Is Microsoft A Risk?
Hewlett Packard Enterprise (HPE) has cast a shade on what it believes to be the biggest risks facing enterprises, and included on that list is Microsoft.
We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.
Enterprises, it seems, have myriad problems, of which Microsoft is just one.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.
“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.
“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.
“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”
It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.
“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.
“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.
“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”
Courtesy-TheInq
Microsoft To Release Advanced Threat Analytics
Comments Off on Microsoft To Release Advanced Threat Analytics
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.
Microsoft To Open Source Radio Code
Microsoft has begun to open source some more of its code, this time for the Microsoft Research Software Radio (Sora).
“We believe that a fully open source Sora will better support the research community for more scientific innovation,” said Kun Tan, a senior researcher on the Sora project team.
Sora was created to combat the problem of creating software radio that could keep up with the hardware developments going on around it.
The idea behind it is to run the radio off software on a multi-core PC running a basic operating system. In the example, it uses Windows. But then it would.
A PCIe radio control board is added to the machine with signals processed by the software for transmission and reception, while the RF front-end, with its own memory, interfaces with other devices.
The architecture also supports parallel processing by distributing processing pipelines to multiple cores exclusively for real-time SDR tasks.
Sora has already won a number of awards, and the Sora SDK and API were released in 2011 for academic users. More than 50 institutions now use it for research or courses.
As such, and in line with the groovy open Microsoft ethos, the software has now been completely open sourced, with customizable RF front-ends, customizable RCB with timing control and synchronization, processing accelerators and support for new communication models such as duplex radios.
The Sora source code is now up on GitHub. Use cases already in place include TV whitespace, large scale MIMO and distributed MIMO systems.
Microsoft has made a number of moves towards open sourcing itself over the past year. Most notably, The .NET Framework at the heart of most Windows programs was offered up to the newly created .NET Foundation.
It was announced yesterday that Google is releasing its Kubernetes code to the Linux Foundation to set up a standardized format for containerization.
ARM Buys Offspark For IoT
ARM has snaffled up Dutch Internet of Things (IoT) company Offspark.
The move is designed to improve ARM’s security credentials for IoT offerings.
Offspark is the creator of PolarSSL, a widely used protocol for IoT security products, and ARM hopes that the combined companies can offer a one-stop shop for IoT developers.
Krisztian Flautner, ARM’s IoT manager, said: “PolarSSL technology is already deployed by the leading IoT players.
“The fact that those same companies also use ARM Cortex processor and software technologies means we are now able to provide a complete bedrock solution for the industry to innovate from.”
The product will be renamed ARM Mbed TLS, but will remain open source, reports Tech Week Europe.
Paul Bakker, CEO of Offspark, added: “Security is the most fundamental aspect in ensuring people trust IoT technology and that is only possible with a truly tailored solution.
“Together, ARM and Offspark can provide security to the edge of any system and we look forward to working with our partners to help them deliver some exciting new projects.”
Developers will be able to license the technology for commercial use as well as embedding it into future ARM products.
Last week the company released the ARM Cortex-A72 processor, a 64-bit effort offering support for Android 5.x Lollipop and incorporating the big.LITTLE architecture that prioritises jobs to different processor cores based on their computational requirements.
A message on the Offspark website indicates that it has been taken down and redirects to ARM.
ARM Develops IoT For Students
ARM has created a course to teach IoT skills to students at University College London (UCL)
The course is designed to encourage graduates in science, technology, engineering and maths (Stem) to seek careers in IT.
The IoT Education Kit will teach students how to use the Mbed IoT operating system to create smartphone apps that control mini-robots or wearable devices.
Students are expected to be interested in building their own IoT business, or joining IoT-focused enterprises like ARM. The course will also try to limit the number of Stem graduates pursuing non-technology careers.
ARM reported statistics from a 2012 study by Oxford Policy and Research revealing how many engineering graduates (36 percent of males, 51 percent of females), technology graduates (44 percent, 53 percent) and computer scientists (64 percent, 66 percent) end up with non-Stem jobs.
The IoT Education Kit will be rolled out by UCL’s Department of Electronics from September 2015, with a week-long module for full-time and continuing professional development students.
The Kit comprises a complete set of teaching materials, Mbed-enabled hardware boards made by Nordic Semiconductor, and software licensed from ARM. A second teaching module for engineering graduates is being developed for 2016.
“Students with strong science and mathematical skills are in demand and we need to make sure they stay in engineering,” said ARM CTO Mike Muller.
“The growth of the IoT gives us a great opportunity to prove to students why our profession is more exciting and sustainable than others.”
UCL professor Izzat Darwazeh also highlighted the importance of Stem skills, saying that “many students are not following through to an engineering career and that is a real risk to our long-term success as a nation of innovators”.
Self-Healing Software On The Way
Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.
Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.
It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.
A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.
Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.
Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.
The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.
If malware gets into such systems, A3 software could detect and repair the attack within minutes.
The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.
A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.
Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”
The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.
Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”
Hackers Going After Traffic Signs
After hackers played several high-profile pranks with traffic signs, including warning San Francisco drivers of a Godzilla attack, the U.S. government advised operators of electronic highway signs to take “defensive measures” to better secure their property.
Last month, signs on San Francisco’s Van Ness Ave were photographed flashing “Godzilla Attack! Turn Back” and highway signs across North Carolina were tampered with last week to read “Hack by Sun Hacker.”
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, this week advised cities, highway operators and other customers of digital-sign maker Daktronics Inc to take “defensive measures” to minimize the possibility of similar attacks.
It said that information had been posted on the Internet advising hackers how to access those systems using default passwords coded into the company’s software. “ICS-CERT recommends entities review sign messaging, update access credentials and harden communication paths to the signs,” the agency said in an alert posted on Thursday.
Jody Huntimer, a representative for Daktronics, declined to say if the recent attacks involved the bug reported by ICS-CERT.
“We are working with the ICS-CERT team to clarify the current alert and will release a statement once we have assessed the situation and developed customer recommendations,” Huntimer said via email.
Krebs on Security, a widely read security blog, posted a confidential report from the Center for Internet Strategy, or CIS, which was sent to state security officials. It warned that the pranks created a public safety risk because drivers often slow or stop to view the signs and take pictures.
CIS also predicated that amateur hackers might attempt to hack into other systems in the coming weeks following the May 27 release of “Watch Dogs,” a video game from Ubisoft focused on hacking critical infrastructure.
BlackBerry To Patch For Heartbleed
BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.
Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.
Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.
Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.
He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.
Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.
“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.
Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.
Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.
Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.
He said mobile app developers have time to figure out which products are vulnerable and fix them.
“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.
Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.
Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.
SEC Plans Cybersecurity Meeting
February 27, 2014 by admin
Filed under Around The Net
Comments Off on SEC Plans Cybersecurity Meeting
The Securities and Exchange Commission said that its making plans to conduct a roundtable next month to discuss cybersecurity, after massive retailer breaches refocused the attention of the business community and policymakers on the area.
The SEC said that it would hold the event on March 26 to talk about the challenges cyber threats pose for market participants and public companies.
Recent breaches at Target Corp and Neiman Marcus have sparked concern from lawmakers and revived a long-running spat among retailers and banks over who should bear the cost of consumer losses and technology investments to improve security.
Last Thursday, trade groups for the two industries announced they are forming a partnership to work through the disputes.
U.S. lawmakers have also considered weighing in on how consumers should be notified of data theft. But progress on legislation is not guaranteed in a busy election year.
The SEC in 2011 drafted informal staff-level guidance for public companies to use when considering whether to disclose cyber attacks and their impact on a company’s financial condition.
SEC Chair Mary Jo White last year told Congress that her agency was reviewing whether a more robust disclosure process is needed. But she told reporters last fall she felt the guidance appeared to be working well and that she didn’t see an immediate need to create a rule that mandates public reporting on cyber attacks.
Chinese Hackers Go After Dissidents
August 26, 2013 by admin
Filed under Around The Net
Comments Off on Chinese Hackers Go After Dissidents
The “Comment Crew,” a group of China-based hackers whose outing earlier this year in major media outlets caused a conflict with the U.S., have resumed their attacks against dissidents.
FireEye, a security vendor that specializes in trying to stop sophisticated attacks, has noticed attackers using a fresh set of tools and evasion techniques against some of its newer clients, which it can’t name. But Rob Rachwald, director of market research for FireEye, said in an interview Monday that those clients include an organization in Taiwan and others involved in dissident activity.
The Comment Crew was known for many years by security analysts, but its attacks on The New York Times, described in an extensive report in February from vendor Mandiant, thrust them into an uncomfortable spotlight, causing tense relations between the U.S. and China.
Rachwald said it is difficult to determine if the organizations being targeted now were targeted by the Comment Crew previously, but FireEye said last month that the group didn’t appear to be hitting organizations they had compromised before.
Organizations opposing Chinese government policies have frequently been targeted by hackers in what are believed to be politically motivated surveillance operations.
The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven’t gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn’t stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.
“If you look at it from a chronological perspective, this malware hasn’t been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”
FireEye researchers Ned Moran and Nart Villeneuve described the new techniques on Monday on FireEye’s blog.
Two malware samples, called Aumlib and Ixeshe, had been used by the Comment Crew but not updated since 2011. Both malware programs have now been altered to change the appearance of their network traffic, Rachwald said.
Many vendors use intrusion detection systems to spot how malware sends data back to an attacker, which helps determine if a network has been compromised. Altering the method and format for how the data is sent can trick those systems into thinking everything is fine.
In another improvement, encryption is now employed to mask certain components of the programs’ networking communication, Rachwald said. The malware programs themselves, which are designed to steal data and log keystrokes, are basically the same.
Mandiant’s report traced the hacking activity to a specific Chinese military unit called “61398.” The company alleged that it waged a seven-year hacking spree that compromised 141 organizations.
Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.