Security trends 2017

Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.

Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.

There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.

There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.

The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.

Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.

Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.

Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.

Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.

Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.

The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.

In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.

In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.

Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.

In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.

Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.

Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.

Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.


Other prediction articles worth to look:

What Lies Ahead for Cybersecurity in 2017?

Network Infrastructure, Visibility and Security in 2017

DDoS in 2017: Strap yourself in for a bumpy ride

Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online

IBM’s Cybersecurity Predictions for 2017 – eForensics

Top 5 Cybersecurity Threats to Watch Out for in 2017

Experts Hopeful as Confidence in Risk Assessment Falls




  1. Tomi Engdahl says:

    Netgear: Nothing to see here, please disperse. Just another really bad router security hole
    Firmware updates on the way

    Netgear has downplayed the significance of newly discovered flaws in its WNR2000 line of consumer routers.

    The vulnerabilities could hypothetically allow a remote attacker to execute code and take over the device without authentication, claims Pedro Ribeiro, the security researcher who discovered the bugs.

    “It is a LAN based attack, but it can also be used over the Internet if remote administration is enabled in the router,“ Ribeiro told El Reg.

  2. Tomi Engdahl says:

    The walls have ears: Warrant granted for Amazon Echo recordings

    A murder in Arkansas may change the way people behave around smart devices. A warrant has been issued for an Amazon Echo, revealing that Amazon may retain recordings on a server for law enforcement investigations.

    An Amazon Echo was cited in a warrant related to a November murder in Bentonville, Arkansas. While other smart devices were identified, police have pinned some specific hopes on the Echo for a simple reason: it never stops listening.

    The Echo is only activated after a user says its wake, or activation, word. But once triggered, it records snippets of things said that are then sent to an Amazon cloud.

    Police request Echo recordings for homicide investigation

    Officers in Arkansas are hoping the smart speaker’s recordings can provide some clues on a murder.

    You have the right to remain silent — but your smart devices might not.

    Amazon’s Echo and Echo Dot are in millions of homes now, with holiday sales more than quadrupling from 2015. Always listening for its wake word, the breakthrough smart speakers boast seven microphones waiting to take and record your commands.

    Now, Arkansas police are hoping an Echo found at a murder scene in Bentonville can aid their investigation.

    First reported by The Information, investigators filed search warrants to Amazon (see below), requesting any recordings between November 21 and November 22, 2015, from James A. Bates, who was charged with murder

    While investigating, police noticed the Echo in the kitchen and pointed out that the music playing in the home could have been voice activated through the device. While the Echo records only after hearing the wake word, police are hoping that ambient noise or background chatter could have accidentally triggered the device, leading to some more clues.

    Amazon stores all the voice recordings on its servers, in the hopes of using the data to improve its voice assistant services. While you can delete your personal voice data, there’s still no way to prevent any recordings from being saved on a server.

    “It is believed that these records are retained by and that they are evidence related to the case under investigation,” police wrote in the search warrant.

    Amazon has not sent any recordings to the officers but did provide Bates’ account information to authorities, according to court documents. The retailer giant said it doesn’t release customer information without a “valid and binding legal demand.”

    Even without Amazon’s help, police may be able to crack into the Echo, according to the warrant. Officers believe they can tap into the hardware on the smart speakers, which could “potentially include time stamps, audio files or other data.”

    Police also found a Nest thermostat, a Honeywell alarm system, wireless weather monitoring in the backyard and WeMo devices for lighting at the smart home crime scene.

  3. Tomi Engdahl says:

    IBM Reports Significant Increase in ICS Attacks

    The number of attacks aimed at industrial control systems (ICS) increased by 110 percent in 2016 compared to the previous year, according to data from IBM Managed Security Services.

    The company has attributed this significant increase to brute force attacks on supervisory control and data acquisition (SCADA) systems.

    Attackers apparently used a penetration testing framework made available on GitHub in January 2016. The tool, named smod, can be used to conduct a security assessment of the Modbus serial communications protocol and it includes brute-force capabilities.

    “The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months,”

    MODBUS Penetration Testing Framework

    smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.

  4. Tomi Engdahl says:

    Four Cybersecurity Resolutions for 2017

    2016 was a big year for cybersecurity news, most of it not terribly encouraging.

    If any of these items are not on your “to do” list for 2017, I would challenge you to add them.

    1. Move Beyond Passwords
    2. Make Sure the Security and Management Teams Understand Each Other
    3. Join a Threat Intelligence Sharing Group
    4. Be Kind to Your Level 1 SOC Operator

  5. Tomi Engdahl says:

    Five New Year’s Resolutions for the InfoSec Community

    1. Let’s get Santa milk and cookies and SSO in the cloud
    The foundations have been laid for true single sign-on in the cloud with the fairly broad adoption of SAML federation.

    2. Let’s split the risk
    You know who’s in the cloud? Besides Santa? You are. When you moved your application to the cloud, you transferred some of the management of infrastructure security to the providers. But don’t forget, you’re still responsible for your application security and your data.

    3. Let’s flatten the security speed bump
    HTTP/2 and TLS1.3 are going to make the Internet faster. HTTP/2 is already multiplexing connections to reduce latency. TLS1.3, which should make it to draft status this year

    4. Let’s laugh more about consumer security
    In 2016, attackers demonstrated what they were capable of doing with IoT devices and botnets like Mirai. Without regulations in place, consumer IoT device manufacturers will continue to lack any incentive to prioritize security in the year ahead.

    5. Let’s let go of the BYOD and watch for the APT
    BYOD as a threat vector is still a thing, but we need to realize that a truly targeted organization is going to have endpoints in their employees’ homes, and those endpoints may be getting attention from APT groups

  6. Tomi Engdahl says:

    Eileen Yu / ZDNet:
    Singapore will add iris scans as identifier for citizens and permanent residents starting January 1

    Singapore to record iris scans of citizens

    Singapore’s immigration department will begin collecting iris images of citizens and permanent residents as an additional personal identifier, which is aimed at improving the efficiency of its operations.

  7. Tomi Engdahl says:

    Rachel Becker / The Verge:
    FDA publishes new cybersecurity guidelines for securing medical devices, but the recommendations lack enforceability — The FDA outlined how medical device manufacturers should ward off cyberattacks, but didn’t include plans for enforcement — Today, the US Food and Drug Administration released …

    New cybersecurity guidelines for medical devices tackle evolving threats

    The FDA outlined how medical device manufacturers should ward off cyberattacks, but didn’t include plans for enforcement

  8. Tomi Engdahl says:

    Your 5 Totally Achievable Security Resolutions for the New Year

    Set Up a Password Manager
    Enable Two-Factor Authentication
    Make Backups
    Know How to Use a VPN
    Use End-to-End Encrypted Chat Apps

  9. Tomi Engdahl says:

    Top-Secret Snowden Document Reveals What the NSA Knew About Previous Russian Hacking

    To date, the only public evidence that the Russian government was responsible for hacks of the DNC and key Democratic figures has been circumstantial and far short of conclusive, courtesy of private research firms with a financial stake in such claims. Multiple federal agencies now claim certainty about the Kremlin connection, but they have yet to make public the basis for their beliefs.

    Now, a never-before-published top-secret document provided by whistleblower Edward Snowden suggests the NSA has a way of collecting evidence of Russian hacks, because the agency tracked a similar hack before in the case of a prominent Russian journalist, who was also a U.S. citizen.

    In 2006, longtime Kremlin critic Anna Politkovskaya was gunned down in her apartment, the victim of an apparent contract killing.

    Information about Politkovskaya’s journalism career, murder, and the investigation of that crime was compiled by the NSA in the form of an internal wiki entry.

    The year after her email was hacked, Politkovskaya was murdered, a crime that was widely suspected, though never proven, to be a Kremlin reprisal for her reporting on Chechnya and criticism of Vladimir Putin.

    This hack sounds more or less like a very rough sketch of what private firms like CrowdStrike allege the FSB perpetrated against the DNC this year, and presumably what entities like the Federal Bureau of Investigation, the Central Intelligence Agency, and the Office of the Director of National Intelligence have, behind closed doors, told President Obama took place.

    That is to say, the NSA knew Russia hacked Politkovskaya because the NSA was spying.

    But that this evidence existed at all is important, and more so today than ever. Simply, the public evidence that the Russian government hacked the Democrats isn’t convincing.

    Adm. Mike Rogers, the current NSA chief, has already publicly claimed that Russia was behind the attack. “This was a conscious effort by a nation state to attempt to achieve a specific effect,”

    Earlier this year, Snowden tweeted that if the Russian government was indeed behind the hacking of the Democrats, the NSA most likely has the goods, noting that XKEYSCORE, a sort of global SIGINT search engine, “makes following exfiltrated data easy. I did this personally against Chinese ops.” Snowden went so far as to say that nailing down this sort of SIGINT hacker attribution “is the only case in which mass surveillance has actually proven effective.”

  10. Tomi Engdahl says:

    Police Want Alexa Data; People Begin to Realize It’s Listening

    It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

    Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

    All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat.

    Amazon Echo and the Hot Tub Murder

  11. Tomi Engdahl says:

    Telstra: First Aussie ISP to block subscriber access to The Pirate Bay; defeated in seconds

    Following a case brought by rightsholders including Roadshow Films, Foxtel, Disney, Paramount, Columbia, and 20th Century Fox, that took much of this year to preside over, more than 50 internet service providers in Australia are now required to block subscriber access to selected pirate websites.

    On Tuesday the service provider began its blocking regime, starting with The Pirate Bay. As ordered by the Federal Court, visitors to the site are now being met by a landing page which explains why they can no longer access it.

    The order of the Federal Court allows ISPs to choose how to implement the blockade, including DNS blocking, IP address blocking (or IP re-routing), URL blocking, or “any alternative technical means” approved by a rightsholder.

    And it appears that Telstra has opted for the DNS block, the weakest option available. As a result, it is defeated in a matter of seconds with a just a few clicks and not a penny spent. Many users are already choosing to configure their computers to use Google’s DNS or the Cisco owned OpenDNS instead of Telstra’s

  12. Tomi Engdahl says:

    Matthew Humphries / PC Magazine:
    Researchers: ID codes printed on boarding passes, luggage tags for ~90% of flights let hackers access travelers’ personal info, steal reservations, more

    Luggage Tag Code Unlocks Your Flights, Identity to Hackers

    Booking a flight has become a simple process thanks to the Internet

    Karstein Nohl and Nemanja Nikodejevic from German security company Security Research Labs have revealed how poorly the travel booking systems we all rely on are protected. In fact, the three largest Global Distributed Systems (GDS) handling flight reservations for travel worldwide are open to abuse in several ways.

    Amadeus, Sabre, and Travelport are the three systems that handle over 90 percent of flight reservations. According to the researchers, these systems date back to the 70s and 80s

    authentication on the system is very weak due to it being decades old.

    Each traveler on a GDS is identified by a six digit code which is also the booking code (known as a PNR Locator). That ID is printed on boarding passes and luggage tags, a shot of it with their smartphone. With that one code, all traveler information can be accessed, including home and email addresses, phone numbers, credit card number, frequent flyer number, and the IP address used to make a booking online

    It gets worse, though, as you don’t even need a specific ID to find valid traveler information.

    brute-force approach to finding valid ones can be used.

    Having your personal details so easily accessible throws the door open for a lot of abuse.

  13. Tomi Engdahl says:

    Where in the World Is Carmen Sandiego?
    Becoming a secret travel agent

  14. Tomi Engdahl says:

    Joseph Cox / Motherboard:
    Security Without Borders project launches to help journalists and activists with cybersecurity by connecting them with volunteer group of InfoSec professionals

    Good Guy Hacker Launches ‘Security Without Borders’ to Defend At-Risk Dissidents

    Today, countless techies have entered the for-profit cybersecurity business, potentially neglecting what one security researcher calls their responsibility to civil society: helping at-risk users like dissidents with the security of their work, for example.

    “Civil society basically isn’t going to secure itself,” Guarnieri told Motherboard in an interview. “It’s not going to be able to build that kind of expertise that is required to actually face the issues and even understand the issues that exist.”

    On the Security Without Borders website, visitors can click a “Request Assistance”

    At the moment, Security Without Borders is made up of between 20 and 30 people, Guarnieri said, including malware analysts, engineers, and system administrators.

  15. Tomi Engdahl says:

    Donald Trump says ‘no computer is safe’
    “If you have something really important, write it out and have it delivered by courier.”

    Speaking to reporters during his New Year’s Eve party at the exclusive Mar-a-Lago club in Florida, Trump addressed the thorny problem of cybersecurity. “I’ll tell you what: no computer is safe,” he said. “I don’t care what they say.” It was better, Trump said, to do things “the old-fashioned way” if you wanted true security. “You know, if you have something really important, write it out and have it delivered by courier,” the president-elect advised.

    “The whole, you know, ‘age of computer’ has made it where nobody knows exactly what’s going on,” he said to reporters last week. “We have speed and we have a lot of other things, but I’m not sure you have the kind of security you need.”

    Donald Trump might be a prolific tweeter, but he’s seemingly much less comfortable around computers.

  16. Tomi Engdahl says:

    Insecure about Being Unsecure

    There have been epic battles over whether “insecure” or “unsecure” should be used when referring to computer security. Granted, those epic battles usually take place in really nerdy forums, but still, one sounds funny and the other seems to personify computers. Whichever grammatical construct you choose, the need for security is greater now than ever. As Linux users, we need to make sure we’re not overconfident in the inherent security of our systems. Remember, they all have a weak link: us.


  17. Tomi Engdahl says:

    Drone Detection: An Interesting RF Challenge

    Detection a nearby drone is a difficult task for many reasons, but a new system with a sophisticated 3-D antenna claims to be able to do so.

    Unmanned aerial vehicles (UAVs) — often referred to as drones – ranging from small, low-cost consumer products to extremely advanced and costly versions, are proliferating at a high rate.

    Of course, this drone proliferation brings new concerns, especially on the military side: what about low-cost drones spying on troops, or even carrying explosives? Worse, what about a swarm of such drones? How do you see that coming, protect yourself against them, and react?

    The answer to that first question is not easy.

  18. Tomi Engdahl says:

    Libpng Patches Flaw Introduced in 1995

    The updates released for the “libpng” library in late December patch an old vulnerability introduced by developers in 1995.

    Libpng is the official Portable Network Graphics (PNG) reference library.

    The security hole, tracked as CVE-2016-10087, only affects PNG image editors – viewing apps are not impacted – and it cannot be exploited without user interaction. Exploitation of the flaw can lead to a denial-of-service (DoS) condition.

  19. Tomi Engdahl says:

    Lyndal Rowlands / Inter Press Service:
    Governments around the world shut down the internet more than 50 times in 2016 — Governments around the world shut down the internet more than 50 times in 2016 – suppressing elections, slowing economies and limiting free speech. — In the worst cases internet shutdowns have been associated …

    More Than 50 Internet Shutdowns in 2016

    UNITED NATIONS, Dec 30 2016 (IPS) – Governments around the world shut down the internet more than 50 times in 2016 – suppressing elections, slowing economies and limiting free speech.

    In the worst cases internet shutdowns have been associated with human rights violations, Deji Olukotun, Senior Global Advocacy Manager at digital rights organisation Access Now told IPS.

    “What we have found is that internet shutdowns go hand in hand with atrocities” said Olukotun.

    “On the whole most governments want to expand internet access,”

    “It’s important that the internet that people do get online to gives them access to the whole internet and it’s not just a walled garden,”

  20. Tomi Engdahl says:

    Using Cyber Threat Intelligence to Make 5 Security Forecasts for 2017

    1. An organization’s ‘level of presence’ will grow and in turn so will cyber risk.
    2. Ransomware will continue to be a moneymaker for cybercriminals.
    3. Extortion (ala TheDarkOverlord style) will increase.
    4. 2017 will be the year of increasingly creative IoT attacks.
    5. Threat intelligence will play a larger role in risk management decision-making.

    While organizations can’t really impact cybercriminals’ intent or capability, placing greater focus on reducing the bad guys’ opportunity – especially as the level of presence is growing – should be at the top of your security to-do list in 2017.

  21. Tomi Engdahl says:

    Rethink Your Cloud’s Biggest Blind Spot

    The integration of the cloud into global Internet and business strategies is the critical next step towards our officially entering the Digital Age. Advances in how we gather, share, and consume information have not only transformed business, but also society itself. In fact, we are now so accustomed to change that we adopt it and adapt to it without a second thought. And we have to. If you take the time to think twice, you are likely to get run over by the next innovation, or get left hopelessly behind.

    As your organization accelerates its move into the cloud, you need to consider the following:

    1. Ensure that the security tools and services available to you through your cloud provider are compatible with those you have implemented in your local network.

    2. Make the support of open standards a critical requirement when evaluating new security solutions.

    3. Make sure that your visibility and control extends into your cloud infrastructure, and that you can establish, distribute, and enforce security policies anywhere your data travels.

  22. Tomi Engdahl says:

    Adam Geitgey / GitHub:
    New browser extension allows users to see tags that Facebook automatically applies to photos, available for Chrome and Firefox — Want to try this? Install it from the Chrome Web Store — Since April 2016, Facebook has been automatically adding alt tags to images you upload that are populated …

    A very simple Chrome Extension that displays the automated image tags that Facebook has generated for your images

  23. Tomi Engdahl says:

    Experts Doubt Russia Used Malware to Track Ukrainian Troops

    Experts have cast doubt on a recent report claiming that hackers linked to a Russian military intelligence agency used a piece of Android malware to track Ukrainian artillery units.

    A report published by threat intelligence firm CrowdStrike before Christmas revealed that the Russia-linked cyberespionage group known as Fancy Bear (aka APT28, Pawn Storm, Sofacy, Tsar Team, Strontium and Sednit) modified a legitimate Android app used by the Ukrainian military.

  24. Tomi Engdahl says:

    Learning from Hackers: The Benefits of Microsegmentation

    If we can learn one thing from the notable string of beaches that have been reported publicly in the past few years, the widespread movement of bad actors across the data center – and the “dwell time” hackers have gained in these environments – has been a principal contributor to the degree of damage organizations have suffered. More dwell time (weeks, months, years) and more access translates to more damage.

    The ability of bad actors to not only access critical assets, but to move nearly freely across the data center undetected remains somewhat mind-boggling as we forecast cybersecurity expenditures to approach close to $100 Billion in the next few years.

    In the next few years, we will be spending a virtual Ecuador on cybersecurity without being able to stop bad actors from free access to the interior of networks and applications.

    Organizations of any size can do one important thing to help address this challenge: better segment their interior networks and data center operations. This is the critical strategy most IT and Security teams have not undertaken to date. Even today, the vast bulk of network security spend and attention is still focused on the perimeter

  25. Tomi Engdahl says:

    Decrypters Released for OpenToYou, DeriaLock, and PHP Ransomware

    Decryption tools are now available for three ransomware families that have been discovered during the past few weeks, allowing victims to recover files without paying a dime.

    Dubbed DeriaLock and PHP Ransomware, two of the new malware families were found by Check Point, a security firm that recently became part of the No More Ransom (NMR) project.

  26. Tomi Engdahl says:

    How to balance security and usability with data analytics

    Technology is a beautiful thing. It can make life more convenient by allowing people to push a button and get something good — a ride home, a vacation rental, or dinner.

    It’s also a powerful tool that can improve safety and security in ways not possible before. But as the fears of private information in the hands of others rise, how can we put these fears at ease?

    Here are a few technologies bettering security and how you can keep yourself from becoming a security statistic.

    Selfie security
    Internet of Things
    Encrypt or GTFO

  27. Tomi Engdahl says:

    Over 1,800 MongoDB Databases Held For Ransom By Mysterious Attacker

    “An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data,”

    MongoDB Databases Held for Ransom by Mysterious Attacker

    An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a Bitcoin ransom to return the data.

    According to Gevers, the attacker had accessed the unprotected MongoDB database, exported its content, and replaced all data with the above table.

    “I was able to confirm [this] because the log files show clearly that the date [at which] it was exported first and then the new database with tablename WARNING was created,” Gevers told Bleeping Computer. “Every action in the database servers was being logged.”

    Similar attacks reported in China in the past week

    A quick Google search for the attacker’s email address and Bitcoin address reveals other users complaining about similar incidents.

  28. Tomi Engdahl says:

    Natasha Bertrand / Business Insider:
    US intelligence report: Russia Today played a key role in the Putin-ordered campaign to undermine the US election, collaborating with WikiLeaks

    US intel report devotes 7 pages to Russia Today’s role in influencing election outcome

    Russia’s state-sponsored news agency Russia Today “has actively collaborated with” WikiLeaks, the organization that published documents and emails stolen from Democrats by Russian hackers during the presidential campaign, the US intelligence community said in a report released Friday.

    The long-anticipated report, which was released in its declassified form to the public, concluded that Russian President Vladimir Putin “ordered” the election-related hacking in an effort to undermine Americans’ faith in the election and help elect Donald Trump – and was aided by WikiLeaks and Russia Today.

  29. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    10K+ poorly secured MongoDB installations deleted by attackers demanding hefty ransoms — Poorly secured MongoDB installations deleted and held for ransom. — More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data …

    Online databases dropping like flies, with >10k falling to ransomware groups
    Poorly secured MongoDB installations deleted and held for ransom.

    More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.

    The affected data is created and stored by the open source MongoDB database application, according to researchers who have been tracking the ongoing attacks all week.

    Misconfigured MongoDB databases have long exposed user password data and other sensitive information, with the 2015 breach of scareware provider MacKeeper that exposed data for 13 million users being just one example. With the surge in ransomware-style attacks—which threaten to permanently delete or encrypt data unless owners pay a fee—hacks targeting MongoDB are seeing a resurgence. Many poorly secured MongoDB databases can be pinpointed using Shodan, which currently shows 99,000 vulnerable instances.

  30. Tomi Engdahl says:

    Joseph Bernstein / BuzzFeed:
    Trump’s Twitter account could be targeted by hackers seeking geopolitical instability or financial gain, has no known special security protocols or protections — The most powerful publication in the world today is Donald Trump’s personal Twitter account. In the past six weeks …

    Donald Trump’s Twitter Account Is A Security Disaster Waiting To Happen

    With no known special security protections, @realDonaldTrump could be exploited for financial gain, to cause geopolitical instability, or worse.

    The most powerful publication in the world today is Donald Trump’s personal Twitter account. In the past six weeks, it has moved markets, conducted shadow foreign policy, and reshaped the focus of media around the world. Just today, it caused Toyota’s stock to drop. It is also shockingly insecure.

    Trump’s newfound influence — combined with the unpredictability of his tweets — makes the president-elect’s account a particularly tempting target for hackers.

    If the hacker were geopolitically motivated, they could tweet favorably or unfavorably about a country or a leader (as Trump has done) and alter foreign affairs. Or if the hacker had a grudge, they could call their enemy out in a tweet (as Trump has done) and unleash the rage of Trump’s nearly 19 million followers. Plus, who knows what’s in Trump’s DMs?

    This is not a far-fetched scenario. Putting aside the specter of state-sponsored Russian hacking, in the past year alone, the Twitter accounts of Kylie Jenner, Mark Zuckerberg, Keith Richards, Sundar Pichai, Drake, Travis Kalanick, the National Football League, and the foreign minister of Belgium (to name a few) were hacked or accessed by someone who wasn’t supposed to have access. Many of these infiltrations didn’t require sophisticated skills or the ability to hack Twitter. Bad actors can often gain access to an account through a third-party app that has permission to post to Twitter, for example.

  31. Tomi Engdahl says:

    TV anchor says live on-air ‘Alexa, order me a dollhouse’ – guess what happens next
    Story on accidental order begets story on accidental order begets accidental order

    A San Diego TV station sparked complaints this week – after an on-air report about a girl who ordered a dollhouse via her parents’ Amazon Echo caused Echoes in viewers’ homes to also attempt to order dollhouses.

    During that story’s segment, a CW-6 news presenter remarked: “I love the little girl, saying ‘Alexa ordered me a dollhouse’.”

    That, apparently, was enough to set off Alexa-powered Echo boxes around San Diego on their own shopping sprees. The California station admitted plenty of viewers complained that the TV broadcast caused their voice-controlled personal assistants to try to place orders for dollhouses on Amazon.

    We’ll take this opportunity to point out that voice-command purchasing is enabled by default on Alexa devices.

  32. Tomi Engdahl says:

    Trump national security pick Monica Crowley plagiarized multiple sources in 2012 book

    Conservative author and television personality Monica Crowley, whom Donald Trump has tapped for a top national security communications role, plagiarized large sections of her 2012 book, a CNN KFile review has found.

    In the book, Crowley lifted an entire section on Keynesian economics from the IAC-owned website Investopedia.

  33. Tomi Engdahl says:

    Nate Raymond / Reuters: bitcoin exchange operator pleads guilty to conspiracy to commit bank fraud and operate unlicensed money transmitting firm, in case tied to JPMorgan hack

    Bitcoin exchange operator pleads guilty in U.S. case tied to JPMorgan hack

    A Florida man pleaded guilty on Monday to charges that he conspired to operate an illegal bitcoin exchange, which prosecutors said was owned by an Israeli who oversaw a massive scheme to hack companies, including JPMorgan Chase & Co(JPM.N).

    Prosecutors said Murgio operated, which without a license exchanged millions of dollars into bitcoin, including for victims of ransomware, a computer virus that seeks payment, often in the virtual currency, to unlock data it restricts.

  34. Tomi Engdahl says:

    Sources: Amazon’s AWS cloud division quietly acquires AI security startup for around $20M

    Sources: Amazon quietly acquired AI security startup for around $20M

  35. Tomi Engdahl says:

    Tova Cohen / Reuters:
    Microsoft and Qualcomm invest in Israeli cybersecurity firm Team8, bringing its total raised to $92M+, other investors include Cisco, AT&T, and Nokia

    Microsoft, Qualcomm back Israel’s Team8 cybersecurity firm

  36. Tomi Engdahl says:

    Andrew Dalton / Engadget:
    FDA warns St. Jude’s Merlin@home transmitters used in monitoring pacemakers, other cardiac devices are vulnerable to hacking; OTA fix started going out Monday

    FDA warns that certain pacemakers are vulnerable to hacking
    Transmitters made by St. Jude Medical could be modified to send nefarious code to cardiac devices.

    According to a cybersecurity notice from the Food and Drug Administration, certain pacemakers and cardiac devices are currently vulnerable to hacking. Although security researchers have warned about the security risks to medical devices for years now, this is the first time we’ve seen the government publicly acknowledge a specific threat.

    On the bright side, the FDA says there have been no reported hacks and no patients have been harmed so far. To fix the problem, a software patch will be automatically applied over-the-air

  37. Tomi Engdahl says:

    Steve Ragan / CSO:
    Esports community ESEA hacked: 1.5M records, including users’ names, phone numbers, and PSN/Xbox/Steam IDs, leak after alleged attempt to extort $50K failed

    ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt
    More than a million players have been affected by this incident

    E-Sports Entertainment Association (ESEA), one of the largest competitive video gaming communities on the planet, was hacked last December. As a result, a database containing 1.5 million player profiles was compromised.

  38. Tomi Engdahl says:

    A lawyer rewrote Instagram’s privacy policy so kids and parents can have a meaningful talk about privacy

    In Britain, more than half of 12- to 15-year-olds are on Instagram, according to OfCom (pdf), the country’s communications regulator. So are 43% of 8- to 11-year-olds. But how many of them understand what they signed when they joined? Pretty much 0%, according to “Growing Up Digital”, a report released Jan. 5 (pdf) by the UK Children’s Commissioner.

    “Are you sure this is necessary? There are like, 100 pages,”

    For the report, Jenny Afia, a privacy law expert at Schillings, a UK-based law firm, rewrote Instagram’s terms of service in child-friendly language

  39. Tomi Engdahl says:

    Google plugs severe Android vulnerability that exposed devices to spying
    Bootmode exploit gave attackers ability to hack modem, eavesdrop on calls.

    Google has shut down a “high-severity” exploit in its Nexus 6 and 6P phones which gave attackers with USB access the opportunity to take over the onboard modem during boot-up—allowing them to listen in on phonecalls, or intercept mobile data packets.

    The vulnerability was part of a cluster of security holes found by security researchers at IBM’s X-Force all related to a flaw—tagged CVE-2016-8467—in the phones’ bootmode, which uses malware-infected PCs and malicious power chargers to access hidden USB interfaces.

  40. Tomi Engdahl says:

    Yahoo says Marissa Mayer will leave board after Verizon deal closes, will operate under new name Altaba

    Verizon won the rights to Yahoo last year, paying $4.8 billion for the company, but it wasn’t exactly a seamless process. Right after the deal was announced, Yahoo claimed that “state-sponsored hackers” infiltrated its system and gained access to data from initially 500 million accounts, before months later also revealing another billion users had been affected. This led to some reports suggesting that Verizon was thinking of bowing out of the deal, or at least asking Yahoo for a $1 billion discount.

  41. Tomi Engdahl says:

    Two years on, thousands of unpatched Magento shops still being carded
    German infosec agency: ‘Patch! Patch! PAAAATTCCCCHHHH!

    More than 6,000 online stores running eBay’s Magento platform have been hacked with credit cards stolen under a campaign that could span almost two years, Germany’s Federal Office for Information Security says.

    Attackers are injecting carding malware on unpatched Magento shops, which steals payment information during transactions.

    The Office does not know how many cards have been compromised in the attacks, but says 1,000 of the affected stores are in Germany.

    Criminals will often cash in on compromising known-vulnerable systems once attack campaigns are made public, such as the current boom in MongoDB ransom breaches.

    MongoDB ransom attacks soar, body count hits 27,000 in hours
    Aussie comms watchdog reporting exposed databases.

    Criminals are accessing, copying and deleting data from unpatched or badly-configured databases.

    Administrators are being charged ransoms to have data returned.

  42. Tomi Engdahl says:

    FDA: Postmarket Management of Cybersecurity in Medical Devices

    FDA issues guidance to inform industry and FDA staff of recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical device.

    Postmarket Management of Cybersecurity in Medical Devices

  43. Tomi Engdahl says:

    Organizations Challenged with Cybersecurity Framework Implementation

    Adopting a cyber security framework provides clear benefits that increase over time; but for most organizations, framework adoption requires overcoming a range of both technical and organizational impediments. Automated foundational controls are currently not being widely implemented.

    According to a new survey from Dimensional Research sponsored by Tenable Network Security and the Center for Internet Security (CIS), 95% of organizations have faced issues in implementing their chosen framework. The most common organizational impediments are a lack of trained staff (57%) and a lack of budget (39%); but almost a quarter (23%) also struggled with a lack of management support.

    The most common technology issues are a lack of tools to automate controls (40%) and lack of tools to audit the effectiveness of controls (37%); but poor integration between the tools (35%) and a lack of adequate reporting from them (23%) also figure highly. Only 5% of companies reported no impediments.

  44. Tomi Engdahl says:

    New “Ghost Host” Technique Boosts Botnet Resiliency

    Malware Developers Trick Web Security Systems by Changing Domain Names and Inserting Non-malicious Hostnames into HTTP Host Field.

    Malware authors have found a new method of ensuring their command and control (C&C) servers aren’t blocked by security systems, Cyren researchers warn.

    Referred to as “ghost host,” the technique involves the inclusion of unknown host names in the HTTP host fields of a botnet’s communication. With these host names being both registered and unregistered, web security and URL filtering systems are fooled by the technique, Cyren explains in a recent report.

    the security researchers observed that the destination IP address is the known bad server, while the HTTP host fields used for requests belong to completely different domains.

    Using this technique, the malware author ensures that communication with the C&C server still happens, given that only the originally resolved domain is blocked, while the ghost hostnames aren’t.

    The security researchers explain that the IP address associated with the C&C URL isn’t usually blocked, mainly because the server may contain both legitimate and malicious content.

  45. Tomi Engdahl says:

    An SQL Injection Attack Is a Legal Company Name in the UK

    Someone just registered their company name as ; DROP TABLE “COMPANIES”;– LTD.

  46. Tomi Engdahl says:

    Welcome to the SQL Injection Hall-of-Shame

  47. Tomi Engdahl says:

    Gartner’s Top 10 Strategic Technology Trends for 2017

    Trend No. 10: Adaptive Security Architecture

    The evolution of the intelligent digital mesh and digital technology platforms and application architectures means that security has to become fluid and adaptive. Security in the IoT environment is particularly challenging. Security teams need to work with application, solution and enterprise architects to consider security early in the design of applications or IoT solutions. Multilayered security and use of user and entity behavior analytics will become a requirement for virtually every enterprise.

  48. Tomi Engdahl says:

    Super Mario Run(s) — Away With Your Money

    If you are an Android user and a big fan of Super Mario beware: there is no Android version! There has been no official news on the Android version yet, let alone a version of the game. There is, however, a version circulating outside of Google Play market that will steal your bank account.

    Right now attackers are taking advantage of the game’s popularity and Android users despair to spread malware posing as an Android version of Super Mario Run as they did in the past for Pokemon GO. The trojan is called Android Marcher and has been around since 2013, mostly targeting mobile users financial information.

    Android Marcher now posing as Super Mario Run
    Attackers seek to use the game’s popularity to spread malware

  49. Tomi Engdahl says:

    What’s your Digital Resilience Quotient?

    More than ever, infrastructure and operations (I&O) leaders are on the hook to deliver amazing digital experiences and always-on cloud applications to users. These leaders are challenged with ensuring online services remain available despite increasing digital complexity and volatility.

    With customer satisfaction, organizational productivity, and digital revenue streams on the line, you need a strategy for digital resiliency that’s focused on your infrastructure foundations, starting with DNS for control and performance stability.

    • How you can minimize DNS failure risk with a multi vendor approach
    • How you can improve performance, reduce latency and optimize cloud spend with GSLB solutions
    • Maximizing reachability through cloud redundancy

  50. Tomi Engdahl says:

    Will this number-generation innovation hack off the hackers?

    Year 2016 was billed by many industry observers as the year of the hacker and its certainly true that cyber criminals enjoyed bumper profits.

    So what will 2017 bring in the way of technology that will truly hinder the hackers? Obviously it is something that thousands of electronics companies are working on and a key area of security development will be at the semiconductor level.

    This is important because it’s all too easy for consumers to feel that the chips in their electronic products are secure. But the harsh fact is many can easily shed data and cyber thieves are particularly adept at discovering default passwords.

    IoT proliferation

    In addition to that area of security threat, 2017 will see the irrepressible proliferation of the Internet of Things (IoT) where web-enabled sensors will be widely employed in consumer and industrial products. And the question here is just how secure will they be? The answer in some cases is not very.

    However, the insecurity implications of the IoT cannot be exaggerated because the number of connected devices, sensors and actuators is expected to be approximately 38 billion by 2020. A situation that must have hackers rubbing their hands in glee.

    Add to those concerns the electronics industry typical reaction to hacking related security issues is to generate and implement product fixes after the crime has been committed and you have a situation where it’s the hackers “tails” that are wagging the industry “dog.”

    Universidad Industrial de Santander in Columbia. The team there has developed a security building block for the Open-V microprocessor with a fully open True Random Number Generator (TRNG) peripheral.

    A TRNG is a RNG that produces bits based on a random physical process.
    security building block can generate up to 400,000 random bits/sec and needs a mere 0.01mm2 of die space.


Leave a Comment

Your email address will not be published. Required fields are marked *