affordability (52%).

Security concerns

Businesses believe they should be security patching their devices much more; on average four times a year more than they currently do. The variety of methods to deploy security patches also varied with 66% relying on the IT department, 38% using a Mobile Device Management (MDM) solution, 30% taking equipment manufacturer updates via Firmware over the air, 23% relying on the User, 22% using an IT support company and 16% using a reseller.

Functionality expectations
When it came to management capabilities in a business Android device, mobile buyers expected to see the following functionality as standard:

• A customisable OS to meet the business’ requirements - 50%;
• Android for Work - 47%;
• Policy Management Tool/Console for firmware updates - 41%;
• Enhanced Android Security support 37%;
• Incorporation of certified 3rd party security solution 35%;
• Free of charge, out of the box productivity and manageability apps 35%;
• Staging, EMM certifications, licences and customised MDM apps 33%;
• SCOMO Software Component management object 30%;
• Compatibility across different devices from the same manufacturer 30%;
• FOTO Firmware over the air 29%;
• Optional modular-based Developer package 23%.

Update expectations
Businesses currently update their Android operating systems on each device an average of 5 times per year and they expect their device provider to support the Android operating system for up to 3 years after the end of device’s life.

Android devices not all equal
“The march of Android mobile devices into the business world continues apace but how IT departments effectively manage and secure these devices remains a challenge,” said Jan Kaempfer, General Manager for Marketing at Panasonic Computer Product Solutions. “It is important that buyers recognise that not all Android mobile devices are equal. They should look closely at the management and security functionality being offered by their vendor and their Android engineering experience. With the use of the latest over air updates and management consoles, IT departments can save considerable time and money automating their updates by choosing the right device with the right management and security functionality.

You can read a copy of the research here.