Archive for January, 2018

BETT 2018 Comes to a Close

Tuesday, January 30th, 2018

The BETT show has once again closed its doors for another year. We had a wonderful week at the Excel London and met many old faces and quite a few new ones. The stand team are currently nursing tired bones, broken feet amongst other injuries that being on a stand for four days brings. As the dust settles on BETT 2018 we take a quick look back over the last week.

The BETT show has always provided Net-Ctrl with a unique opportunity to hear directly from our clients, face-to-face, the challenges that they face on a day-to-day basis so that we can better understand their pressures and concerns. It also provides Net-Ctrl with a unique opportunity to demonstrate to our clients, new and old, how we are growing, where we are seeing new solutions solve old issues and how we can further assist them with their site(s). These are really the main reasons we attend shows like this.

At Net-Ctrl we have seen a shift in interest at the BETT show and we have tried to tailor the products that we take to match this shift and demand from the market. AT BETT 2018 we concentrated on a few key areas, securing sites with access control and lockdown solutions, protecting the users on your network through safeguarding mechanisms and providing your users with a wireless connection no matter how challenging the environment.

Lockdown and securing sites with regards to IP-CCTV, IP audio, access control and wireless locks will seem to most like new additions to our portfolio, when in fact this is a solution set that we have been working on for the last 5 years, ever since we took MOBOTIX  on as our IP-CCTV partner. We now work with a select few manufacturers including, CEM Systems, Aperio and Netgenium to extend our offering beyond the camera to provide clients with a fully integrated access control solution. These solutions are able to monitor access, record who is entering and if required sound lockdown procedure in any case of alarm, in order to protect your staff and students. We had a a great number of schools requesting site visits to review their current infrastructure and work on a plan with them on how to upgrade what they already have in a phased approach towards achieving a secure site.

We also had Ruckus and Palo Alto Networks on our stand. Two manufacturers that have been in the education game for a long time and both with a great following of supporters. At BETT 2018 we saw a lot of demand for both. Ruckus continues to innovate in the wireless market and through the acquisition by Arris now also boast the former Brocade ICX switch portfolio. We’re already seeing how the Ruckus wireless solutions and the ICX switch range can work together to form a more “single-pane-of-glass” solution. We’re excited to see how this integration expands. With the addition of Cloudpath, Ruckus’ secure onboarding solution, the Ruckus’ portfolio is even more complete. Palo Alto Networks has been an in-demand solution for many years and more often than not topping clients “wish list” but being thought of as an expensive solution that’s out-of-reach. However, particularly over the last 12 months, there has been a serious shift with Palo Alto following their education price list making the platform a much more affordable addition. Their “Cyber Readiness Review” is also a fantastic tool for education clients. Very much like a “try before you buy” offering. The Cyber Readiness Review requires a trained Palo Alto engineer to visit your site, install a Palo Alto firewall on to your network in “listen-only mode”. It records all data traffic and after a two week period allows us to present a report to you on what your current solution is missing.

Now that the show has come to a close we look at all our notes for follow-up on, it’s certainly looking like 2018 is going to be a very busy year. To all those that were able to stop by, we thank you for doing so and hope that you found your visit worthwhile, for those that missed us this year, we look forward to hopefully seeing you at the next show.

BETT will always be a big part of our efforts to showcase what we’re working on at Net-Ctrl. Once the office is cleared of all the boxes brimming with bubble-wrapped cameras and access points we will look ahead to BETT 2019 and how we can improve on what has been a great show.


2017: The Year of Ransomware

Tuesday, January 23rd, 2018

Last year was a lousy year for the security of private and sensitive data. We saw mega-hacks, an increase in ransomware, and single breach that left half of all Americans vulnerable to fraud and stolen identities. According to Gemalto’s Data Breach Index, more data was lost or stolen in the first half of 2017 (1.9 billion records) than in the entire of 2016 (1.37 billion) and that was before the biggest breaches of the year.

Taking a look back, we saw a huge increase in ransomware in 2017 (mostly because of two massive global attacks). According to new research from anti-virus software firm Bitdefender, ransomware payments hit $2 billion in 2017, twice as much as in 2016. Ransomware attacks are predicted to continue in frequency and aggression as they become more sophisticated and harder to stop. The US was the biggest and easiest target. The 2017 Internet Security Threat Report, found 64% of Americans are willing to pay a ransom, compared to 34% globally. And the average ransom spiked 266%, with criminals demanding an average of $1,077 per victim.

Ransomware at a glance

Ransomware is a form of malware that basically takes hostage of systems, either by locking the user out completely, or locking files so they can’t be accessed. The most common action of hackers is to encrypt files and force users to pay a ransom to get the decryption key. Ransomware is a virus delivered, usually, through a link. Once the user clicks the link, the virus takes over and can spread to the rest of the corporate network. The user is presented with a message explaining their files have been taken hostage and given instructions of how to send payment. Other, more aggressive forms of ransomware don’t rely on traditional phishing, but rather exploit security holes to infect systems. NotPetya and WannaCry were two such attacks this year.

Let’s take a look at some of the noteworthy ransomware attacks of 2017

Spoiler alert

A breach of HBO in June lead to the theft of 1.5 terabytes of data, including full episodes of unreleased shows. The hacker demanded payment of millions of dollars to stop the release of show episodes. HBO stood firm and didn’t give in, but suffered a rough few months as the hacker gradually released the stolen materials, including a script for an unaired episode of Game of Thrones. The hacker was finally arrested by the FBI in November. The hacker, in this case, targeted users who could remotely access HBO’s computer systems.

Global hostages

Two well-known ransomware attacks, WannaCry and NotPetya, caused global alarm and spread fast and furious, infecting hundreds of organizations. In May, WannaCry affected more than 150 countries and targeted businesses across many different industries. The WannaCry ransomware worm exploited a critical Microsoft vulnerability, and targeted organizations running outdated or unpatched Windows software. The WannaCry hackers demanded ransom to unlock blocked data files from more than 300,000 computers. NotPetya used similar tactics as WannaCry, but was much more targeted, mainly affecting organizations in Ukraine. However, it affected several health care agencies in the US, including pharmaceutical giant Merck, which lost more than $310 Million due to NotPetya. The initial means of infection was a tax and accounting software package.

The Great KQED Ransomware Attack

One of the largest public media companies in the US experienced a two-month nightmare over the summer of 2017. KQED, the NPR station, servicing the San Francisco area, was hit with a disruptive ransomware attack that caused wide-spread blue screens of death, loss of phone access, and no internet! This all but rendered the station useless and forced employees to find some creative workarounds to keep operations going. The hackers demanded 1.7 bitcoins per computer (roughly $2,500). But the hackers so generously offered and the alternative of a one-time special deal of $27,000 for all computers. There is no solid evidence as to how the ransomware was introduced, but KQED was very open about their security holes, including allowing admin rights for local users. KQED considered paying the ransom but was talked out of it by the FBI, which urged the station to not pay the ransom, fearing they would be an easy target for future attacks. The station was eventually able to fend off the attack, but it learned a very valuable lesson regarding security vulnerabilities. This is a fascinating story and I encourage you to read the full article at KQED’s website.

Ransomware defence

So what is the best way to protect your users and systems from ransomware attacks? Here are a few tips.

  • Most importantly, keep your operating systems up to date and follow through with any patches for vulnerabilities. As we saw with WannaCry and NotPetya, exploiting software vulnerabilities is the latest, most aggressive avenue for malware delivery.
  • Use multi-factor authentication, at the very least for remote access (which would have prevented the HBO attack).
  • Keep control of user rights and don’t allow for unchecked software installation (Learn from KQED’s mistake).
  • Ensure systems are running antivirus software that will detect malicious programs.
  • Schedule automatic system backups. So if you are faced with a malware attack, you can at least replicate some of the files and ease some of the fallout.
  • Communicate with employees and train them to recognize suspicious email.

So beware the ransomware and remember to use multi-factor authentication. Discover how strong security and user convenience can coexist, check out our video What is PKI (Public Key Infrastructure)?

View the orinal article by Gemalto.

Running End-of-Life SA, IC, or MAG Appliances?

Tuesday, January 23rd, 2018

Appliances have natural lifespans. And if your SA, IC, or MAG appliances are running end of life, it is time to bid them farewell and RIP. Upgrading appliances prevent security breaches, gives you access to new features that deliver quantifiable value to your daily business operations, and comes with leading-edge components such as memory, processors, hard disks, network interface cards, etc. New hardware can handle more users and manage traffic faster and more reliably than ever, so you can do more with less.

Even so, saying the final “good-bye” can be tough. We know that. That’s why Pulse Secure is always here to help you to secure the future today to deliver and scale new IT services tomorrow.

Here’s what you should know about burying your end-of-life SA, IC, or MAG appliances and replacing them with new PSA5000 and PSA7000 appliances from Pulse Secure:

  • You gain the ability to provide secure access to SaaS applications from Microsoft Office 365, Box, Concur, and many others.
  • You can deploy and support BYOD in a simple and straightforward manner via a mobile device container.
  • You will be assured that only authorized users with compliant devices can access applications and services in the cloud or data centre, thereby preventing data leakage.
  • You can integrate your existing identity stores such as Active Directory, as well as leading providers like Ping and Okta.
  • You can empower your users through single sign-on (SSO) with certificate authentication – eliminating frustrating password requirements.
  • You can know what is on your network and enforce security with a unified policy across wired and wireless connections, personal and corporate devices, and remote and local access.

So, take a look at your end-of-life appliances – and take action to secure your future. Saying “RIP” today will set you up to celebrate serious ROI tomorrow.

Securing BYOD and 1:1 Network Access in Primary and Secondary Schools

Wednesday, January 10th, 2018

Edtech that fails to work properly in primary and secondary schools inhibits learning rather than enabling it. Disparate technologies must come together seamlessly to elevate the classroom experience for teachers and students. Security is one key piece of the puzzle that schools can overlook in the rush to provide Chromebooks, iPads and other shiny objects for screen-based learning.

How will schools secure personally identifiable information (PII)? What is student data, and where is it, so schools can ensure student data privacy? Under-staffed and under-budgeted IT teams (or the math or science teacher instead!) often struggle with how to get students, faculty, staff and visitors on the network quickly and securely.

Schools may use insecure methods for BYOD and guest onboarding due to lack of awareness about the security pitfalls of default methods for providing network access. (Just to be sure we’re clear—onboarding is the process by which a device gains access to the network for the first time). We detailed the shortcomings of these default methods in a recent blog entitled “What’s Wrong with PSKs and MAC Authentication for BYOD?

Security-aware schools these days increasingly seek out a secure onboarding solution. Numerous schools have deployed Ruckus Cloudpath software to get 1:1, BYOD and guest users on the network and increase security. In case you’re not familiar with it, Cloudpath Enrollment System is a SaaS/software solution for delivering secure network access for BYOD, guest users and IT-owned devices. Why is Cloudpath software so popular in schools? Let’s consider a few of the reasons.

Device volume and diversity: Reliable network connectivity is a baseline requirement in schools, but first you have to get devices on the network. Users are bringing more devices, and more types of devices, than ever before to school. Cloudpath software onboards those devices with easy, self-service workflows that remove the need for IT intervention, letting schools accommodate ever-increasing numbers of diverse devices.

Simpler Authentication: During the onboarding process for BYOD or 1:1 users, students or teachers connect their devices the first time using existing network login credentials from directory services like Active Directory or LDAP. The Cloudpath software prompts the user to install a digital certificate on the device as the basis for network authentication going forward. The user does not need to enter their password again to connect to the network—the device authenticates in a way that is transparent to the user, and every connection is secure. That makes for a great user experience.

Massive Onboarding Events: Students all arrive at the same time when the school year begins, creating a huge wave of new devices that require network access. It’s not just students—teachers and administrators also arrive at school at the same time. The holiday season creates another wave of new devices. Graduation brings everyone together, including family and guests. Unless the school has a way to simplify getting online, users may inundate IT with helpdesk requests. Users may also post negative comments on social media or school review sites. Cloudpath software reduces the burden on IT by making it easy for users to self-provision their devices for network access.

Student Data Privacy Concerns: Schools take very seriously their responsibility to ensure data privacy for students. Government entities also require that they do so with regulations like FERPA (the Family Educational Rights and Privacy Act). Data privacy requires a solid foundation of data security, and digital certificates are a key element of a layered defense. Cloudpath secures every connection with powerful encryption for data in transit over the air using the WPA2-Enterprise security protocol—the safest and best method for delivering secure Wi-Fi access. The Cloudpath system also performs an up-front IT security posture check with remediation. You can define and manage policies for role-based access control—so that users only get access to the network resources appropriate to their role in the organization. These and other features enhance data security and help to ensure data privacy.

Technology Integrations: Cloudpath software integrates with any third-party offering that can consume its APIs. It interoperates with next-generation firewalls, web content filters and mobile device management products to further enhance security and improve user experience. Two Ruckus technology partners whose products are especially popular with schools are iBoss and LightSpeed Systems. Cloudpath works with their web filtering products to let them filter encrypted content, which helps schools achieve CIPA (Children’s Internet Protection Act) compliance. Cloudpath Enrollment System also uniquely integrates tightly with Chromebooks to enable single-tap onboarding.

As you can see, Cloudpath Enrollment System is a great fit for primary education—so it’s no coincidence that schools have embraced it so wholeheartedly. One final attribute to consider: it’s fully vendor agnostic, so you can deploy Cloudpath software with your existing wired/wireless infrastructure.

As a next step, you can view this video that highlights what Cloudpath software can do for schools. View our customer case study for Fairfax County Public Schools. Or watch our “Securing Chromebook Classrooms Made Easy” webinar with Lightspeed Systems. When you’re are ready to take the next step, feel free to request a product demo.

View the original post from Ruckus here.

Four Data Security Trends that Defined 2017

Thursday, January 4th, 2018

With 2018 upon us, it’s important we take stock of the data security trends and threats that defined 2017. Several notable trends emerged over the course of the year, after all, and these will no doubt continue to shape the data security landscape into 2018 and beyond.

Here are four such remarkable data security trends that helped mold the past year:

1. International Malware Outbreaks

One of the most notable data security trends of 2017 were three strains of malware made headlines for attack campaigns that swept across national boundaries. On 12 May, WannaCry ransomware got things going with an outbreak that claimed the United Kingdom’s National Health Service (NHS), Spanish telecommunications giant Telefonica, and at least 200,000 other organizations worldwide as victims. NotPetya followed less than two months later when the Petya impersonator/wiper malware struck a Ukrainian power supplier, France’s Saint-Gobain, and close to 17,000 other targets primarily in North America and Europe. Both attacks leveraged EternalBlue, an exploit which abuses a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol, for distribution.

It wasn’t until October 2017 that Bad Rabbit, a strain of Diskcoder, reared its head. This malware used drive-by attacks as its primarily means of infecting users. As a result, it infected only a few hundred computers mainly located in Russia, Ukraine, Germany, Turkey, South Korea, the United States, and a few other countries.

2. Mega-Breaches (and Curious Responses)

In light of the hacking attack disclosures involving LinkedIn, Dropbox, Yahoo (which only got worse), and others, history will no doubt remember 2016 as the “Year of the Mega Breach.” 2017 didn’t produce as many mega-breaches as 2016, but it nevertheless yielded some notable data security incidents…with some equally extraordinary responses. You can find a database of data breaches going back to 2013 in Gemalto’s Breach Level Index.

For instance, Equifax acknowledged in the beginning of September that hackers had breached its systems and thereby compromised the personal information of 143 million American citizens. Consumers’ personal data was simply left unencrypted. Things went awry on the day of disclosure when the credit bureau directed concerned users to visit a resource to verify if they were victims of the breach. That resource was located at a separate site riddled with bugs. Additionally, a slow disclosure time and subsequent gaffes on Twitter led Brian Krebs to call the response a “dumpster fire.”

Two months later, the world learned of the data breach at Uber that compromised 57 million driver and rider accounts in 2016. The ride-sharing company ultimately met the hackers’ ransom of $100,000 to ensure the attackers deleted their copy of the stolen data. It then went further by insisting the hackers sign an NDA, camouflaging the ransom payment as a bug bounty program payout, and remaining silent about the breach for more than a year.

3. CIA Hacking Tools

In the spring of 2017, WikiLeaks published a series of documents pertaining to the Central Intelligence Agency’s hacking operations. Detailed in those leaked sources are various tools used by CIA agents to infiltrate their targets, including malware for smart TVs and iOS exploits. The documents even include borrowed code from public malware samples.

Symantec subsequently analyzed those hacking tools in April and linked them to 40 attacks in 16 countries conducted by a group called Longhorn. It’s unclear how many additional attacks those tools have since facilitated.

4. Attacks against Cryptocurrency Exchanges

One Bitcoin was worth just $979 on 1 January 2017. Since then, its value has multiplied more than 13 times, with its rate peaking at $19,843. Investors no doubt celebrated that price explosion. But they weren’t the only ones tracking the digital money’s increase. Malefactors also saw the rise of Bitcoin; they took it upon themselves to try to hack various exchanges for the cryptocurrency. Indeed, at least eight marketplaces have suffered data breaches as of 23 December, with Parity Technologies losing $32 million in Ethereum and hackers stealing $70 million in Bitcoin from NiceHash. One can expect this data security trend to continue into 2018.

by Jason Hart at Gemalto. View the original post.

8 Visionary Predictions for Information Security in 2018

Thursday, January 4th, 2018

In 2017, the InfoSec community saw the continuance of several trends from 2016 as well as the emergence of some new and nasty surprises.

File-less attacks continued to rise in popularity, ransomware attacks on healthcare organizations became more prevalent, spending on cyber insurance increased, and – what else is new? – a multitude of data breaches dominated the headlines.

As we enter the new year, here are some predictions from the security experts at SentinelOne for what you can expect in 2018!

The Good

The CISO is the new CIO

Infrastructure and security will become one, as our networks and security converge. You will not be able to think about security as something you ‘apply’ to a network. Your network cannot exist or be operational without security defining it. Infrastructure as software, cloud workloads, dev ops, and coded assets are only further compounding this effect, introducing a large amount of security risk, if not organized properly taking security into consideration during design time.

The endpoint will become the building block of the modern network

As the mobile workforce continues to embrace public SaaS applications and cloud workloads, the “standard” company network perimeter will continue to dissolve. This will require companies to continuously map their assets, both inside and outside the firewall, to discover, understand, and reduce the organization’s attack surface and risk. The endpoint, as the exclusive device to allow access to content and data – will become the building block of the modern network.

Automation and integration

As network boundaries become increasingly abstract, the cybersecurity skills gap becomes more painful and evident. Forbes estimates the current number of unfilled jobs in cybersecurity at 1.4 million. Considering the economic impact of a breach, more and more organizations are looking for the easy button – products that can fill this gap and integrate well with other products in their defense lines, by all means – automation, APIs, and workflows. SentinelOne anybody?

The Bad

Enterprise IOT as a new threat vector

Attackers are always looking for the path of least resistance and, with the number of smart devices lying around our networks growing exponentially, E-IOT devices can pose an unsegmented (often unknown) threat vector. In 2018, this will be leveraged as yet another entry point for a network breach that, with a lateral move, can give attackers access to identified assets of interest. We’ve already observed multiple cases of advanced breaches as a result of enterprise IOT devices being exploited, and we think this is only the beginning, especially as traditional endpoints become more secure, and controlling segmentation in the modern network becomes more difficult.

Certified pre-owned IoT devices

While not a new or unheard-of threat vector, we’re likely to see a significant increase in devices being shipped with malware and backdoors. As we’ve seen with NotPetya, adversaries are keen to compromise upstream update servers to spark wide malware distribution. It would not be a far leap for adversaries to compromise popular IoT manufactures, or popular components contained within, to achieve the same or better results — especially since there is not a lot of security effort put into most devices.

Crypto-miners and more heists

As crypto currencies surge in popularity and value, more malware is being made to infect more machines (of every kind: pc, mobile and server) and mine at scale, as a means to better monetize victim machines. Another worrying trend is the increased hacking of crypto exchanges and online wallets whose value is inextricably linked to the rapidly rising price of many crypto currencies. Those exchanges and wallets are basically like banks without the necessary regulation and safeguards, making them an easy and valuable target for attackers in 2018.

The Ugly

File-less attacks will continue to rise in popularity and effectiveness

Traditionally, AV and other security products look at files. Files can be hashed, queried in reputation services, examined with static analysis and machine learning, and easily excluded for false detections. It seems to be a happy flow for all: Sophisticated attackers can continue attacking and security products can keep on selling. However, throughout all of this the customer is a sitting duck for the next security breach. There are too many security products being utilized on the network and the endpoint without the technology to prevent file-less attacks, and as a result we expect the frequency of these attacks to continue rising in 2018.

Destroyer-ware as a cyber-weapon

As worm-based ransomware has proven, encrypting or completely decommissioning an entire network is a scary new reality that can happen in seconds. As we move forward, we anticipate adversaries (even nation-states) to weaponize destroyers to take down networks or hold them hostage. It is a malware-driven form of modern DoS.

Cyber-crime by nation-states

As we’ve seen reported, North Korea has been conducting cyber-crime campaigns as a way of raising funds and disrupting adversaries. In 2018, we expect other countries, especially small and less financially privileged countries to follow suit — likely those which do not have extradition treaties.

As we leave 2017 behind and enter the new year there are many trends and developments for us to reflect on. We hope that these predictions will help organizations rethink their traditional approach to cybersecurity and progress alongside a rapidly evolving threat landscape.

View the original SentinelOne report.

A Review of the Notable Vulnerabilities of 2017

Thursday, January 4th, 2018

This past year has seen its usual collection of exploits, vulnerabilities, attacks and data leaks. But let’s take a look back and see if we can learn a few lessons from the progress of time.

Of all stories, it certainly seems like this year has been a watershed in terms of major ransomware attacks. From Locky, Petya, Mirai, WannaCry, and BadRabbit, we haven’t had much time in between each attack to bounce back. Furthermore, the attacks are getting bigger and more intrusive and more targeted.

Moral: Patch now and forever. Make sure you don’t delay when you hear about an exploit because any delay can be used by attackers to enter your network. (I am talking to you, Equifax.) Have a plan in place and make sure it covers all of your critical OS and apps.

Probably the second most often occurring event of the year was the series of stories about unsecured AWS storage buckets. Not to pick on Amazon, but this is the case for any cloud provider. Sadly, this isn’t new, and this trend will continue. As your cloud infrastructure becomes more complex, it is easier to forget about setting the right access rights and easy to let something slip by.

Moral: make use of new AWS tools (such as GuardDuty and AWS SSO) and schedule better audits of your cloud account access controls.

A companion warning to insecure cloud storage is to understand how to make use of the newer cloud tools and containers such as “serverless” computing that is coming into fashion. This involves code running in a well-defined sandbox that is deleted after the code executes. A proof-of-concept exploits explained at the last BlackHat conference shows that at least there is one vulnerability in this area. Certainly, serverless attacks will become more prominent in the coming years as containers and these tools become more popular.

Moral: Make sure your cloud instances are set up properly and understand the specialized security issues involving containers.

Malware is getting sneakier and better at hiding itself. I wrote about the rise of fileless malware earlier in the year, and this is just one of many methods that malware can make it harder to be detected. There will continue to be lots of cases where malware can hijack legitimate Windows services and make use of other programming tricks to evade detection.

Moral: Tune your defences accordingly. Behavioral tracking methods are more important than ever and remember to patch quickly when exploits are discovered.

Treat crypto certificates as if they matter more than money because when they fail, the consequences will cost you a boatload. Look at what happened recently to LinkedIn: they used a third-party security consultant who let their SSL certs expire and their site was down for a day until the issue was resolved. This doesn’t help keep your customers’ trust, especially on a user-supplied data-rich site like LinkedIn. Review this article about some of the cert management issues and spend some time making sure all of your digital certs are properly accounted for.

Moral: Don’t delegate this to some third-party without a lot of checks and balances.

Finally, the use of open source software continues to rise, and with it comes an obligation to ensure that you consider security as part of the DevOps process. A recent survey of open source users found that almost half of the code maintainers never audit their code, and less than 17 percent feel they have high-security knowledge. Code vulnerabilities are on the rise for open source projects pretty much across the board — but not for Red Hat Linux. Last year, two-thirds of Red Hat vulnerabilities were fixed within a day of public disclosure.

Moral: build security into your projects at the beginning.

by David Strom at iboss. Read the original post.