93% of Indian Respondents Plan on Increasing IT Security Spending This Year – Thales Data Threat Report 2018
2018 Thales Data Threat Report, India edition, finds that a striking 93% of Indian respondents plan on increasing IT security spending this year, the highest among all countries surveyed and well above the global average (78%).
This year’s findings demonstrate a mix of good and bad news for Indian organizations in adopting security strategies to prevent the breach of sensitive data at their workplaces. According to the report, digital transformation across the globe has led to the growth of new business models that are focused on driving growth and profitability for organizations including cloud, IoT, big data, and blockchain. Indians recognize encryption with Bring Your Own Key (BYOK) capabilities as the top security tool for securing sensitive data in cloud environments and continue to spend their resources on the same technology.
The report also states that the government’s steps toward ensuring transparency under the ‘Aadhaar programme’ have resulted in an increase in IT security spending by Indian organizations. At the same time, reports of successful data breaches in India are second only to Sweden among all geographical and vertical markets.
- In India, the top choice for satisfying data privacy laws is encryption (30% vs. 42% globally, where it is also the top choice), followed by tokenization (25% vs. 20% globally)
- Around 52% of Indian respondents reported a data breach last year, way above the global average (36%). Further, a full three quarters (75%) of respondents in India reported being breached at some time in the past, compared with just 67% globally.
- 62% of Indian respondents report feeling ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data (37% ‘extremely’ vulnerable), well ahead of the global average (44%).
- Indian organizations are apparently not spending their valuable IT security funds in the right places.
- 91% list analysis and correlation as the most effective weapons to stop data breaches followed closely by data-in-motion/data-at-rest defenses at 90% each
- Endpoint/mobile defenses are ranked least effective (81%)
- Yet endpoint/mobile defenses are ranked at the top in terms of spending plans (81%), with data-at-rest at the bottom (54%).
- 85% of Indian respondents say compliance is either ‘very’ or ‘extremely’ effective at stopping breaches, again way ahead of the global average (64%).
- Indian respondents are relatively unconcerned about storing sensitive data in cloud environments, with 92% of Indian respondents reporting that their organizations store sensitive data in some form of public cloud (either IaaS, PaaS or SaaS), well ahead of the global average of 74%.
- Concerns about performance impacts and business processes are the top barriers cited in India to IT security, followed by perceptions of complexity (48%) and perceived need (37%).
The data in the report is based on detailed inputs from over 100 senior IT security managers in India – all part of the Thales 2018 Global Data Threat Report, which polled 1,200 IT security managers in eight countries and across four major vertical markets.
Flashpoint Unveils Ransomware Response & Readiness Service
Flashpoint, a threat intelligence and research company, announced the launch of a new service designed to help organizations prepare and respond to ransomware and other types of cyber extortion incidents.
The new Threat Response & Readiness Subscription is available immediately, both as an extension to Flashpoint’s other business risk intelligence offerings and a standalone service that can be purchased separately. Pricing is customized based on the customer’s requirements for response and readiness engagements.
The readiness part of the service includes ransomware workshops, tabletop exercises (TTX), and pre-negotiated rates and engagement hours. The workshops are designed to educate the customer’s employees on ransomware, including how it works, how organizations can become infected, attacker profiles, and cryptocurrencies.
The TTX involves discussing simulated scenarios, assessing the effectiveness of current response plans, establishing roles and responsibilities, and improving coordination.
As for incident response, Flashpoint provides research on the threat actor launching the attack, engages with the attacker in an effort to determine appropriate mitigations, and even helps the victim acquire cryptocurrency in case they decide to pay the ransom.
Flashpoint strongly discourages any individual or organization from engaging directly with the threat actor on their own, due to “the inherent difficulties and security risks involved,” Hofmann said.
LabCorp Health Firm Hit with Ransomware Attack
North Carolina-based LabCorp took some of its systems offline last weekend after discovering that some had been infected by ransomware.
LabCorp, a company that provides “diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year,” serves hundreds of thousands of customers nationwide and processes tests on more than 2.5 million patient specimens per week.
In an 8-K filing with the U.S. Securities and Exchange Commission on Monday, the company revealed that, over the weekend of July 14, it detected suspicious activity on its network and decided to take some systems offline to contain the activity.
“LabCorp promptly took certain systems offline as part of its comprehensive response to contain and remove the ransomware from its system. This has temporarily affected some test processing and customer access to test results,” the company said.
The ransomware, LabCorp says, only impacted its Diagnostics systems but did not affect Covance Drug Development systems. The health firm also revealed it has “engaged outside security experts and is working with authorities, including law enforcement.”
For the time being, the “investigation has found no evidence of theft or misuse of data,” the company said.
RATs Bite Ukraine in Ongoing Espionage Campaign
ESET security researchers have warned about an ongoing espionage campaign aimed at Ukraine, that is leveraging three different remote access Trojans (RATs).
The attacks apparently started in late 2015, but the first report on them emerged in January 2018. ESET says they have been tracking the campaign since mid-2017, and that the attacks have been mainly focused on Ukrainian government institutions, with a few hundred victims in different organizations.
The actors behind this cyber-espionage campaign have been using multiple stealthy RATs to exfiltrate sensitive documents, namely Quasar RAT, Sobaken RAT, and a custom-made RAT called Vermin. Most of the commands are implemented in the main payload, but the RAT also includes support for optional components, such as audio recorder, keylogger, password stealer, and USB file stealer.
“These attackers haven’t received much public attention compared to others who target high-profile organizations in Ukraine. However, they have proved that with clever social engineering tricks, cyber-espionage attacks can succeed even without using sophisticated malware. This underscores the need for training staff in cybersecurity awareness, on top of having a quality security solution in place,” ESET notes.
U.S. Voter Records Exposed – Robocalling Firm
A publicly accessible Amazon Web Services S3 bucket belonging to a political autodial firm was exposing hundreds of thousands of United States voter records.
Discovered by Kromtech Security’s Bob Diachenko, the misconfigured data repository is part of robocalling company Robocent’s cloud storage and has been already indexed by searchable database GrayhatWarfare, which currently lists over 48,000 open S3 buckets.
Virginia Beach-based political autodial firm claims to have over 10 years of combined autodial experience and to be able to “reach thousands of voters instantly”. “Our powerful dialer can make thousands of calls a minute, ensuring large calls always meet the deadline,” Robocent notes on its website.
The company’s publicly accessible storage had 2594 listed files that included audio files with pre-recorded political messages for robocalls dials (*.mp3, *.wav). More importantly, the Amazon S3 bucket contained a large amount of voter data (in the form of *.csv, *.xls files): full name, suffix, prefix; phone numbers (cell and landlines); address with house, street, city, state, zip, precinct; age and birth year; and gender.
Other voter information found in the cloud storage included affiliation provided by state or inferred based on voting trends/history; jurisdiction breakdown based on district, zip code, precinct, county, state; and demographics based on ethnicity, language, and education, Diachenko reveals.
According to Diachenko, the company quickly secured the S3 bucket and files access after being responsibly alerted on the issue. “We’re a small shop (I’m the only developer) so keeping track of everything can be tough,” Diachenko was told.
Three Cybersecurity Officials Leaving FBI As Per Reports
Wall Street Journal has reported that three senior cybersecurity officials are leaving the FBI at a particular
sensitive time for cybersecurity concerns in the U.S as special counsel Robert Mueller investigates Russian interference in 2016 election and intelligence officials are warning of continued Kremlin attempts to attack the American Election System.
The Journal reported that, “David Resch, a cybersecurity head in the agency’s division that handles investigating financial crime and organized crime; Scott Smith, assistant FBI director and head of the Bureau’s cyber division; and Smith’s deputy, Howard Marshall, have either already departed or will leave within the month. Carl Ghattas and Jeffrey Tricoli, senior agents responsible for national security investigations including elections security, departed the bureau earlier this year.”
It is, but, in contrast to the press conference by the Justice Department where Deputy Attorney General Rod Rosenstein discussed wide ranging cyber-initiatives spearheaded by the FBI. According to his report, FBI is trying to outreach to private companies and work with social media firms to tamp down foreign influence campaigns and address security problems in elections infrastructures.
1.5 Million SingHealth Patient’s Data Accessed By Hackers Including The Prime Minister
Hackers infiltrated a company database and copied information of 1.5 million patients including the country’s prime minister from Singapore’s largest health care group, SingHealth.
“Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs,” reads a joint press release posted and SingHealth’s website and issued by Singapore’s Ministry of Health and Ministry of Communications and Information.
Patients who visited the outpatient clinics and polyclinics from May 1, 2015 through July 4, 2018 were the ones affected. The breach resulted in compromising individual names, NRIC (National Registration Identity Card) numbers, addresses, demographic data (race and gender), and birth dates. According to the press release, “ IHiS database administrators uncovered the anomalous activity on July 4 and confirmed six days later that the cause was a cyberattack that began on June 27.”
Front end workstation was intruded after which attackers obtained privileged account credentials and got access to the database. SingHealth had filed a police report on July 12 in response to the intrusion. The IHis in the meantime augmented its security by suspending internet surfing on its work computers, adding controls on workstations and servers, resetting user and systems accounts, and enhancing system monitoring controls. Press Release also discloses that the Prime Minister’s personal information and particulars were targeted.
Prime Minister Lee Hsien Loong addressed the matter in a Facebook post, saying, “Don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
In response to the situation, the Prime Minister has asked the CSA and the Smart Nation and Digital Government Group (SNDGG)to work with the Ministry of Health, Singapore to tighten up the overall defenses.
SingHealth patients are slated to receive an SMS-based breach notification in next 5 days. SingHealth has warned that patients should not believe in fraudulent text stating their information has been accessed.
Internal System’s Vulnerability Patched By Adobe
Adobe patched potentially serious security issue in its internal system by downplaying the impact of the vulnerability described by researchers. Adobe reported that, “The issue was a cross-site scripting (XSS) bug in a form used for event marketing registration and said a fix had been implemented.” If Adobe’s classification is accurate then it was likely a persistent XSS.
The researchers claim to have discovered that the code submitted through some of Adobe’s event marketing registration forms ultimately made its way to one of the company’s main databases, and then propagated to e-mails and web services. They have also mentioned that there were multiple domains where malicious code could have been inserted and there were multiple places where the code could be executed.
It was found that the code was injected to a micro service, from there it was taken to the main application management service and then synced into the lead database of Adobe. The exploit code was delivered via emails sent out by Adobe and on some of the company domains.
Cyber Security Challenge UK Being Backed By Barclays
Barclays is backing the Cybersecurity Challenge UK to host an event aimed at finding people who might be suited to a career in cybersecurity. It is a government backed event and aims to identify cyber talent through nationwide face-to-face competitions.
Candidates will go through a series of tests simulating real-life cybersecurity scenarios and the challenges will evaluate their technical, business and soft skills. A British person of any age who does not currently work in the cybersecurity field can apply after securing an invitation to face-to-face competition by completing an online qualifying game.
Chief Security Officer, Barclays, Mr. Tim McNulty says, “The cyber landscape is constantly evolving, as can be seen with the growth of AI and machine learning. Traditional methods of cyber security defence need to develop too as cyber adversaries are deploying this technology and accelerating the scale, speed and complexity of their attacks. Through this competition, Barclays is helping to provide a platform for the next generation of cyber enthusiasts to demonstrate their skills to serve a societal need, and to develop promising careers under the stewardship of Barclays.”
New Identity Bug Bounty Program By Microsoft Pays Upto $100,000
The newly launched identity bug-bounty program by Microsoft aimed at identity services offers bounty payouts ranging from $500 to $100,000. Microsoft’s Identity Bounty will reward those researchers who find eligible bugs in not only its identity solutions but also for security vulnerabilities in “certified implementations of select OpenID standards.”
Microsoft explained, “A high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue. This typically includes a concise write-up containing any required background information, a description of the bug, and a proof of concept. We recognize that some issues are extremely difficult to reproduce and understand, and this will be considered when adjudicating the quality of a submission.”
Multi-factor authentication bypass is one of the highest possible payout and could result upto $100,000, next would be standard design vulnerabilities and standard based implementation vulnerabilities. The other 5 type of vulnerabilities include: significant authentication bypass, cross-site request forgery (CSRF), cross-site scripting (XSS), authorization flaw, and sensitive data exposure