Use Windows 10 For Protection Against Cybercriminals
The Threat Landscape is Changing
The threat landscape has evolved dramatically in recent years. It seems every day we hear another headline about an organization getting breached. We’ve responded by changing the architecture of Windows 10 so that we’re not just building bigger walls against these attacks; we’re locking the criminals out. Windows 10 provides a comprehensive set of protections against modern security threats. The average cost of a data breach per incident is $3,500,000 (2014 Cost of Data Breach: Global Analysis. Ponemon Institute, 2014.) According to a recent survey of CIOs, security spending is increasing at double the rate of overall investment.
75% of individuals use only three or four passwords across all of their accounts.
Passwords are not secure. Others can access your corporate network by pretending to be you.
The solution: Windows 10 introduces an alternative to passwords with Microsoft Passport and Windows Hello.
57% of us have sent data to the wrong person.
87% of senior managers have leaked corporate data to unmanaged personal locations.
Solution: Windows 10 provides Enterprise Data Protection, now at the file level, to help ensure corporate data isn’t accidentally or intentionally leaked to unauthorized users or locations.
An attacker can go over 200 days undetected in your environment, now that people are bringing their own devices to work—that’s scary.
Solution: Windows 10 offers Trusted Boot to help ensure that a genuine version of Windows starts first on your device, preventing attackers from evading detection.
More than 300,000 new malicious files are are being created every day and spread through the Internet.
Solution: Windows 10 Device Guard completely locks down your device, so you can run only trusted applications, scripts, and more.
It’s time to take action to protect your business.
By deploying the security features in Windows 10, you can outmaneuver today’s cybercriminals and neutralize their destructive tactics before they’ve even begun.
Contact Managed Solution to schedule a Network & System Assessment to build the most strategic architecture around your systems and networks. 858-429-3084
Don’t like Mondays? Neither Do Attackers.
Monday may be our least favorite day of the week, but Thursday is when researchers say that security professionals should watch out for cyber-criminals; paying attention to trends like this can greatly reduce the potential for damage.
Attackers will spend just as much time planning when an email should go out as they do on what it will look like. According to Proofpoint in its Human Factor Report, malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, while Wednesdays came in second. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report. Weekends came in last, however, this doesn't mean that Saturday and Sunday are completely safe.
Malicious emails can arrive any day of the week, but there is a clear preference from attackers as to when to send certain threat categories. For example, Keyloggers and Backdoors tend to be sent on Mondays, and Wednesdays are peak days for banking Trojans. Ransomware tends to be sent between Tuesdays and Thursdays, while point-of-sale Trojans arrive towards the end of the week (Thursdays and Fridays) since security teams do not have as much time to detect and mitigate new infections before the weekend. On the weekends, according to Proofpoint, ransomware is what attackers primarily send with few exceptions.
Security teams need to be particularly alert on Thursdays as malicious attachments, malicious URLs, ransomware and point-of-sale infections all favor that day. In addition to these, credential stealing campaigns also favor Thursdays.Thursday were host to a clear increase in malicious attachments being sent, but emails with malicious URLs (the most common vector for phishing attacks designed to steal credentials) were constant throughout the week, with only a slight increase on Tuesdays and Thursdays.
Attackers understand employee email habits and know that feeding employees with a well-crafted email at the optimal time will bring higher success rates. The bulk of attack emails are sent four to five hours after the start of the business day, peaking around lunchtime. Proofpoint’s analysis found that nearly 90 percent of clicks on malicious URLs occur within the first 24 hours of delivery, with a half of them occurring within an hour, and a quarter of the clicks occurring within just ten minutes.
The time between delivery and clicking is shown to be the shortest during business hours (8 a.m. to 3 p.m. Eastern) in the US as well as Canada. The UK and rest of Europe had similar patterns to the US and Canada, however, there was some stratification in the averages according to region. For example, clicking on malicious links peaked around 1 p.m. in France while it peaked early in the workday in Switzerland and Germany. Users in the UK spaced out their clicks throughout the day, but there was a clear drop in activity after 2 p.m.
While it’s important to block and keep malicious messages from reaching the inbox to begin with, the other side of email defense is to be able to identify and flag messages that made it to your inbox and block those links when you realize that they are malicious. If you are able to accomplish this, you can greatly reduce the potential danger that these emails pose.
Proofpoint focused on email-based attacks, however, email wasn’t the only medium in which attackers paid attention to the day of the week. An analysis of all attacks, investigated by the eSentire Security Operations Center in the first quarter of 2017, found that some methods of attack were more likely on given days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts, and malicious code, was highest on Fridays followed by Thursdays. The day of the week did not matter as much when it came to availability attacks, but weekends showed a great dop-off in the amount of risk involved. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.
There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.
Chipotle says hackers hit most restaurants in data breach
Signage for a Chipotle Mexican Grill is seen in Los Angeles, California, United States, April 25, 2016. REUTERS/Lucy Nicholson/File Photo
Chipotle says hackers hit most restaurants in data breach
By Lisa Baertlein as written on reuters.com
Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc's (CMG.N) restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.
Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.
A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.
Stolen data included account numbers and internal verification codes. The malware has since been removed.
The information could be used to drain debit card-linked bank accounts, make "clone" credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.
The breach could once again threatens sales at its restaurants, which only recently recovered after falling sharply in late 2015 after Chipotle was linked to outbreaks of E. coli, salmonella and norovirus that sickened hundreds of people.
An investigation into the breach found the malware searched for data from the magnetic stripe of payment cards.
Arnold said Chipotle could not alert customers directly as it did not collect their names and mailing addresses at the time of purchase.
The company posted notifications on the Chipotle and Pizzeria Locale websites and issued a news release to make customers aware of the incident.
Linn Freedman, an attorney at Robinson & Cole LLP specializing in data breach response, said Chipotle was putting the burden on the consumer to discover possible fraudulent transactions by notifying them through the websites.
"I don't think you will get to all of the customers who might have been affected," she said.
Security analysts said Chipotle would likely face a fine based on the size of the breach and the number of records compromised.
"If your data was stolen through a data breach that means you were somewhere out of compliance" with payment industry data security standards, Julie Conroy, research director at Aite Group, a research and advisory firm.
"In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach," said Avivah Litan, a vice president at Gartner Inc (IT.N) specializing in security and privacy.
Chipotle did not immediately comment on the prospect of a fine.
Retailer Target Corp (TGT.N) in 2017 agreed to pay $18.5 million to settle claims stemming from a massive data breach in late 2013.
Hotels and restaurants have also been hit. They include Trump Hotels, InterContinental Hotels Group (IHG.L) as well as Wendy's (WEN.O), Arby's and Landry's restaurants.
Shares in Chipotle Mexican Grill ended marginally lower at $480.15 on Friday following the announcement.
(Additional reporting by Natalie Grover and Siddharth Cavale in Bengaluru and Tom Polansek and Nandita Bose in Chicago; Editing by Grant McCool and Lisa Shumaker)
Passwords for 32M Twitter accounts may have been hacked and leaked
Passwords for 32M Twitter accounts may have been hacked and leaked
By Catherine Shu and Kate Cogner as written on techcrunch.com
There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.
LeakedSource, a site with a search engine of leaked login credentials, said in a blog post that it received a copy of the user information from “Tessa88@exploit.im,” the same alias used by the person who gave it hacked data from Russian social network VK last week.
Other major security compromises which have hit the news recently include a Myspace hack that involved over 360 million accounts, possibly making it the largest one ever, and the leak of 100 million LinkedIn passwords stolen in 2012.
LeakedSource says the cache of Twitter data contains 32,888,300 records, including email addresses, usernames, and passwords. LeakedSource has added the information to its search engine, which is paid but lets people remove leaked information for free.
Based on information in the data (including the fact that many of the passwords are displayed in plaintext), LeakedSource believes that the user credentials were collected by malware infecting browsers like Firefox or Chrome rather than stolen directly from Twitter. Many of the affected users appear to be in Russia—six of the top 10 email domains represented in the database are Russian, including mail.ru and yandex.ru.
Even though Mark Zuckerberg got several of his non-Facebook social media accounts hacked this week, including Twitter, his information wasn’t included in this data set, LeakedSource claims. Zuckerberg was ridiculed for appearing to reuse “dadada” as his password on multiple sites, but results from LeakedSource’s data analysis shows that many people are much less creative. The most popular password, showing up 120,417 times, was “123456,” while “password” appears 17,471 times. An analysis of the VK data also turned up similar results.
In a statement to TechCrunch, Twitter suggested that the recent hijacking of accounts belonging to Zuckerberg and other celebrities was due to the re-use of passwords leaked in the LinkedIn and Myspace breaches.
“A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter,” a Twitter spokesperson said. Twitter suggests that users follow the suggestions in its help center to keep their accounts secure. Twitter also posted on its @Support account that it is auditing its data against recent database dumps.
LeakedSource said that it determined the validity of the leaked data by asking 15 users to verify their passwords. All 15 confirmed that the passwords listed for their accounts were correct. However, experts cautioned that the data may not be legitimate.
Michael Coates, Twitter’s trust and information security officer, tweeted that he is confident the social media platform’s systems have not been compromised.
“We securely store all passwords w/ bcrypt,” Coates added, referencing a password hashing function considered secure. “We are working with LeakedSource to obtain this info & take additional steps to protect users,” he continued.
Troy Hunt, the creator of a site that catalogs breaches called haveibeenpwned.com, also expressed skepticism about the authenticity of the data. Hunt told TechCrunch that he’d heard rumors of breaches at Twitter and Facebook for several weeks but had yet to see convincing proof. “They may well be old leaks if they’re consistent with the other big ones we’ve seen and simply haven’t seen the light of day yet. Incidentally, the account takeovers we’ve seen to date are almost certainly as a result of credential reuse across other data breaches,” Hunt said.
Whether or not the leaked Twitter credentials are authentic, it never hurts to change your password — especially if you use the same password across several sites. Turning on two-factor authentication also helps keep your account secure, even if your password is leaked.
The US Defense Department is expanding its efforts with tech startups
[vc_row][vc_column][vc_single_image image="8235" img_size="700x500" alignment="center"][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
The US Defense Department is expanding its efforts with tech startups
By Martyn Williams as written on cio.com
The U.S. Department of Defense is expanding its work with tech startups, bringing tech executives to work at its Silicon Valley lab and planning a new office in Boston to tap into research happening in that area.
The expansion follows the early success of the Defense Innovation Unit Experimental (DIUx) office, an 8-month old Silicon Valley incubator that is a key part of Secretary of Defense Ash Carter's push to rebuild ties between the military and tech industry.
Those ties weakened in recent years as a new breed of Internet startup began innovating more quickly and effectively than companies the DOD has worked with for decades.
Carter opened DIUx, in Mountain View, California, to gain early access to new technology, and in the hope that Silicon Valley's unique way of thinking would rub off on the Pentagon.
One of the first ideas has been a bug bounty program that asks computer security experts to probe DOD computers and networks to help find holes. So far, 1,400 hackers have registered for the program and found more than 80 bugs that qualified for monetary prizes, Carter said Wednesday during a visit to DIUx.
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image="8237" img_size="600x400" alignment="center"][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
The center has hosted over 500 entrepreneurs and staged several events, and is now being expanded, he said Wednesday.
"We’re taking a page straight from the Silicon Valley playbook, we’re iterating to make DIUx better," he said.
The effort will now be bi-coastal, with a second office in Boston. That will plug into the innovation happening around the Massachusetts Institute of Technology, Harvard University and other New England tech startups.
The center will also get an additional $30 million budget that will be put towards funding "non-traditional companies with emerging commercial technologies that meet our needs," he said, and other efforts like targeted investments.
Carter also announced a new leadership team which, in a change, will report directly to him.
DIUx will be led by Raj Shah, a former F-16 combat pilot, director of security at Palo Alto Networks and now a tech entrepreneur. Other members of the team include Isaac Taylor, who ran Google X and has worked on Google's Glass and VR efforts, and Douglas Beck, Apple's vice president for Americas and Northeast Asia.
Shah provided an example of the kind of tech block that the DIUx hopes to solve.
As an F-16 pilot, he flew combat missions in Iraq but his aircraft didn't have a GPS system that provided a moving map. That is particularly important when flying near borders, because U.S. aircraft did not want to inadvertently stray into Iranian airspace.
The solution for some pilots was to strap an iPad to their knees, because commercial GPS apps could do something it would take the DOD millions of dollars and months to accomplish, he said.
Infographic: The Cybersecurity Bell Curve
We all understand the importance of good personal hygiene, right? It keeps us from getting ostracized at school, it makes us more attractive to the opposite sex, and most importantly it helps us stay happy and healthy.
Just as brushing our teeth is vital to our individual health, maintaining basic cybersecurity hygiene is critical for the well being of businesses. The overwhelming majority of cyberattacks are the result of computer hackers taking advantage of opportunities that stem from businesses neglecting basic security hygiene. Running an outdated operating system (OS) or antivirus software may not seem like a big deal, but it could provide hackers the window they need to access sensitive corporate information.
Fortunately, investing in the latest technology and revisiting cybersecurity basics can safeguard against roughly 98% of what hackers are doing today. Learn how a renewed focus on security basics can bolster your cyber defense and keep your business happy and healthy in The Cybersecurity Bell Curve infographic.