24.11.16

Organizations ‘not doing enough’ to prevent data breaches


Organizations need to do more to prevent themselves from experiencing data breaches, as many people are of the opinion that not enough is currently being done.
This according to a new report from the Internet Society, which found that 59% of users would be reluctant to do business with an enterprise that had been compromised.
The paper was keen to highlight how damaging a data breach can be. Not only does it negatively affect the organization that has been attacked, it also impacts on its employees and consumers.
Moreover, it damages the way people think about technology. As Michael Kende, the author of the report, noted, “the ultimate casualty is trust in the internet”.
“Without trust, those online are less likely to entrust their personal information to the internet, and, those who are not yet online will have a reason to stay offline.”
“The vision of the Internet Society is that the internet is for everyone, everywhere,” he stated.
“Trust in the internet is at the core of that vision. Without trust, those online are less likely to entrust their personal information to the internet, and, those who are not yet online will have a reason to stay offline.”
One of the most interesting points raised by the paper concerns the seeming lack of investment from businesses in information security, said Kende, an economist and internet society fellow.
He added that while many appreciate the seriousness of data breaches, organizations are “not doing everything they could to prevent” them from happening.
To help change this, the Internet Society has come up with some recommendations on what can be done to boost cybersecurity efforts.
This includes making organizations more accountable for data breaches, making information security a priority and increasing transparency around security incidents around the world.
“Up-to-date security systems, usable security, and awareness on how to deal with threats and social engineering are needed for reducing the opportunities for data breaches and device compromise,” commented Olaf Kolkman, chief internet technology officer at the Internet Society.
“The report shows that as much as 93% of all breaches could have been avoided if the correct measures were put in place.”
A study from earlier this year revealed that many IT professionals are not confident that they would be able to protect data in the event of a successful attack.

ESET lance ESET Threat Intelligence, un service d’alerte anticipée pour les entreprises










Dès aujourd’hui, ESET® propose ESET Threat Intelligence, un service qui prédit et informe de manière proactive les clients en temps réel au sujet de menaces qui ciblent leur entreprise. Ceci leur permet de gagner en flexibilité et de s'adapter plus facilement à des menaces qui évoluent rapidement. Bien que ce service ne soit implémenté qu’à partir de 2017, il est disponible dès maintenant aux Pays-Bas, en Pologne, en Espagne et en Ukraine. Pour plus d’informations, veuillez contacter MGK Technologies.

Développé à partir des dernières technologies d'ESET et de la base de connaissances existante, ESET Treat Intelligence permet aux utilisateurs de comprendre et de gérer les risques que coure l’entreprise, d’atténuer les menaces et d’améliorer l’efficacité de leur propre système de défense. 

« Entre les attaques ciblées, les menaces persistantes avancées (APM - advanced persistent threats) ou les attaques botnets zero-day, il est difficile de prévoir une éventuelle attaque ciblée ou une campagne de malware en ne disposant que de l’information des réseaux internes de l’entreprise, » explique Marc Mutelet, CEO de MGK Technologies, distributeur exclusif des produits ESET sur la Belgique et le Luxembourg. «ESET Threat Intelligence offre toute l’information dont ESET dispose afin d’obtenir un état des lieux complet de la sécurité, d’élargir la vue d’ensemble et de combler l’écart entre l’information obtenue en interne et celle disponible à l'échelle mondiale. »

Développé en tant que service, ESET Threat Intelligence se base sur des preuves, des informations contextuelles, divers mécanismes et indicateurs ainsi que d'autres types d'informations concrètes sur les risques existants ou émergeants que coure l’entreprise. Ces éléments peuvent alors être utilisés pour se faire une idée des décisions à prendre.

ESET Threat Intelligence offre les fonctionnalités suivantes :

Rapport sur les menaces ciblées : rapport basé sur des critères personnalisés, qui informe les utilisateurs au sujet des attaques potentielles en préparation ou déjà actives, ciblées spécifiquement sur leur organisation.

Rapport d'activité botnet : fournit des rapports réguliers et des données quantitatives  au sujet des familles de malware identifiées ainsi que les variantes du botnet qui sont surveillées par ESET Threat Intelligence.

Analyse d’échantillon : les utilisateurs ont la possibilité de télécharger vers un serveur des fichiers ou des échantillons afin de générer des rapports personnalisés.

Flux de données : les flux de données sont conçus pour être intégrés dans les systèmes de gestion de sécurité et de gestion d’événements (Security Information and Event Management (SIEM)) existants, et offrent une couche de protection supplémentaire. L’intégration de flux de données permet, par exemple, la corrélation des rapports journaliers arrivant vers le SIEM  en provenance de différents appareils du réseau avec les flux de données d’ESET.

Rapport sur le phishing : basé sur des critères personnalisés, il montre toutes les données concernant le phishing ciblé (d’e-mails) pour le client concerné.

Tableau de bord :  donne un aperçu basique de l'activité.

Accès API : les utilisateurs peuvent connecter à ESET Threat Intelligence depuis leurs propres systèmes internes via API.

Etant un service qui fonctionne sans être déployé sur l’infrastructure réseau d’une entreprise, même ceux qui ne sont pas encore clients ESET peuvent bénéficier des connaissances  d’ESET afin de renforcer la sécurité de leur organisation.

Pour plus d’informations sur ESET Threat Intelligence, visitez www.eset.com ou contactez le distributeur de votre région.  

22.11.16

Siemens-branded CCTV webcams require urgent firmware patch


Siemens-branded IP-based CCTV cameras are the latest internet-connected devices to be found vulnerable to hacking attacks.
In this particular instance, according to a security advisory issued by Siemens, the vulnerability – known as CVE-2016-9155 – could be remotely exploited by malicious attackers to trick CCTV cameras into revealing admin passwords:
The latest update for SIEMENS-branded IP-based CCTV cameras fixes a vulnerability that could allow a remote attacker to obtain administrative credentials from the integrated web server.
Until patches can be applied, restricting access to the integrated web server with appropriate mechanisms is recommended
The following CCTV camera models, built by Vanderbilt Industries who acquired Siemens’ security product line in June last year, are said to be at risk:
·         CCMW3025: All versions prior to 1.41_SP18_S1
·         CVMW3025-IR: All versions prior to 1.41_SP18_S1
·         CFMW3025: All versions prior to 1.41_SP18_S1
·         CCPW3025: All versions prior to 0.1.73_S1
·         CCPW5025: All versions prior to 0.1.73_S1
·         CCMD3025-DN18: All versions prior to v1.394_S1
·         CCID1445-DN18: All versions prior to v2635
·         CCID1445-DN28: All versions prior to v2635
·         CCID1445-DN36: All versions prior to v2635
·         CFIS1425: All versions prior to v2635
·         CCIS1425: All versions prior to v2635
·         CFMS2025: All versions prior to v2635
·         CCMS2025: All versions prior to v2635
·         CVMS2025-IR: All versions prior to v2635
·         CFMW1025: All versions prior to v2635
·         CCMW1025: All versions prior to v2635
The good news is that Vanderbilt has released updates for the vulnerable devices. The further good news is that, to date, there is no evidence that any malicious hackers have exploited the vulnerability.
There is bad news, however.
Firstly, it sounds as if the attack is relatively trivial for an attacker to pull off by sending a carefully-formed but simple HTTP request.
Additionally, it’s easy to predict that many of the vulnerable devices may not have patches applied to them in a prompt fashion (if at all) – a common problem with the Internet of Things.
Just making a patch available does not mean that the problem has gone away.
And that’s a problem. In the case of the Siemens-branded CCTV cameras they’re in use around the world at commercial facilities, in the healthcare industry and at government facilities. Not the kind of organizations that one imagines can afford to have their admin credentials leaked to cybercriminals.
This is, of course, far from the first time that flaws have been found in CCTV cameras that could be exploited by attackers.
For instance, last month there was a massive DDoS attack against domain name service Dyn, which in turn disrupted access to well-known sites such as Twitter, Pinterest, Reddit, and the Playstation network.
The DDoS attack was perpetrated by the Mirai botnet, powered by hijacked IoT devices, including hacked webcams.
As the Internet of (often insecure) Things expands, it poses a bigger threat to businesses and home users alike. ESET warned earlier this year that IoT would make more regular appearances in security headlines:
“For the future, the challenge for security in IoT is not restricted to the household. Technology keeps improving and time
and time again we see how governments, industries and markets in general are turning towards interconnectivity for all equipment, systems, and services. From market research to traffic systems, all things are being interconnected through existing technologies but, in certain cases, without the proper implementation of security protocols.”
It feels to me that when it comes to IoT security things are going to get worse before they have any hope of getting better.
And it’s also clear that news of the CCTV camera vulnerability has only added to a bad month for the Siemens brand in terms of security.
Earlier this month, the Department of Homeland Security’s ICS-CERT issued an alert that industrial control products developed by Siemens suffered from a local privilege escalation vulnerability that could leave SCADA equipment open to attack.



Get Safe Online warns of Amazon email scam


Amazon customers are the latest victims of an email scam, warns Get Safe Online.
Fraudsters claiming to be from Amazon have sent out thousands of emails to consumers, telling them that there is a ‘problem’ with their order.
To resolve the alleged issue, the email asks customers to confirm ‘certain information’ by clicking on a link. Otherwise, they will not be able to access their Amazon account.
This directs people to a seemingly credible but fake website, making it easy for even the most vigilant customer to fall for the scam.
Here, they are required to input in personal information. When customers have entered in their details, they are asked to click a ‘Save & Continue’ button.
This then takes them to Amazon’s official website, again making it difficult for most people to suspect of any fraudulent activity.
Get Safe Online warns that customers are more easily exploited in the lead up to Christmas, with last minute shopping anxiety making them more susceptible to threats.
Online fraudulent activity is becoming increasingly common, with high quality, authentic looking phishing scams being especially difficult to spot.
Get Safe Online has issued a list of safety precautions for online shoppers to watch out for while shopping on Amazon.
Along with being aware of emails asking them to update their details or fix a problem with their account, it advises customers to regularly check their bank statements.
Looking out for a secure website page is also vital. This can be done by ensuring that the address contains ‘https’ at the beginning, with the ‘s’ standing for secure.