Over the last few decades, as the information era has matured, it has shaped the world of cryptography and made it a varied landscape. Amongst the myriad of encoding methods and cryptosystems currently available for ensuring secure data transfers and user identification, some have become quite popular because of their safety or practicality.

For example, if you have ever been given the option to log onto a website using your Facebook or Gmail ID and password, you have encountered a single sign-on (SSO) system at work. The same goes for most smartphones, where signing in with a single username and password combination allows access to many different services and applications.

SSO schemes give users the option to access multiple systems by signing in to just one specific system. This specific system is called the “identity provider” and is regarded as a trusted entity that can verify and store the identity of the user. When the user attempts to access a service via the SSO, the “service provider” asks this identity provider to authenticate the user.

SSO advantages and privacy concerns

The advantages of SSO systems are many. For one, users need not remember several username and password combinations for each website or application. This translates into fewer people forgetting their passwords and, in turn, fewer telephone calls to IT support centers.

Moreover, SSO reduces the hassle of logging in, which can, for example, encourage employees to use their company’s security-oriented tools for tasks such as secure file transfer.

But with these advantages come some grave concerns. SSO systems are often run by Big Tech companies, who have, in the past, been reported to gather people’s personal information from apps and websites (service providers) without their consent, for targeted advertising and other marketing purposes.

Some people are also concerned that their ID and password could be stored locally by third parties when they provide them to the SSO mechanism.

A fast, privacy-preserving algorithm

In an effort to address these problems, Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents such holistic information exchange. In their paper, they describe the new algorithm in great detail after going over their motivations for developing it.

Dr Iriyama states: “We aimed to develop an SSO algorithm that does not disclose the user’s identity and sensitive personal information to the service provider. In this way, our SSO algorithm uses personal information only for authentication of the user, as originally intended when SSO systems were introduced.”

Because of the way this SSO algorithm is designed, it is impossible in essence for user information to be disclosed without authorization. This is achieved, as explained by Dr Iriyama, by applying the principle of “handling information while it is still encrypted.”

In their SSO algorithm, all parties exchange encrypted messages but never exchange decryption keys, and no one is ever in possession of all the pieces of the puzzle because no one has the keys to all the information.

While the service provider (not the identity provider) gets to know whether a user was successfully authenticated, they do not get access to the user’s identity and any of their sensitive personal information. This in turn breaks the link that allows identity providers to draw specific user information from service providers.

The proposed scheme offers many other advantages. In terms of security, it is impervious by design to all typical forms of attack by which information or passwords are stolen. For instance, as Dr Iriyama explains, “Our algorithm can be used not only with an ID and a password, but also with any other type of identity information, such as biometrics, credit card data, and unique numbers known by the user.”

This also means that users can only provide identity information that they wish to disclose, reducing the risk of Big Tech companies or other third parties siphoning off personal information. In addition, the algorithm runs remarkably fast, an essential quality to ensure that the computational burden does not hinder its implementation.

from Help Net Security https://ift.tt/2ZkX9q1

There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020, according to Abnormal Security. This sharp rise continues the trend.

Also, according to the report, invoice and payment fraud attacks increased more than 75 percent in the first three months of 2020.

Larger dollar amounts are involved

During invoice and payment fraud BEC attacks, attackers pose as vendors, suppliers or customers in order to steal money using tactics such as initiating fraudulent wire transfers or hijacking vendor conversations to redirect vendor payments. These types of attacks typically involve much larger dollar amounts compared to other types of BEC attacks since they target business to business transactions.

In one example, the Abnormal Security team detected and stopped an attempted invoice fraud targeting a telecommunications provider, preventing more than $700,000 in losses. The attacker impersonated a real vendor and methodically engaged numerous employees over the course of two months, eventually convincing the target to change banking details and redirect the payment of a legitimate invoice of over $700,000 to the attacker’s account before the transaction was prevented.

Increasing number of attacks

An increasing number of these attacks were tracked, both in the number of organizations targeted and the number of attacks received per organization. The research team observed:

• A 200% increase in the average rate of invoice and payment fraud BEC attacks each week
• A 36% increase in the number of organizations experiencing these attacks
• Out of all types of BEC attacks, invoice and payment fraud BEC attacks are increasing in popularity. In April, these types of attacks comprised 14% of all BEC attacks, increasing to 17% in May.

“While all business email compromise attacks can lead to significant financial loss, those focused on invoice and payment fraud can have an even greater financial impact,” said Evan Reiser, CEO and co-founder, Abnormal Security.

“Even when an organization has established best-in-class security, third-parties represent a weak link. As these types of attacks continue to climb, it’s more important than ever for companies to implement technology that detects and stops them.”

from Help Net Security https://ift.tt/3eKqGAb

Even before lockdowns, there was a steady migration toward more flexible workforce arrangements. Given the new normal of so many more people working from home—on top of a pile of evidence showing that productivity and quality of life typically go up with remote work—it is inevitable that many more companies will continue to offer those arrangements even as stay-at-home orders are lifted.

Unfortunately, a boom in remote access goes hand-in-hand with an increased risk to sensitive information. Verizon reports that 30 percent of recent data breaches were a direct result of the move to web applications and services.

Data is much harder to track, govern, and protect when it lives inside a cloud. In large part, these threats are associated with internet-exposed storage.

Emerging threat matrix

Traditionally, system administrators rely on perimeter security to stop outside intruders, yet even the most conscientious are exposed after a single missed or delayed update. Beyond that, insiders are widely considered the biggest threat to data security.

Misconfiguration accounts for the vast majority of insider errors. It is usually the result of failure to properly secure cloud storage or firewall settings, and largely relates to unsecured databases or file storage that are directly exposed on a cloud service.

In many cases, employees mislabel private documents by setting storage privileges to public. According to the Verizon report, among financial services and insurance firms, this is now the second most common type of misconfiguration error.

Addressing this usually means getting open sharing under control, figuring out where sensitive data resides and who owns it, and running a certificate program to align data access with organizational needs.

Optimistically, companies hope that a combination of technological safeguards and diligence on the part of users—whether employees, partners, or customers—will eliminate, or at least minimize, costly mistakes.

Other internal threats come as a part of a cloud migration or backup process, where a system admin or DBA will often stand up an instance of data on a cloud platform but fail to put inconvenient but necessary access controls in place.

Consider the example of cloud data warehouses. Providers such as Amazon, Google, and Snowflake now make it simple to store vast quantities of data cheaply, to migrate data easily, and to scale up or down at will. Little wonder that these services are growing so quickly.

Yet even the best services need some help when it comes to tracking data access. Some tools makes it easy to authenticate remote users before letting them inside the gate of the cloud data warehouse. After that, though, things often get murky. Who is accessing which data, how much of it, when, and from where?

These are issues that every company must confront. That data is ripe for exploitation by dishonest insiders, or by careless employees, with serious consequences. In more fortunate circumstances, it is discovered by security teams, or by management who make an irate call to the CISO.

Born in the cloud

More approaches to data security that are born in the cloud are now appearing, and the new normal means the enterprise is motivated to adapt. As most organizations turn to the cloud for what used to be on-premises IT deployments, the responsibility and techniques to secure the infrastructure and applications that hold data are also being moved to the cloud.

For instance, infrastructure-as-a-service (IaaS) provides virtualized computing resources like virtual firewalls and network security hardware, and virtual intrusion detection and prevention, but these are an intermediate step at best.

The idea is that IaaS can offer a set of defenses at scale for all of a cloud provider’s customers, built into the platform itself, which will relieve an individual cloud customer from having to do many of the things that used to be on-premises data-protection requirements.

But what has really changed? A top certification may be enough to be called “above average” data security, but in reality that security still remains totally contingent on perimeter defenses, hardware appliances, and proper configurations by system administrators and DBMs. And it’s still only as good as the data hygiene of end users. There are a lot of “ifs” and “buts,” which is nothing new.

Data Security-as-a-Service (DSaaS) complements IaaS as it integrates data protection at the application layer. This places data access services in the path between users who want data and the data itself. It is also portable because it goes where the application goes.

Developers can embed data access governance and protection into applications through a thin layer of technology wrapped around database drivers or APIs, which all applications use to connect to their databases. An obvious advantage is that this is more easily maintained over time.

Shared responsibility

Data security is a shared responsibility among security pros, end users, and cloud providers. As the new normal becomes reality, shared responsibility means that a cloud provider handles the underlying network security such that the cloud infrastructure ensures basic, customer-level network isolation and secure physical routers and switches.

From here, under the DSaaS model the cloud service provider offers DSaaS—or else the customer provisions it through a third party—as a set of automated data security components that complete a secure cloud environment.

This makes it possible to govern each user at a granular level so that they access only the types of data they should, and perform only those actions with the data for which they are authorized. CISOs can implement and adapt rulesets to govern the flow of data by type and role. In terms of data protection, application-layer data security makes it possible to isolate and block bad traffic, including excessive data volumes, down to an individual user.

From this perspective, DSaaS can act as both an intrusion detection system (IDS) and intrusion prevention system (IPS). It can inspect data access and analyze it for intrusion attempts or vulnerabilities in workload components that could potentially exploit a cloud environment, and then automatically stop data access in progress until system admins can look into the situation.

At this level it is also feasible to log data activity such as what each user does with the data they access, satisfying both security and compliance—a notable accomplishment, considering that the two functions are often at odds with one another.

Incorporating security at the application layer also offers data protection capabilities that are similar to network intrusion appliances, or security agents that reside at the OS level on a virtual machine or at the hypervisor level.

Moreover, DSaaS governance and protection is so fine-grained that it does not inhibit traffic flow, data availability, and uptime even in the face of multiple sustained attacks.

Everyone is talking about how the “new normal” is impacting data security, but the enterprise was well on this path before the pandemic. It is tempting for vigilance to give rise to pessimism since data security has too often been a laggard, and an inventory of the cloud data-security bona fides of most companies is not encouraging.

However, data protection and governance can be assured should we adopt shared models for responsibility and finely tuned, application-level controls. It’s a new world and we can be ready for it.

from Help Net Security https://ift.tt/2Znrm84

Working remotely from home has become a reality for millions of people around the world, putting pressure on IT and security teams to ensure that remote employees not only remain as productive as possible, but also that they keep themselves and corporate data as secure as possible.

Achieving a balance between productivity and security is even harder, given that most organizations do not have adequate visibility or control over what their employees are doing on corporate owned smartphones and laptops while outside the office. Even less so in the case of BYOD.

Remote workers attempting to access risky content

NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.

All of these sites were visited on work-assigned devices while using either home or public Wi-Fi or a cellular network connection. The data also revealed several primary risk categories, which were identified using machine learning and based on the reputation scores of over 750 million known domains, more than 4 billion IP addresses and in excess of 32 billion URLs.

The assumption is that a large number of employees connected to protected internal (non-public) networks would have been prevented from accessing this risky content.

Key findings

• Employees, on average, encounter 8.5 risky URLs per day, or 59 per week
• Remote workers also access around 31 malware sites per month, and 10 phishing domains. That equates to one malware site every day, and one phishing domain every 3 days
• The most common types of high-risk URLs encountered, in order of prevalence, were botnets, malware sites, spam and adware, and phishing and fraud sites
• Over a quarter of the high risk URLs visited by employees were related to botnets
• Almost 1 in 5 risky links led to sites containing spam, adware or malware
• Phishing and fraud, which garner an outsized proportion of news, account for only 4% of the URLs visited
• The ‘other’ category, representing 51% of the data in the chart above, is made up of ‘low-severity’ risky content, such as websites that use proxies, translations and other methods that circumvent URL filtering or monitoring.

2020, a wake-up call for the enterprise and the IT and security teams

IT and security organizations invest heavily to protect their perimeter. Workers located behind desks that are connected to corporate networks are generally safe, secure and productive. They are often unaware that several layers of technology, such as firewalls, are in place to protect them.

With the world continuing to shift to a more mobile and remote environment, 2020 has been a wake-up call for the enterprise and the IT and security teams that support it.

“As this research highlights, remote workers are frequently accessing risky content that would normally be blocked by firewalls and other security tools that monitor internal network traffic. Naturally, this poses an enormous threat to the enterprise,” said Achi Lewis, EMEA Director, NetMotion Software.

“Added to this, many organizations have no visibility into the activity taking place on external networks, let alone any means to prevent it. With such a rapid shift to remote work, enterprise security teams have been left flat-footed, unable to adequately protect users in the face of increasingly sophisticated cyberattacks.”

As a result, security leaders need to look to SDP and other edge-to-edge security technologies that can provide web filtering on any network as they seek to evolve outdated network security strategies.

from Help Net Security https://ift.tt/3dEgM1y

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, increased 2.2% in the first quarter of 2020 (1Q20) while investments in traditional, non-cloud, infrastructure plunged 16.3% year over year, according to IDC.

Pandemic as the major factor driving infrastructure spending

The broadening impact of the COVID-19 pandemic was the major factor driving infrastructure spending in the first quarter. Widespread lockdowns across the world and staged reopening of economies triggered increased demand for cloud-based consumer and business services driving additional demand for server, storage, and networking infrastructure utilized by cloud service provider datacenters.

As a result, public cloud was the only deployment segment escaping year-over-year declines in 1Q20 reaching $10.1 billion in spend on IT infrastructure at 6.4% year-over-year growth. Spending on private cloud infrastructure declined 6.3% year over year in 1Q to $4.4 billion.

The pace set in the first quarter is expected to continue through rest of the year as cloud adoption continues to get an additional boost driven by demand for more efficient and resilient infrastructure deployment.

For the full year, investments in cloud IT infrastructure will surpass spending on non-cloud infrastructure and reach $69.5 billion or 54.2% of the overall IT infrastructure spend.

Spending on private cloud infrastructure expected to recover

Spending on private cloud infrastructure is expected to recover during the year and will compensate for the first quarter declines leading to 1.1% growth for the full year. Spending on public cloud infrastructure will grow 5.7% and will reach $47.7 billion representing 68.6% of the total cloud infrastructure spend.

Disparity in 2020 infrastructure spending dynamics for cloud and non-cloud environments will ripple through all three IT infrastructure domains – Ethernet switches, compute, and storage platforms.

Within cloud deployment environments, compute platforms will remain the largest category of spending on cloud IT infrastructure at $36.2 billion while storage platforms will be fastest growing segment with spending increasing 8.1% to $24.9 billion. The Ethernet switch segment will grow at 3.7% year over year.

Vendor revenues by region

At the regional level, year-over-year changes in vendor revenues in the cloud IT Infrastructure segment varied significantly during 1Q20, ranging from 21% growth in China to a decline of 12.1% in Western Europe.

Long term, spending on cloud IT infrastructure is expected to grow at a five-year CAGR of 9.6%, reaching $105.6 billion in 2024 and accounting for 62.8% of total IT infrastructure spend.

Public cloud datacenters will account for 67.4% of this amount, growing at a 9.5% CAGR. Spending on private cloud infrastructure will grow at a CAGR of 9.8%. Spending on non-cloud IT infrastructure will rebound somewhat in 2020 but will continue declining with a five-year CAGR of -1.6%.

from Help Net Security https://ift.tt/3dOXGFP

A University of Texas at Dallas study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children’s online privacy.

Dr. Kanad Basu, assistant professor of electrical and computer engineering in the Erik Jonsson School of Engineering and Computer Science and lead author of the study, along with colleagues elsewhere, developed a tool that can determine whether an Android game or other mobile app complies with the federal Children’s Online Privacy Protection Act (COPPA).

The researchers introduced and tested their “COPPA Tracking by Checking Hardware-Level Activity,” or COPPTCHA, tool in a study. The tool was 99% accurate. Researchers continue to improve the technology, which they plan to make available for download at no cost.

Games and other apps that violate COPPA pose privacy risks

Basu said games and other apps that violate COPPA pose privacy risks that could make it possible for someone to determine a child’s identity and location. He said the risk is heightened as more people are accessing apps from home, rather than public places, due to the COVID-19 pandemic.

“Suppose the app collects information showing that there is a child on Preston Road in Plano, Texas, downloading the app. A trafficker could potentially get the user’s email ID and geographic location and try to kidnap the child. It’s really, really scary,” Basu said.

Apps can access personal identifiable information, including names, email addresses, phone numbers, location, audio and visual recordings, and unique identifiers for devices such as an international mobile equipment identity (IMEI), media access control (MAC) addresses, Android ID and Android advertising ID.

The advertising ID, for example, allows app developers to collect information on users’ interests, which they can then sell to advertisers.

“When you download an app, it can access a lot of information on your cellphone,” Basu said. “You have to keep in mind that all this info can be collected by these apps and sent to third parties. What do they do with it? They can pretty much do anything. We should be careful about this.”

Protecting children’s online privacy

The researchers’ technique accesses a device’s special-purpose register, a type of temporary data-storage location within a microprocessor that monitors various aspects of the microprocessor’s function. Whenever an app transmits data, the activity leaves footprints that can be detected by the special-purpose register.

COPPA requires that websites and online services directed to children obtain parental consent before collecting personal information from anyone younger than 13; however, as Basu’s research found, many popular apps do not comply. He found that many popular games designed specifically for young children revealed users’ Android IDs, Android advertising IDs and device descriptions.

Basu recommends that parents use caution when downloading or allowing children to download apps.

“If your kid asks you to download a popular game app, you’re likely to download it,” Basu said. “A problem with our society is that many people are not aware of — or don’t care about – the threats in terms of privacy.”

Basu advises keeping downloads to a minimum.

“I try to limit my downloading of apps as much as possible,” Basu said. “I don’t download apps unless I need to.”

from Help Net Security https://ift.tt/3g7IIwk

McAfee, the device-to-cloud cybersecurity company, announced general availability of McAfee MVISION Insights, the industry’s first proactive security solution that changes the cyber security paradigm by helping to stop threats before the attack.

MVISION Insights provides actionable and preemptive threat intelligence by leveraging McAfee’s cutting-edge threat research, augmented with sophisticated Artificial intelligence (AI) applied to real-time threat telemetry streamed from over 1 billion sensors.

The integration of MVISION Insights significantly enhances the capabilities of McAfee’s award winning endpoint security platform by managing the attack surface, preventing ransomware and aiding security teams to easily investigate and respond to advanced attacks.

According to recent internal research by McAfee, over 90 percent of security teams feel that they are not proactively prepared for the emerging threat landscape. While there is a plethora of threat intelligence feeds available in the market, actionable and contextual threat intelligence is hard to find.

Additionally, multiple siloed endpoint security tools are tiring down security teams who are struggling to enable their organizations to safely adopt the cloud for digital transformation. The integration of MVISION Insights into McAfee’s endpoint security platform is designed to eliminate some of the burden on security operations professionals.

“CISOs want an answer to a fundamental question: How truly protected they are against the latest adversarial campaign targeting their organization,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.

“Our latest endpoint security innovation, MVISION Insights, delivers the industry first actionable threat intelligence so organizations can preempt an attack rather than scramble to contain a breach.”

McAfee’s endpoint security platform incorporates MVISION Insights and integrates multiple proven and new innovations to help deliver the following key customer outcomes:

• Preempt attacks by “shifting-left” (engaging early) in the attack lifecycle with security posture scores, configuration assessment and automated policies and updates
• Prevent ransomware and other advanced malware with integrated native OS controls, behavioral blocking, exploit prevention, machine learning and file-less threat defense
• Simplify investigation and response to sophisticated threat campaigns with unified Endpoint Detection and Response (EDR) capabilities that include continuous monitoring, multi-sensor telemetry, AI-guided investigations, MITRE ATT&CK mapping and real-time hunting
• Diminish the impact of an attack with enhanced remediation capabilities, which can roll back the destructive effect of a ransomware attack by restoring affected files and negating the need for system reimaging
• Gain operational efficiencies with a cloud-delivered and unified endpoint solution that reduces total cost of operations and complexity

from Help Net Security https://ift.tt/3iePemV