Tag Archives: Encryption

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

Honeywell launches 30 Series IP cameras “to improve data and video protection”

Honeywell has announced the release of its 30 Series IP cameras: a new suite of video cameras that strengthens building safety and security through advanced analytics and secure channel encryption. With the new cameras, end users can also benefit from lower total cost of ownership and reduced risk as well as improved picture quality without increased storage needs.

“Honeywell is in the business of protection – from buildings through to data and the people within those buildings,” said Jeremy Kimber, video global product management director for Honeywell Commercial Security. “With the release of the 30 Series IP cameras, we’re providing advanced secure channel encryption that guards against unauthorised access and the unsanctioned distribution of data and video to help end users seamlessly integrate security into any business.”

HoneywellHC30Family

Honeywell 30 Series IP Cameras are available in dome, bullet, ball and fisheye models that feature:

Secure channel encryption: The new cameras provide HTTP over TLS1.2 (HTTPS) encrypted streaming to Honeywell MAXPRO NVRs. They adhere to the Payment Card Industry Data Security Standard. Together, these elements help meet the increasingly stringent requirements being set by IT Departments to shield businesses against unauthorised access and unsanctioned distribution of data and video, potentially saving end users up to $3.86 million (the average global cost of a data breach).

Advanced motion people detection: Traditional motion detection only detects pixel changes, leading to a higher false alarm rate. Advanced motion people detection is designed to reduce false alarm rates as it will only create an alarm when the moving object is recognised as a person.

Enhanced storage space and image quality: A higher quality camera resolution of up to 5 MP delivers exceptional images and comes with a user-friendly interface for secure remote viewing. The H.265 smart codec feature allows for storage of longer clips and lower bandwidth consumption, enabling images to take up to 50% less storage space, which decreases operating costs.

The new line of cameras is fully-integrated using HTTPS encrypted streaming with MAXPRO NVRs. They can also be used with performance-embedded NVRs linked to the MAXPRO Cloud multi-site video and access control management platform and with the ADPRO XO range of NVRs complete with on-board video analytics.

With advanced analytics and encryption capabilities, Honeywell 30 Series IP cameras offer an array of quality options for all SMEs, entry-level enterprise and critical applications where compliance is essential such as banking and finance, Government, the utilities, the education sector, retail and premium commercial.

Leave a comment

Filed under Risk Xtra

NordVPN creates new generation password manager dubbed NordPass

NordVPN is creating a new generation password manager. NordPass will have a full range of features to ensure that passwords are as secure as possible. Its easy-to-use interface makes staying secure effortless.

“We can secure your connections with NordVPN and we can secure your files with NordLocker, but you still need a strong password for both,” explained Marty Kamden, CMO at NordVPN. “Passwords are the front line for your online account security. That’s why we’re introducing NordPass. It all started when we were looking for a safer and more productive way to deal with passwords within our company. In the end, this initiative has grown into something pretty exciting, which we decided to expand beyond the bounds of our own business.”

NordPass will remember and autosave all passwords, autofill online forms and allow the saving of private notes. Additionally, the new tool will generate strong passwords on the spot. NordPass will support major operating systems, offering browser extensions as well as native mobile and desktop apps.

ZeroEncryptionNordPass is created using the latest security practices and industry standards. It uses powerful Advanced Encryption Standard (AES-256-GCM) encryption with Argon2 for key derivation, which is virtually unbreakable. Additionally, the new tool will have a zero-knowledge encryption process to ensure ultimate security.

“Zero-knowledge encryption means you own the key to your passwords,” continued Kamden. “By the time your data reaches our servers, it’s already encrypted on your device, which means we have zero knowledge about the items saved in your vault. We couldn’t see your passwords even if we wanted to. These are only the essential features that come with the first version of NordPass. We’re very eager to expand its capabilities in the near future.”

At the moment, NordPass is going through internal stress-tests. It’s expected that the first beta version will be released this autumn.

NordVPN is a trusted online privacy and security solution used by over 12 million Internet users worldwide. It offers military-grade encryption with advanced privacy solutions and is recognised by the most influential tech sites and IT security specialists.

*For more information in NordPass access the NordVPN blog

Leave a comment

Filed under Risk Xtra

Cyber security firm Foregenix scoops Queen’s Award for Enterprise

A cyber security firm has picked up the Queen’s Award for Enterprise. Foregenix, which celebrates its 10th Anniversary this month, received the award for its work in international trade and is believed to be the first cyber security consultancy with a determined focus on protecting the payment and finance industries to pick up the accolade.

Headquartered in the UK, Foregenix has generated around 60% of its revenue from international sales over the past four years, helped by new offices in Boston servicing North America, Frankfurt, Europe, Sydney, Australasia and São Paulo, Brazil and a new base in Singapore in 2019.

Foregenix offers a range of services including managed detection and response, digital forensics, compliance and risk. It’s one of the leading certification companies for payment systems on PCI point-to-point encryption and an authority on ATM ‘cash-out’ attacks.

The Queen’s Award for Enterprise follows on from recognition by The Sunday Times as one of the Top 100 SME exporters in 2017 and 2018.

ForegenixPaulHumpageAndrewHenwoodBenjaminHosack

Left to Right: Paul Humpage, Andrew Henwood and Benjamin Hosack of Foregenix

The Queen’s Awards have recognised the achievements of British businesses since 1965. Around 200 businesses receive the accolade each year.

Co-founder and CTO Andrew Bontoft commented: “It’s testimony to the brilliant work and dedication of our global team that we’ve received this prestigious award. We’re very proud of what the team has achieved and grateful for the recognition this award signifies. We would also like to thank our clients and suppliers for helping us to achieve this honour.”

CEO Andrew Henwood added: “Foregenix aims to protect businesses and organisations from criminals who attempt to endanger people’s livelihoods and futures for their own enrichment. It’s a cause that resonates with our customers. We offer them practical advice and solutions for baked-in security and real risk reduction.”

Leave a comment

Filed under Risk Xtra

Vanderbilt’s SPC solution accredited to CNPP’s NF A2P Cyber-RTC cyber security standard

Vanderbilt, the state-of-the-art security systems developer, has announced that its award-winning SPC system has been accredited to the NF A2P Cyber-RTC cyber security standard from the CNPP.

The SPC intrusion system was tested by CNPP to ensure that it meets the latest needs for cyber security. This is part of Vanderbilt’s continuous endeavour and commitment to work with approval bodies to ensure both Best-in-Class security and afford end users the confidence that their chosen security system is secure.

“By certifying our SPC intrusion ranges on the latest CNPP NFA2P at Cyber Type 2 and 3 repositories, Vanderbilt provides all of its customers with high-level security for all remote monitoring transmissions, as well as for cloud applications such as our service SPC Connect to combine user-friendliness, availability and security,” stated Hervé Houy, Vanderbilt’s Country Manager for France.

VanderbiltSPC

An IP-ready intrusion alarm system, SPC has been designed with communications and security at its core. Using the FlexC protocol to communicate with AES256-CBC encryption, the communications between SPC and other system are secure and protected. This communication also allows for flexibility using the SPC user models.

The rights and permissions of users protect the user and the system from malicious attacks. Customers can use the system with confidence whether they are on-site or using the SPC Connect to enable cloud services. Their data is secure, while communications are always protected.

Vanderbilt has been working with CNPP for many years to ensure the quality of intrusion products for the French market. This innovative step by the approval body to have a defined standard for cyber is a clear indication of the path of security systems.

“The market is saturated with cyber security standards, but the NF cyber security standard from CNPP is the first specifically developed for intrusion alarm systems,” concluded Nick Pegtol, Vanderbilt’s Country Manager for Benelux, Greece and Cyprus. “It’s a great way to benchmark and improve our SPC intrusion systems,”

*To obtain Vanderbilt’s latest product certifications visit https://vanderbiltindustries.com/compliance-documents. For more information on SPC visit https://vanderbiltindustries.com/spc

Leave a comment

Filed under Risk Xtra, Uncategorized

Milestone Systems introduces ‘Push-To-Talk’ feature in Mobile Client

In the latest update of Milestone Systems’ XProtect 2019 R1 video management software (VMS), the company has introduced two-way audio in the Mobile Client, enabling end users to speak to people on camera directly from their mobile devices.

The first XProtect release of 2019 extends the usability of the Smart Client and takes it outside the Control Room with support for both one and two-way audio in the Mobile Client. This is beneficial for ‘on-the-go’ security personnel whose tasks require them to be away from the Smart Client on occasion.

One-way audio allows end users to listen to audio captured by the microphone connected to the camera directly from their mobile phones using the Milestone Mobile application. Users can also increase their situational awareness when video isn’t available, such as in extreme darkness or when an incident happens outside of the camera’s viewing range.

milestonewebclient

Two-way audio takes the audio capability a step further with Push-to-Talk, a feature that allows users to speak through the camera-connected speaker directly from their mobile phones. This enables security personnel to use their VMS systems preventatively for things like access control, crowd warnings and intruder alerts – all available on mobile. 

The 2019 R1 version of XProtect also includes support for two-way audio in the Web Client. Two-way audio allows end users to speak through the camera-connected speaker directly from the Web Client anywhere. This transforms the VMS system into an interactive tool and allows users to respond quickly to access control requests and incident prevention without having to be present in the Control Room or on-premise.

The 2019 R1 version of XProtect takes the system’s resistance against cyber security threats a step forward by encrypting all communication between the recording server and other servers and clients connected to it. This certificate-based encryption requires that all components communicating with the recording server (including third party solutions integrated with the VMS system) follow a strict certification process, guaranteeing the system’s resistance against cyber security threats. This system design provides the end user with the best level of performance encrypted end-to-end.

Leave a comment

Filed under Risk Xtra, Uncategorized

360 Vision Technology’s ONVIF-compliant cameras on show at Security Essen 2018

CCTV design and manufacturing company 360 Vision Technology will be showing its popular range of high-performance surveillance cameras at Security Essen 2018.

Compatible with the security industry’s leading software control solutions and illustrating 360 Vision Technology’s depth of video surveillance imaging technology, those cameras on show will include analogue, HD, thermal, radar and stainless steel variants, so too models with built-in Sirius IR and White Light LED illuminators.

360 Vision Technology’s high-performance Predator and new cost-effective Invictus ‘all-in-one’ ultra low-light PTZ camera (featuring advanced SSL and 802.1 encryption protection and available in a variety of camera model/control combinations) will also be on display at MESSE Frankfurt.

360VisionTechnologyEssen2018Family

Underlining 360 Vision Technology’s emphasis on technical innovation and design, the company’s Predator Radar camera has been selected as one of just 13 entries out of 75 to reach the final round of this year’s Security Essen ‘Security Innovation Awards 2018’.

“Designed to protect against hacking and ransomware attacks, we’ll be showcasing 360 Vision camera technology including advanced SSL and 802.1 encryption protection,” explained Mark Rees, business development director at 360 Vision Technology, in conversation with Risk Xtra. “We’re also delighted to have our Predator Radar camera selected for the final round of the prestigious ‘Security Innovation Awards 2018’.”

*Visitors to Security Essen can find 360 Vision Technology in Hall 5 on Stand 5E08

Leave a comment

Filed under Risk Xtra

UK’s SMBs battling average of five cyber attacks per annum

Small and medium-sized businesses (SMBs) in the UK have faced up to an average of five cyber attacks in the last 12 months. That’s according to research commissioned by online encryption specialists Appstractor Corporation that highlights the growing threat such businesses face from online criminals.

A significant number of IT decision-makers in these SMBs believe they’re being put at greater risk of attack because their security software isn’t keeping pace with the sophisticated nature of the attacks with which they’re confronted.

According to the new independent report entitled ‘Under Attack: Assessing the Struggle of UK SMBs Against Cyber Criminals’. some businesses (19%, in fact) faced as many as ten attacks in the last year. IT bosses who took part in the research survey suggested that one of the major causes for concern for SMBs in the UK is that security and encryption software is aimed at individual consumers or large corporations and Governments, meaning that they cannot be deployed effectively in a small business environment.

SMBCyberSecurity

In fact, only 44% of IT decision-makers in SMBs believe that they’re able to properly protect themselves against cyber criminals using current software and systems when compared to the ability of large businesses to protect themselves.

A third believe that the UKs small business community – which makes up 99% of businesses, according to the Federation of Small Businesses – is being “forgotten about” and placed at a higher level of risk when compared to their larger counterparts.

When it comes to the level of threat faced by these smaller companies, Appstractor Corporation’s research found that 17% of companies faced at least one attack in the last year, 28% were attacked two or three times, 32% faced four or five attacks and 19% were attacked between six and ten times.

A small proportion of companies – 2% – said that their company had been targeted up to 20 times in the last 12 months.

Commenting on the report, Paul Rosenthal (CEO and founder of Appstractor Corporation) agreed that current solutions were not up to scratch. but also said that some SMBs were making themselves an easy target for criminals.

“It’s the case that SMBs are at a disadvantage in the cyber security arms race because software and platforms are not being effectively designed for them, so they have to shoehorn consumer or large enterprise-grade solutions into their company which don’t work in small businesses. IT managers and small business owners need to rid themselves of their current ideas that they are too small to be targeted and so don’t have to worry about security and encryption software. The reality is that small businesses are being targeted by criminals more than ever before. Techniques like automated mass targeting are putting them at a serious and present risk of attack.”

*To access the full report click here

Leave a comment

Filed under Risk Xtra

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

MobileWorkingSecurity

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Leave a comment

Filed under Risk Xtra

MOBOTIX launches ‘Cactus Concept’ to set focus on cyber security for video surveillance

MOBOTIX has announced a heightened focus on cyber security by implementing the ‘Cactus Concept’. The concept aims to deliver a comprehensive approach towards protecting MOBOTIX products against the threat of cyber attacks along with education and tools to help customers and partners alike in building and maintaining secure video surveillance and access control environments.

The ‘Cactus Concept’ will raise awareness among potential and existing MOBOTIX customers of the importance of data security in network-based video security systems and how organisations can protect themselves through cost-efficient and intelligent solutions. End-to-end encryption with no blind spots is required, from the image source via the data cables and the data storage through to the VMS on the end user’s computer.

Like a cactus, whose every limb is covered in thorns, all of the modules (camera, storage, cables, VMS) in the MOBOTIX system have ‘digital thorns’ that protect them from unauthorised access.

MOBOTIXCactusConcept

“Modern video surveillance and access control technologies help protect people, places and property across the world, but they’re increasingly targeted by criminals aiming to infiltrate, take-over or disable them,” explained Thomas Lausten, CEO of MOBOTIX. “With the Internet of Things trend adding billions of IP-connected devices each year, our industry must lead the way in creating secure platforms that can reduce the risks posed by these damaging attacks.”

MOBOTIX firmly believes in its ‘Cactus Concept’ to protect every element of the design, manufacture and operation of each device along with end-to-end encryption across the entire usage and management cycle.

To ensure the highest levels of security, MOBOTIX uses the services of SySS, a highly regarded and independent third party security testing company that examines the security of both software and hardware elements. SySS customers include Basler Versicherungen, Bundeswehr, CreditPlus Bank AG, Daimler, Deutsche Bank, Deutsche Flugsicherung, Festo, Hewlett Packard, Innenministerium/LKA Niedersachsen, SAP, Schaeffler, Schufa, T-Systems and Union Investment.

Sebastian Schreiber, CEO at SySS, added: “MOBOTIX has a contract with us to provide further penetration testing of its technology elements. The initial platform testing on a current camera model revealed very positive results. We’ll now continue security testing as an ongoing process.”

Thomas Lausten concluded: “Cyber security has been and will continue to be a core focus for us. We look forward to working with our peers in the industry, as well as customers and Government agencies, in order to protect the very technologies and systems that help make society safer for us all.”

*For more information visit www.cactusconcept.com

Leave a comment

Filed under Risk UK News