Tag Archives: cyber security

Evolution launches new Professional Services division

Integrated fire and security systems business Evolution has launched a new Professional Services division designed to provide a range of specialist IT security and software support services for new and existing clients, as well as third party integrators and installers.

The Professional Services division will support clients with server and operating systems upgrade planning and implementation and secure and resilient cyber network design and testing. It will also focus on advanced system programming and migration and maintenance services.

Headed by Evolution’s technical director Derrel Beasley, the Professional Services division will build on the company’s 25 years’ experience of providing clients with solutions that meet the needs of today and tomorrow, with the continual development of complex and integrated solutions and cyber secure systems that protect valuable private data and meet the necessary compliance regulations.

Beasley feels that Evolution’s IT and security knowledge and experience is recognised throughout the industry. “With modern integrated security and fire systems now fully immersed in ever-evolving and often cloud-based IT systems, the requirement for trusted and proven expertise in the design, delivery, management and support of these systems has become essential.”

He added: “I’m excited that we can now offer our IT security design, management and support expertise to all end users and other security integrators around the world with complete confidentiality.”

*Further information is available online at www.evolutionsecurity.com

Leave a comment

Filed under Security Matters

Over half of UK businesses list security concerns as biggest barrier to public cloud adoption

No less than 58% of UK business decision-makers have admitted that security remains the biggest barrier to public cloud adoption in their organisations. That’s according to new research recently commissioned by Centrify, the provider of privileged access management solutions.

The research, conducted by independent polling agency Censuswide via a survey of 200 business decision-makers in large and medium-sized enterprises in the UK, also reveals that over one-third (35%) of those organisations who’ve adopted cloud are less than 80% confident that it’s completely secure.

When questioned about security weaknesses in their companies, 45% of decision-makers agree that it’s the increasing amount of machine identities and service accounts, such as those used by servers and applications, that are becoming the largest exposure point for their organisation.

Interestingly, the study findings also reveals that more than one-in-four (28%) of those companies questioned during the survey have already been targeted by a cloud hacking attempt since the start of the COVID-19 pandemic in the early part of last year.

Most worryingly, despite continued requirements on enterprises for digital transformation and rapid innovation, almost one-third (31%) of business decision-makers admitted that their development teams are more interested in circumventing security rather than building it into the DevOps pipeline. This poses a potentially grim cyber security outlook for 2021.

Adapting to the pandemic

Kamel Heus, vice-president for the EMEA region at Centrify, commented: “Adapting to the COVID-19 pandemic has been a bumpy ride for many businesses and, in most cases, companies have necessarily had to adopt the public cloud in at least some capacity due to the level of scalability, availability and efficiency it provides for distributed workforces.”

Heus continued: “While the common misconception is that cloud security is quite different to that of on-premises infrastructure, it’s by no means less secure if common security protocols are followed, and security controls are applied.”

In conclusion, Heus observed: “One core challenge posed by digital transformation is accurately verifying human and machine identities before granting access to systems, applications and other high-value targets. Therefore, adopting cloud-ready privileged access management software is essential in protecting access to workloads in the public cloud by dint of granting access only when a requestor’s identity has been properly authenticated.”

Leave a comment

Filed under Security Matters

“IP address key in countering brute force cyber attacks” asserts Verizon

Verizon’s 2020 Data Breach Investigations Report shows that 80% of the breaches caused by hacking involve brute force tactics or the use of lost or stolen credentials. Content Management Systems (CMS) are the usual targets of brute force attacks as over 39% of all websites run on WordPress, the most popular CMS of all.

Cyber criminals choose to attack pages built on CMS because they usually have the same admin page URL across websites and the default login credentials are identical, making these pages a vulnerable target. However, developers and admins can mitigate the risk by reducing IP access to the admin site login page. 

A brute force attack (sometimes referred to as brute force ‘cracking’) is a method of trying various possible passwords until the right one is found. Despite being old, the method is still widely used by hackers who attempt to gain access to a valid account. It allows bad actors to compromise the whole website and use it as a part of their network.

With more people now working remotely amid the ongoing Coronavirus pandemic, the number of brute force attacks against remote desktops via Windows’ Remote Desktop Protocol (RDP) has soared. Indeed, that number reached nigh on 100,000 attacks each day during last April and May.

In the worse case scenario, criminals can steal important data, such as passwords, pass phrases, e-mail addresses or PINs. They also use compromised websites for various fraud schemes, whereas pages themselves can be included in Google’s #blacklist’ and, as such, become invisible in search results.

Failed authentications

“Developers and admins can indicate an ongoing brute force attack by looking at failed authentications,” explained Juta Gurinaviciute, CTO at NordVPN Teams. “If the same IP address unsuccessfully tries to login to various accounts or different IP addresses are attempting to access one account in a short period of time, this is a clear sign of a data breach attempt.”

As the IP address is one of the indicators of a cyber attack, it can also be a cure. On that basis, it’s wise for companies to reduce the ‘surface area’ available for attack and limit access to the login page. This can be done by making use of IP allowlist, blocklist and fixed IP techniques.

Previously known as whitelist, IP allowlist is a set of IP addresses that have access to a specific website. The developer can specify which IP addresses are allowed to reach an admin login page and perform actions there. It’s also possible to indicate a range of IP addresses that can obtain authorised access. The latter solution is useful within bigger organizations or if numerous people require access to the website. 

However, Internet Service Providers may be changing IP addresses frequently and, as a result, the allowlist might constantly become outdated. This solution only works, then, if there’s a pool of limited IP addresses in use or the changes take place within the specific range.

Intrusion prevention frameworks

Also known as blacklist, IP blocklist is the exact opposite of the previously mentioned IP address directory as it blocks access to websites from the specified IP addresses. As this is difficult to do on a manual basis, admins and developers may employ intrusion prevention frameworks such as Fail2Ban. The framework automatically blocks IP addresses after a few unsuccessful authorisation attempts.

On the other hand, website owners can block the particular IP addresses as well as the whole IP address range. If a company notices that suspicious attacks from specific IP addresses persist, the management team should consider adding them to the blocklist.

Further, IP blocklist can also be used for geo-blocking as the IP address carries the information about where the request was sent from in the first instance. 

The third solution for minimising unauthorised access is the fixed IP method. As already mentioned, developers can limit availability of the login page to a set of trusted IP addresses. With fixed IP, they reduce the risk of IP sharing when a number of devices use the same IP address. This often leads to the ‘bad neighbour effect’ as, due to the deeds of other users, IP addresses end up in various blocked or spam lists.

The fixed IP method can be offered by Internet Service Providers and VPN services alike, but the latter ensures browsing privacy as an additional benefit.

Leave a comment

Filed under Security Matters

UK and US businesses call for improvement as employee education pinpointed to be biggest cyber security weakness during lockdown

Hardware-encrypted USB drives developer Apricorn has announced the findings from a Twitter poll designed to explore the data security and business preparedness aspects around remote working during the pandemic. More than 30% of respondents singled out employee education as being the biggest area where companies need to make changes to improve cyber security.

The poll ran across six days and targeted employees in both the UK and the US. In addition to concerns about employee education, respondents also flagged updates to hardware (29%), endpoint control (21%) and enforcing encryption (19%) as areas of weakness where organisations need to make changes to strengthen their cyber security posture.

Given that almost 30% of respondents admitted to using unencrypted devices during the pandemic this raises many concerns, and particularly so at a time when we’re seeing a dramatic increase in the volume of data being downloaded along with the potential for more data on the move.

Kurt Markley, director of sales at Apricorn, commented: “Employees have a critical role to play in cyber security processes, from recognising the tools required through to understanding and enacting the policies in place to protect sensitive data. Whether it be through the delivery of awareness programmes or ongoing training, establishing a culture of security within the workforce is now absolutely essential.”

Markley added: “Endpoint security is critical. Deploying removable storage devices with built-in hardware encryption, for example, will ensure that all data can be stored or moved around safely offline. Even if a given device is lost or stolen, the information contained will be unintelligible to anyone not authorised to access it.” 

Not fully prepared

In addition, more than 40% of respondents admitted that, as an individual, they were not fully prepared to work at home securely and productively. Almost a fifth (18%) said they lacked the right technology to do so, 16% were not sure how to and just over 20% stated that they were still not able to work remotely.  

“Many businesses will now have witnessed the positive productivity and financial impact of a remote workforce, but without the right tools, processes and security in place, this can very easily backfire,” continued Markley. 

With the poll results showing that more than 60% of respondents are planning to work remotely either all or some of the time following the pandemic, the threat to corporate data is only going to burgeon. Almost 20% admitted that the experience of working from home has duly highlighted major gaps in their employer’s cyber security strategy/policies.

When questioned as to whether their company had experienced a data breach as a result of remote working during the pandemic, over 20% replied in the afformative, but a further 22% said they didn’t know if they had suffered a breach.

Scrambling to respond

Jon Fielding (managing director for the EMEA at Apricorn) commented: “IT and security teams had to scramble to respond to this crisis and, in doing so, left a lot of companies wide open to breaches. Nine months into employees working remotely, some already know that they’ve been attacked. Others think they may have been, but cannot be certain.”

Fielding concluded: “In the same way that we had to learn how to protect ourselves from illness and modify our behaviour, we also had to learn how to protect our data outside of the firewall and, more importantly, to remain vigilant about it.”

The Apricorn Twitter poll comprised six question and answer options and realised 23,537 responses.

Leave a comment

Filed under Security Matters

Milestone XProtect VMS update “takes security to next level” with Microsoft encryption

Protecting sensitive data in surveillance systems is key to maintaining video authenticity, personal privacy and adequate cyber security measures. XProtect 2020 R3 from Milestone includes a level of encryption from Microsoft called Cryptography New Generation that adheres to “the highest levels of cyber security and data protection” available on the market today.

XProtect’s new encryption modules include stronger data protection, increased cyber security, evidence authenticity and password-protected configuration. Embedding this encryption also means that XProtect can now be configured to operate in a Federal Information Processing Standards (FIPS) 140-2 compliant mode. FIPS is a US Government computer security standard used in all software solutions deployed in US federal agencies and regulated industries such as healthcare and finance.

Security system operators are the eyes and ears of their organisation. When an incident occurs, they’re expected to provide video evidence immediately. This can sometimes be a challenging task, especially so for installations with thousands of cameras recording 24/7.

XProtect 2020 R3 offers a new multi-category search function that makes finding the specific video evidence easier and faster than ever. Multi-category search allows the operator to combine and search across multiple categories such as people, vehicles and location as well as any search agents developed and integrated into XProtect by third party technology partners.

By way of example, operators can narrow their investigation to only contain video sequences that include blue vehicles and males and exclude those that only meet one of them.

Expanded support for 360-degree cameras

XProtect 2020 R3 also offers expanded support for any 360-degree camera that delivers a complete fish-eye view. Most customers will experience significant installation and camera cost reductions and increased situational awareness when deploying these camera types compared to standard surveillance cameras.

The 2020 R3 release contains many more new and improved features and capabilities such as improved video rendering performance in the XProtect Smart Client, adaptive streaming for XProtect Mobile and direct streaming improvements in XProtect Web Client. On the cameras and devices side, XProtect 2020 R3 includes improvements such as increased security without compromising ease-of-use, more freedom to build installations that suit customers’ needs and new Device Packs.

Leave a comment

Filed under Security Matters

IDIS sets sights on developing video surveillance projects in Middle East and North Africa

Surveillance solutions specialist IDIS is now targeting video-based projects in resilient Middle East market sectors and encompassing the banking, grocery retail and education sectors as the business seeks looks to build on recent successes when it comes to delivering compliance-driven solutions.

Despite continuing disruption and uncertainty in the global economy, the company feels the outlook is positive in the Middle East region as it supports its systems integration partners to focus on both resilient sectors and markets showing continued growth.

The video technology developer, which is known for its end-to-end solutions, highlights opportunities for video tech projects in the education sector where it already has successful deployments in in the Kingdom of Saudi Arabia (KSA) and Kuwait.

“The sector continues to expand due to investment from private equity firms and Government infrastructure funding, as well as international higher education institutes expanding their presence in the region,” explained Jamil Al Asfar, senior sales manager for IDIS in the Middle East and Africa.

IDIS_Middle_East_Growth_with_Logo

In the banking sector, major investments in more robust surveillance infrastructure over the last three years have been driven by compliance pressure as banks look to meet more stringent Government standards.

IDIS-developed video technology has already been deployed to protect more than 3,000 bank branches and ATMs for the National Commercial Bank in Saudi Arabia and was also chosen to secure the Central Bank of Jordan. Both projects demonstrated the benefits of robust, cyber-secure technology and proved how compliance can be delivered at pace, even on a challenging scale and in tough environments.

Upgrade projects

IDIS solutions are fully compliant with requirements in the financial sector, including the Saudi Arabia Monetary Authority regulations. As a result, upgrade projects are driving strong activity for the company and its integration partners in the KSA, Jordan, Egypt, Morocco and Pakistan.

In the grocery and retail sector, Carrefour’s recently reported expansion across the Middle East, and its choice of IDIS video tech, has paved the way for further opportunities, among them projects in hypermarkets.

“Working alongside its integration partners, IDIS boasts in-depth experience of retail applications globally and we’re focusing on continuing demand for not just affordable video, but also scalable solutions that offer advanced analytics and deep learning tools,” continued Jamil Al Asfar. “These will help stores compete in the current tough trading conditions as well as into the future.”

Jamil_Al_Asfar_IDIS

Jamil Al Asfar

Further, he stated: “Security Industry Regulatory Agency certification for the latest range of our cameras and NVRs also means that we’re gaining momentum in commercial, residential and Government sectors across the UAE. In Dubai, we’ve seen construction and re-development rapidly bounce back. The new facilities involved need compliant, cyber-secure and resilient video tech to ensure public safety and security.”

Ahmad Shanawani, managing director of Ametrad Technology Services, concluded: “Despite the undoubted economic challenges in some sectors, we’re still seeing strong demand for video solutions that combine low total cost of ownership, high performance and robust cyber security standards and that meet compliance needs. We’re now seeing how much IDIS’ end-to-end solutions and the company’s collaborative approach are suited to the growth projects with which we’re involved.”

Leave a comment

Filed under Security Matters

HID Global “brings trust” to online and mobile banking in face of cyber threat

As consumers embrace the convenience of online and mobile banking at both traditional and the latest all-digital financial institutions, it has become an increasingly difficult challenge to combat cyber security threats while complying with regulatory data protection mandates. Trusted identity solutions specialist HID Global has solved those challenges for several banks as part of their digital transformation initiatives.

“Our solutions protect data and transactions while delivering a seamless experience for the consumer as well as maximum flexibility for banks,” explained Brad Jarvis, vice-president and managing director of identity and access management solutions at HID Global. “This includes the option of cloud-based authentication services that remove the complexity of providing multifactor authentication to a growing and diverse user population, while also offering the convenience and efficiency of centralised regulatory compliance audits.”

Challenging issues

As a business, HID Global is helping to address some of the most challenging of mobile banking issues. For example, a retail bank in Egypt has improved compliance and reduced fraud and operational costs thanks to an HID Trusted Transactions solution. This is pre-integrated with Temenos digital front office and core banking products.

In addition, a Swiss wealth management group is using the solution, along with the HID ActivID Authentication Server, to optimise flexibility while protecting mobile banking transactions and securing corporate data, applications and systems.

Further, two banks in Eastern Europe and the UK are using the solution for quick and easy compliance with Second Payment Services Directive (ie PSD2) regulations.

Even with financial institutions returning to (almost) normal operating hours, many believe digital banking will grow in importance as part of ensuring business continuity and supporting customers who prefer not to visit their local branch during the ongoing health crisis. According to a McKinsey & Company report, the use of digital channels has grown in Europe by up to 20% during the COVID-19 pandemic.

DigitalBanking

Adoption of digital banking

“In just a couple of months, customers’ adoption of digital banking has leapt forward by a couple of years,” suggests the document. “Our most recent customer survey showed a 10% to 20% rise in digital banking use across Europe in April. Many Italian banks are striving to enable every single one of their customers to use digital banking. Such a jump in adoption opens the door for banks to turn digital channels into real sales channels, not just convenient self-service tools.”

HID Global’s complete HID Trusted Transactions offer for end users in the banking and finance sector includes the HID Authentication platform delivered either as a server or service, plus a choice of hardware tokens or the HID Approve multi-factor authentication solution with mobile push notification capabilities and the HID Risk Management Solution – Threat and Fraud Detection.

The comprehensive offer from the business delivers risk-based adaptive authentication, threat detection and transaction signing.

*Click here for more information about HID’s advanced multi-factor authentication solutions for the banking sector

Leave a comment

Filed under Security Matters

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

2020 edition of Security Essen cancelled by Messe Essen due to ongoing COVID-19 pandemic

The 2020 edition of popular international trade fair Security Essen, which was scheduled to run from 22-25 September, has been cancelled due to the ongoing Coronavirus pandemic. According to Messe Essen, customer expectations and the performance promise of the exhibition cannot be fulfilled under the present circumstances. The decision to cancel was taken by Messe Essen in the wake of close consultations with partner associations. The next Security Essen will now run at Messe Essen from 20-23 September 2022.

As a respected international platform for the security industry, Security Essen is always a showcase highlighting the latest innovations. Numerous market leaders in the security industry had already confirmed their participation for this year.

Messe Essen GmbH, Norbertstraße, 45001 Essen, Germany
http://www.messe-essen.de

Security Essen covers everything from cyber security through to innovations in building security and new solutions for the protection of valuables. Every other year, circa 1,000 exhibitors from upwards of 40 countries show their innovations to no less than 36,000 trade visitors from 125 different nations.

“Anticipation around the 2020 edition and the new concept we had put in place for Security Essen was so high among all those involved,” explained Oliver Kuhrt, managing director of Messe Essen, “which made the decision to cancel all the more difficult. The fact is that the current situation, as well as the continuing global travel restrictions, will not allow adequate preparation for the trade fair.”

Careful evaluation

Norbert Schaaf, chairman of the Management Board of the Federal Association of Safety Engineering and chairman of the Security Essen Advisory Board, observed: “The cancellation of Security Essen 2020 is the result of a careful evaluation of the current situation which we have undertaken together. Since the majority of our participants come to Essen from abroad, we had to act with prudence. Due to the unclear worldwide development of the Coronavirus pandemic and the associated uncertain travel planning we were left with no alternative.” 

Dr Christian Endreß, managing director of the Federal Association for Security in Industry and Commerce and a member of the Security Essen Advisory Board, added: “Security Essen as an important international event in the security industry’s calendar and a particular highlight for the Federal Association. The cancellation is hitting the industry and the security associations pretty hard. We regret the decision, but we also fully understand it and look forward to 2022 with confidence.”

Dr Harald Olschok, general manager of the Federal Association of the Security Industry and also a member of the Security Essen Advisory Board, concluded: “From the perspective of our member companies, the decision to cancel Security Essen is fully understandable. Personally, I regret this very much, because it would have been my fifteenth and last Security Essen as CEO of the BDSW and the BDGW. The Coronavirus crisis represents an enormous economic challenge for security solutions providers. I’m sure that the management and the entire team of the BDSW and the BDGW with their affiliated member companies are looking forward to Security Essen 2022 when, hopefully, there will be better economic conditions for all.”

Leave a comment

Filed under Security Matters

CIP partners with ISARA in bid to offer crypto-agile technology

Cybersec Innovation Partners Limited (CIP) and the ISARA Corporation, the provider of crypto-agile and quantum-safe security, have announced the detail underpinning a strategic partnership which will allow CIP to offer bespoke solutions and services to enable a seamless migration of digital trust infrastructures to post-quantum security.

The onset of large-scale quantum computing will challenge the security of current public key cryptography and create widespread vulnerabilities. The rigidity of today’s infrastructure makes cryptographic migrations complex and costly. Establishing crypto agility in existing systems is the first step towards seamless migrations.

The partnership allows CIP to offer quantum-safe, crypto-agile and hybrid certificate offerings from ISARA. This ground-breaking technology enables systems to be quantum-safe without disruption of operations, while also maintaining the availability and integrity of existing security systems.

PostQuantumSecurity

The new agile certificates will be recognisable by CIP’s Whitethorn Platform: a digital certificate, key discovery and lifecycle management solution that allows for discovery, management and automation.

Andy Jenkinson, Group CEO at CIP, said: “Quantum computing is the next major development within the global technology area. The biggest challenge to cyber security is the lack of understanding of cryptography and PKI in today’s classical computing, let alone in a post-quantum world. The partnership with ISARA will enable all of our clients to realise full discovery, management and automation of their crypto-agile PKI.”

Scott Totzke, CEO and co-founder of ISARA, added: “We’re excited to partner with CIP to ensure its clients’ migration to quantum-safe cryptography starts with integrating crypto-agility, an essential first step towards cryptographic resilience and long-term security. This is welcome news in these turbulent times.”

Leave a comment

Filed under Security Matters