Chinese Leader Xi Jinping Lays out Plan to Control the Global Internet: Leaked Documents

From: Cyber Defense Magazine -

[EXCERPT] Chinese leader Xi Jinping personally directed the communist regime to focus its efforts to control the global […]

The post Chinese Leader Xi Jinping Lays out Plan to Control the Global Internet: Leaked Documents appeared first on Cyber Defense Magazine.

... Keep reading this article at Cyber Defense Magazine

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

From: Cyber Defense Magazine -

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last […]

The post Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs appeared first on Cyber Defense Magazine.

... Keep reading this article at Cyber Defense Magazine

Boffins found a bug in Apple AirDrop that could leak users’ personal info

From: Cyber Defense Magazine -

Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins […]

The post Boffins found a bug in Apple AirDrop that could leak users’ personal info appeared first on Cyber Defense Magazine.

... Keep reading this article at Cyber Defense Magazine

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

From: Cyber Defense Magazine -

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other […]

The post A new Linux Botnet abuses IaC Tools to spread and other emerging techniques appeared first on Cyber Defense Magazine.

... Keep reading this article at Cyber Defense Magazine

Smart TVs: Yet another way for attackers to break into your home?

Denise Giusto Bilić 2 Aug 2019

A primer on why internet-enabled TVs make for attractive and potentially soft targets, and how cybercriminals can ruin more than your TV viewing experience

With their high-resolution screens, cameras, microphones and innovative interfaces geared towards a better user experience, smart TVs have found their way into many homes. They have become so popular that, according to Statista, more than 114 million smart TVs were sold globally in 2018 and smart TVs account for the majority of TVs sold these days.

In addition, consumers also have the option to turn “dumb” TV sets with HDMI input into “smart” ones by connecting them to external streaming devices. Three of the best-known streaming devices are Google Chromecast, Amazon’s Fire TV, and Apple TV. Nonetheless, there are dozens of TV boxes or streaming boxes that offer similar features.

It is little surprise that Android TV – which encompasses both pure Android implementations and manufacturer-modified versions – is the most popular operating system for smart TVs. With Android and Android TV sharing the same base architecture, many malware strains targeting your Android-powered smartphone or tablet are just as capable of causing havoc on your internet-enabled TV.

How can a smart TV be compromised?

Cybercriminals are typically driven by financial motives. That means they want information they can sell, data they can use to blackmail people, hardware they can hijack, or computing power they can harness. Smart TVs might provide all these opportunities, making them appealing targets.

There’s an arsenal of tools that attackers can combine and use to wreak havoc on a victim’s digital – and actual – life. Malware, social engineering, vulnerabilities, wrong or weak settings, and physical attacks against smart TVs in public spaces rank among the most common techniques used to gain control of smart TVs.

To be sure, Android security has improved since its days of old. The platform, released more than a decade ago, is now more resilient to exploits, its sandboxing techniques have been enhanced, and its attack surface has been reduced courtesy of limiting the number of processes running with root privileges.

Still, its open-source character and huge popularity, together with the imperfect vetting process for Google Play apps, has made the platform, and its users, an appealing target. With Android’s expansion into the Internet of Things (IoT) arena, the risks clearly go beyond touchscreen mobile devices.


There have been cases of smart TVs falling prey to ransomware similar to Simplocker and the “police virus“ – threats that instruct victims to pay up in order to recover access to their devices. Meanwhile, in 2018 a worm called ADB.Miner hijacked the computing power of thousands of Android devices, including many Android-based smart TVs, and used them to mine digital coins for the attackers. This threat is an example of how malware designed for cryptocurrency-mining has become more complex, gaining the ability to self-propagate and install itself on Android devices by exploiting open debug ports.

Compounding things further, many users root their devices and install software from outside Google Play store for Android TV. Once a device is rooted, an app can run loose and, if malicious, it can leverage the elevated permissions for stealing information from accounts in other apps, execute a keylogger or overall neutralize the system’s security safeguards.

Poor configuration

As hinted at earlier, another threat potentially looming large has to do with misconfiguration of your smart TV. This could be the fault of the vendor, who modified the underlying operating system to add new functionalities, or it could very well be due to your own negligence, or it could be a combination of the two.

The most common ways that device misconfiguration that ultimately set the stage for a cyberattack include keeping ports open, using insecure protocols, enabling debugging mechanisms, relying on poor or default passwords (or no passwords at all), as well as using unneeded services and, as a result, expanding your attack surface.

Lest it be forgotten, insecure settings paved the way to the ADB.Miner outbreak, as the worm scanned for devices with their Android Debug Bridge (ADB) open to remote connections.


Smart TVs are also known to suffer from security vulnerabilities that can make them easy prey for hackers. This includes flaws that make it possible to control some TV models remotely using public APIs or vulnerabilities that allow attackers to run arbitrary commands on the system.

Other proof-of-concept or actual attacks relied on the use of HbbTV (Hybrid Broadcast Broadband TV) commands to gain administrator permissions and execute malicious actions. Additional examples aren’t hard to come by, and one of our earlier articles listed a slew of them.

The fact that TVs have voice assistants built-in and link to a variety of IoT sensors opens another potential attack vector. The large amounts of information that they handle, together with their being hubs for endless sensors, only boosts their appeal to cybercriminals.

Physical attacks through USB ports

Although vulnerabilities can be patched and users can educate themselves to avoid falling for scams, many TVs still wind up in vulnerable spaces. Places where they are physically accessible to outsiders, such as in waiting rooms outside offices or in private living rooms used for events attended by guests who are effectively strangers.

For example, USB ports can be used to run malicious scripts or to exploit vulnerabilities. This can be done quickly and easily by using certain gadgets, such as the famous (or infamous) Bash Bunny by Hak5 and its predecessor, the Rubber Ducky, or indeed any hardware with similar features. And – spoiler alert – they aren’t particularly complicated or expensive to create from zero, either.

With these gadgets in their hands, attackers can automate a wide range of malicious actions based on interaction with the user interface and launch an attack in just a few seconds by simply plugging in a device that looks like a USB stick.

Social engineering

Generally speaking, social engineering remains at the heart of many campaigns aimed at stealing personal information, distributing malware or exploiting security loopholes.

There is nary a smart TV that doesn’t come fitted with an email client and web browser, which is why the devices are not exempt from risks such as phishing and other types of online fraud that are typically associated only with computers and smartphones.


As smart TVs gain more features, the amount and sensitivity of the data they handle are increasingly appealing to cybercriminals. The TVs can be misused to spy on users with the cameras and microphone or act as jumping-off points for attacks at other devices in home and corporate networks.

The more people buy these and other IoT gadgets, the more incentive attackers have to design new ways to take advantage of the diverse range of products within the IoT ecosystem. This underscores the need for awareness of some of the key attack vectors and, by extension, the ways to stay safe. This article covers the former; and here is a bunch of practical tips that can help you with the latter.


Content retrieved from: https://www.welivesecurity.com/2019/08/02/smart-tvs-way-attackers-home/.

Utilizing Cyber Security Standards And Frameworks

Alarice Rajagopal

After establishing a risk assessment and risk management as the foundation for a cyber security program, many enterprises then turn to a control framework or set of standards to help streamline processes and reduce costs. Standards can help the organization define terminology, and manage systems, processes and controls in a more streamlined or uniform manner.

On the other hand, many enterprises have to comply with a mix of state, industry-specific and/or international cyber security regulations. When it comes to our recent “Cyber Security Mid-Year Snapshot 2019” survey respondents, Figure 16 (below) shows that most are using the ISO/IEC 27000 family of standards at 44.93%, which aims to help organizations ‘keep information assets secure.’

The next largest group is leveraging the NIST Cyber Security Framework (CSF) at 39.13%. As shown in the survey demographics, almost half of respondents are based in North America, so it comes as no surprise that the NIST CSF is high on the list. In the U.S., this Framework is widely pointed to as the go-to standard for security practices and development. While the use of the CSF is not mandatory for the private sector, many enterprise security leaders are still adopting it to provide a more common language and systematic methodology.

“The updated NIST cyber security framework is a pragmatic tool to enable an organization to gain clarity on its current level of capability for cyber risk management,” says James Turner, cyber security industry analyst for IBRS.

Modeled after the NIST CSF is its latest Privacy Framework, which was announced at RSAC 2019, that is also meant to be risk-based/outcome-based and non-prescriptive, in order to increase adoption. With the abundance of data breaches in the news lately, this could be an upcoming framework to watch as enterprises try to get a better handle on their data privacy security strategies.

Finally, and perhaps surprising is the next highest number of respondents that aren’t using any industry frameworks or standards at all (28.99%). As this is the first introduction of the question for survey takers, it’ll be interesting to follow up and determine whether or not the use of these continues to grow or stall.

Content retrieved from: https://www.cshub.com/security-strategy/articles/utilizing-cyber-security-standards-and-frameworks.

Why cyber security professionals should wish it was Christmas everyday

Information Age – 30 November 2018

Nigel Gilhepsy, Director of Services, Europe, Optiv explains to Information Age what cyber security steps organisations should take if they implement payment security

The holidays are coming, but if organisations prioritise the correct cyber security practices and strategies all year round, everyone can join in the festive fun knowing the utmost has been done to protect against cyber threats.

Christmas is fast approaching and the streets are already brimming with eager holiday shoppers, ready to buy gifts for loved ones and enjoy the festive spirit. But for those in cyber security, it can be a trying time with the stress around security threats: headline after headline, consumers are being warned about phishing scams, malicious websites, and implanted malware, and retailers are alerted to the inevitable cyber attack that will land on their doorstep, aimed at stealing a whole customer database of sensitive information.

There is indeed a string of truth to these claims, but the fact remains that all businesses and retailers that accept credit cards and electronic payments should not be more concerned by the festive period compared to any other time in the year. As retailers test their website capabilities in preparation for the traffic that they’ll experience from November onwards, the same should not be implemented for payment security. Instead, it should be a mandatory 365-days-a-year discipline.

There are already minimum standards relating to payment security, but organisations wrongly use it as an entire security framework for their business. Instead, security frameworks should be designed with each specific risk profile in mind, unique to that business – the data it stores, the incident response plan it has in place, and the most likely threat actors. By adhering to the Payment Card Industry Data Security Standard (PCI DS), companies may be able to achieve a minimum level of security but they will be poorly prepared in today’s connected world where thousands of monetary transactions take place.

A history of online payment security

‘Privacy and confidentiality of information, especially when it concerns financial data, is detrimental to customer satisfaction’
If you’re an organisation looking to implement vigilant payment security, here are four steps that you need to take:

Determine the businesses’ risk profile: It’s important to determine the most likely threat actors towards your business. A website selling bespoke hand-decorated mugs, for example, will have an exponentially different risk profile to a giant retail chain with millions of customers and online, mobile and store channels. The kinds of questions you can ask to move beyond the archaic guidelines of PCI DSS include: over what channels is your business accepting payment? Where is your data stored? What kind of data is being stored? Who is able to access the data? And crucially, who is most likely to want to steal the data and how they are going to do it? By answering these questions, companies are able to implement a payment security strategy that is unique to their specific operations.

Assess all Points of Sale: Typically, retail stores tend to focus on their in-store and credit card transactions. But it doesn’t stop there – today’s security requirements require securing data across the entire payment lifecycle, from the store and online to intermediaries and banks. We also pay with a much wider variety of tools too, from credit card readers, contactless readers, payment channels and digital channels, so there are plenty more endpoints to protect. Understanding your complete array of payment channels, and the entire payment lifecycle is key to establishing a secure payment system.

‘Security and fraud risks drive merchant payment decisions’

Security is a concern all year round, and in today’s complex, finely balanced business environment that concern is felt at all levels of an organisation
Optimise Cyber Operations: A company’s cyber operations are critical in an incident response plan and preventing the possibility of breaches. These capabilities are even more crucial in retail as payments move between consumers, point-of-sale systems, credit card providers and issuing banks. When you have the right staff, operations and technology working in tandem, they can form a successful foundation for an effective payment security strategy.

The threat from within: For viable payment security, it’s not enough to simply protect against threats from outside the business only. Businesses must ensure strict security on the inside too to prevent accidental insider threats but also deliberate malicious ones. Almost half of all data breaches can be attributed to insiders, so it is paramount to ensure strong identity and access management, application security, training and awareness programmes. Only this way can companies be protected from the inside out when their employees are clued up too.

Following these steps, companies in the payments handling space, particularly retailers and merchants, can significantly improve their payment security operations. It’s important to note however that these are not one time quick fixes, disbanded from each other. Each step is ongoing but also interrelated, which is why they can’t only be implemented during the busy shopping periods. Throughout the year, regardless of the size, type of business, or time in the year, companies need to not only understand their risk profile but continuously determine new threats on the scene, focus on points of sale, streamline operations and ensure they are developing their internal security.

The holidays are coming, but if organisations prioritise the correct cyber security practices and strategies all year round, everyone can join in the festive fun knowing the utmost has been done to protect against cyber threats.

Written by Nigel Gilhepsy, Director of Services, Europe, Optiv

Content retrieved from: https://www.information-age.com/cyber-security-christmas-everyday-123476925/.

10 top cybersecurity predictions for 2019

By David Wheldon – 9/12/2018
Security technology experts are viewing cyber defenses with concern as a new year approaches. They say that cyber attacks and data breaches continue to increase in both frequency and intensity, and organizations can expect more of the same in 2019. Here are 10 trends that are putting organizations at greatest risk.

What’s driving the growing investments in data security?

Organizations are increasingly under attack when it comes to their data and systems, whether from outside forces or internal sources. Data security threats seem to be always one step ahead, and most organizations say they don’t feel confident in the ability to prevent cyberattacks. Ian Kilpatrick, executive vice president of cyber security at Nuvias Group, discusses the top 10 trends that will impact cybersecurity in the year ahead.

Increase in crime, espionage and sabotage by rogue nation-states

“With the ongoing failure of significant national, international or UN level response and repercussion, nation-state sponsored espionage, cyber-crime and sabotage will continue to expand,” Kilpatrick writes. “Clearly, most organizations are simply not structured to defend against such attacks, which will succeed in penetrating defenses. Cybersecurity teams will need to rely on breach detection techniques.”

GDPR: The pain still to come

“The 25th of May, 2018 has come and gone, with many organizations breathing a sigh of relief that it was fairly painless,” Kilpatrick says. “They’ve put security processes in progress and can say that they are en route to a secure situation. So everything is OK? We are still awaiting the first big GDPR penalty. When it arrives, organizations are suddenly going to start looking seriously at what they really need to do. Facebook, BA, Cathay Pacific and others have suffered breaches recently, and will have different levels of corporate cost as a result, depending on which side of the May 25th deadline they sit. So GDPR will still have a big impact in 2019.”

Cloud insecurity: It’s your head on the block

“Cloud insecurity grew in 2018 and, unfortunately, it will carry on growing even more in 2019,” according to Kilpatrick. “Increasing amounts of data are being deployed from disparate parts of organizations, with more and more of that data ending up unsecured. Despite the continual publicity around repeated breaches, the majority of organizations do not have good housekeeping deployed and enforced across their whole data estate in the cloud.”

Single factor passwords: The dark ages

“As if we need the repetition, single-factor passwords are one of the simplest possible keys to the kingdom (helped by failure to manage network privileges once breached),” Kilpatrick explains. “Simple passwords are the key tool for attack vectors, from novice hackers right the way up to nation-state players. And yet they still remain the go-to security protection for the majority of organizations, despite the low cost and ease of deployment of multi-factor authentication solutions. Sadly, password theft and password-based breaches will persist as a daily occurrence in 2019.”

Malware: Protect or fail

“Ransomware, cryptomining, banking Trojans and VPN filters are some of the key malware challenges that continue to threaten businesses and consumers,” Kilpatrick says. “Live monitoring by Malwarebytes, Kaspersky and others has shown that the mix of threats varies during the year, but the end result of malware threats will be a bad 2019. Increasing sophistication will be seen in some areas such as ransomware, alongside new malware approaches and increased volumes of malware in other areas.”

Shift in attack vectors will drive cyber hygiene growth

“The ongoing shift of attack vectors, from the network to the user, is causing a reappraisal of how to manage security,” according to Kilpatrick. “Driven partly by the shift in boardroom awareness, and partly by GDPR, many organizations are recognizing, perhaps belatedly, that their users are their weakest link. Not only is there a greater awareness of the insider threat from malicious current and ex-staff, but there is also a growing recognition that staff cyber awareness and training is a crucial step in securing this vulnerable area. The response from organizations will take the form of cyber education, coupled with testing, measuring, and monitoring staff cyber behavior.”

IOT: The challenge will only increase

“We’ve already seen some of the security challenges raised by IoT, but 2019 will significantly demonstrate the upward trend in this area,” Kilpatrick explains. “Driven by the convenience and benefits that IoT can deliver, the technology is being increasingly deployed by many organizations, with minimal thought by many as to the security risks and potential consequences. Because some IoT deployments are well away from the main network areas, they have slipped in under the radar. In the absence of a standard or indeed, a perceived need for security, IoT will continue to be deployed, creating insecurity in areas that were previously secure.”

Increasing risks with shadow IT systems and bad housekeeping

“Shadow IT systems continue to proliferate, as do the number of applications and access points into systems, including legacy applications,” Kilpatrick says. “In the case of shadow IT systems, these are indefensible as they are, and in the case of increasing applications and access points, if they relate to old or abandoned applications, they are difficult to identify and defend. In both cases, these are an easy attack surface with significant oversight, internal politics and budget challenges, and were previously seen as a lower priority for resolution. However, there has been both an increased awareness of the opportunity for attack via this route, and an increase in the number of attacks, which will accelerate in 2019.”

DDoS: Usually unseen, but still a nightmare

“DDoS is the dirty secret for many organizations, and attacks will continue to grow in 2019, alongside the cost of defending against them,” Kilpatrick says. “Nevertheless, DDoS attacks aren’t generally newsworthy, unless a big name organization is involved or the site is down for a long time. And, of course, the victim does not want to draw attention to their lack of defense. That’s not good for customers or for share prices. The cost of launching an attack is comparatively low, often shockingly low, and the rewards are quick–the victim pays for it to go away.”

Cybersecurity in the boardroom

“A decade, perhaps two decades, late for some organizations, cybersecurity is now considered a key business risk by the board,” Kilpatrick notes. “2019 will see this trend accelerate, as boards demand clarity and understanding in an area that was often devolved as a sub-component of the CISO’s role and was not really a major topic for the boardroom. The financial, reputational and indeed C-suite employment risks of cyber breach will continue to drive board focus on cybersecurity up the agenda.”

Content retrieved from: https://www.healthdatamanagement.com/list/10-top-cybersecurity-predictions-for-2019.

The Mad Dash to Find a Cybersecurity Force

By Paulette Perhach – Nov. 7, 2018

A stunning statistic is reverberating in cybersecurity: An estimated 3.5 million cybersecurity jobs will be available but unfilled by 2021, according to predictions from Cybersecurity Ventures and other experts.

“It’s scary. Our power grid, our cars, our everyday devices — basically everything is online and able to be attacked,” said Georgia Weidman, author of “Penetration Testing: A Hands-On Introduction to Hacking.” Ms. Weidman is the founder of two cybersecurity companies, Bulb Security, where she is chief executive, and Shevirah, where she is chief technology officer. Shevirah specializes in security for mobile devices.

“It would certainly cause mass destruction if our power grid went down or our water pumps started going haywire or our dams decided to open all their sluices,” she said. “That’s actually something that could happen.”

According to a report released this year by the Identity Theft Resource Center, the number of data breaches tracked in the United States in 2017 hit a high of more than 1,500, up almost 45 percent over 2016. In one incident this year, the data of 29 million Facebook users was stolen.

In response to the sheer number of new digital gates that might be left open, employers and educators have had to become more creative in finding people to guard them.

They need penetration testers to simulate attacks to find and fix vulnerabilities that could be exploited by a real attacker.

They need malware analysts to find out what malicious programs do so they can protect from the attacks.

They need security researchers to discover new vulnerabilities in applications and other products — before the thieves do — so they can be fixed. They need security architects to make sure all the best practices are being followed.

According to the chief economist for LinkedIn, Guy Berger, there was a shortage as of September of 11,000 people with cybersecurity skills in the San Francisco Bay Area, 5,000 in New York and almost 4,000 in Seattle, the areas with the largest concentration of need. LinkedIn regularly issues work-force reports based on its analysis of jobs data in the United States.

Some major corporations have openly taken to hiring hackers to help protect them. An extreme example is Kevin Mitnick, who hacked into corporations, landed on the F.B.I. Most Wanted Fugitives list, went to jail for five years, but is now a security consultant to Fortune 500 companies and governments. As he says on his website about hackers, “It takes one to know one.”

Many companies are also putting less emphasis on the need for a college degree to qualify for a cybersecurity job, Ms. Weidman said. With an undergraduate degree in mathematics from Mary Baldwin College in Staunton, Va., and a master’s in computer science from James Madison University in Harrisonburg, Va., Ms. Weidman said she had seen how much hands-on experience really mattered in the cyberfield. That insight came early when she participated in the National Collegiate Cyber Defense Competition as a student.

The competition, which began in 2005, is held at colleges across the country and designed to test student teams’ abilities to detect and respond to outside threats and to protect services such as mail servers and web servers. The sponsors include high-tech companies like the defense contractor Raytheon and IBM, but also retailers like Walmart and transportation companies like Uber.

Recalling the difference between theoretical learning in college and hands-on experience, Ms. Weidman said she could do a lot of math about computer networking, “but could I actually manage a network at a company? Absolutely not.”

The people who were in community colleges would “wipe the floor with those of us at universities, because community colleges really were focused on how to do these things,” she said. “I think that people at the university level are starting to realize that we need more hands-on skills in cybersecurity, as well as just the theory.”

With that in mind, colleges and universities are changing their curriculums. Ms. Weidman is working with the Tulane School of Professional Advancement in New Orleans to build an online class for its Applied Computing Systems & Technology degree program.

At New York University, the Center for Cybersecurity has been operating for 20 years and graduates about 50 students annually. But this year, it created an online master’s program to help make the training more affordable in hopes of attracting more people to the field.

Students in cybersecurity get a 75 percent discount, so the master’s degree costs about $15,000, compared with about $60,000 for the traditional on-campus program. The online program enrolled 125 students in September and hopes to have 1,000 students annually within three or four years.

“Nationally, we graduate twice the number of psychology majors as opposed to engineers,” said Nasir Memon, professor and associate dean for online learning at the N.Y.U. Tandon School of Engineering. “We graduate as many park rangers as compared to computer scientists.”

Students frequently graduate in fields that lack opportunity for long-term careers, he said. If they want to switch to computer science in traditional programs, they can face daunting barriers, like multiple semesters of catch-up courses and a requirement to take the Graduate Record Examination.

“So one of the things we did is start a bridge program, where we say, we don’t care what you did in your undergrad; you could have done physics, anthropology, anything, just come on in,” Professor Memon said.

The welcome the school extends is in the form of an intense, four-month online program of computer science courses with a price of $1,500. If students pass, they are eligible for the full program.

This year, 230 students were accepted into the bridge program, 22 percent of them women. That number compares with 11 percent of women in the cybersecurity force over all, according to a 2017 report by the Center for Cyber Safety and Education and the Executive Women’s Forum on Information Security, Risk Management & Privacy.

Shamla Naidoo, global chief information security officer for IBM, has had success reaching out to mothers returning to work, as well as to veterans, to find potential cybersecurity workers.

“We’ve been talking about this for the last few years,” Ms. Naidoo said. “The first year, I spent a lot of time worrying about it. After that I thought, there’s no point in worrying about it, I’m going to have to go act, and I’m going to have to act in a nontraditional way. Posting a job description and hoping people are going to show up and apply to the job wasn’t working because the people just didn’t exist. So rather than trying to hire the skills and knowing they’re not as easily available, let’s create the skills internally.”

She created a system open to hiring people who have little or no experience, and, in many cases, even skills, in cybersecurity, with the understanding that they will come in, join a more experienced team and learn on the job. They are formed into teams of five to seven people solving one problem at a time, with the new employees teaming with more experienced security experts to watch.

Many skills from other industries are transferable to the cybersecurity field. Cybersecurity experts need to be able to communicate policies to, as Ms. Naidoo put it, “increase the cybersecurity I.Q.” of an entire organization. For example, people from a finance background might be able to educate their co-workers in accounting about cyberrisk.

She’s grown her team by about 25 percent over the last year with developers, consultants and research professionals. She said being more flexible in hiring, and hiring outside of the normal pipeline, had evened out some of the inequities in the field — like a relative dearth of minorities and women.

“To solve the skills shortage, we have to hire people who have the right aptitude, who have the right attitude, people who are curious, are willing to learn,” Ms. Naidoo said. “Outside of that, I have very few other criteria. I’m opening the aperture for where we look. I’m trying to hire in nontraditional places, nontraditional groups of people, and so I don’t expect them to have the skills or the experience that we need. I will hire people wherever I can find them.”

Michael Doran, 38, was a police officer in St. Louis for almost 10 years before going into cybersecurity.

“I quickly found out a lot of the older detectives were not doing a lot of the computer crimes,” he said. “I saw my opening there to make a niche for myself.”

After learning about the field of digital forensics, he took free, online courses through the National White Collar Crime Center. He then decided to get another bachelor’s degree and a master’s degree online in computer forensics and intelligence. He studied at Utica College from home while working full time.

He went to the cybercrimes unit as a forensic digital examiner within the St. Louis police department’s cybercrime unit. But it didn’t take long for the private industry to scoop him up.

“It was an offer I couldn’t refuse,” he said, speaking of more than doubling his salary to near six figures. “I took that chance, and I haven’t looked back since.”

He’s now a senior security consultant within the enterprise incident management team for Optiv, a cybersecurity company, where he performs digital forensics and interacts with clients.

More C-suite executives are filling their own skills gaps when it comes to cybersecurity, said Eric Rosenbach, co-director of the Belfer Center for Science and International Affairs at Harvard Kennedy School and former chief of staff at the Defense Department.

He runs an online class for working, senior-level executives “who are only now seeing how seriously they need to take it because they’ve seen so many other C.E.O.s get fired for major breaches,” said Mr. Rosenbach.

Offered at least six times a year, the classes educate 300 to 400 people each term. He says executives need to know how to minimize the legal, financial and public relations risks before an attack occurs.

Beyond the particular needs of firms in the cybersecurity arena, there is also a skills gap in the larger population that needs to be addressed, Mr. Rosenbach said.

“I’m surprised, even at Harvard, how few of the students here know very basic stuff about cyberhygiene, two-factor authentication, things like that, that people should be doing to protect themselves,” he said.

“One thing I don’t think people appreciate as much is that cyber is about human issues, it’s about training people not to do dumb things like click on spear-phishing links, holding people accountable. There’s a lot of human leadership involved in trying to improve cybersecurity.”


Content retrieved from: https://www.nytimes.com/2018/11/07/business/the-mad-dash-to-find-a-cybersecurity-force.html.

Cyber security high on European Commission agenda

Warwick Ashford – 07 Nov 2018

The European Commission (EC) is encouraging cooperation across the region to ensure improved cyber security across the board, says Miguel Gonzalez-Sancho, head of the EC’s unit for cyber technology and capacity building.“From the EC’s perspective, if cyber security and data protection are not addressed sufficiently in a satisfactory way, the whole digital economy is in danger,” he told the EEMA ISSE 2018 cyber security conference in Brussels.

In the light of the fact that cyber attacks know no borders, Gonzalez-Sancho said the EU leadership was keen to close the vulnerabilities created by the fact that the cyber response capacity differs from country to country in the region.

“The threat is global, which means everyone is affected,” he said. “But there are differences in terms of [cyber defence] preparedness, and attackers will always go for the weakest link, putting the whole system at risk, so there is a need to increase resilience to cyber threats and incident response and to do it in a coordinated way.”

For this reason, Gonzalez-Sancho said the EC was looking for ways to enable more robust and effective structures to ensure strong cyber resilience and respond to cyber attacks.

The main areas of focus in the EU’s cyber security policy focus, he said, are building EU resilience to cyber attacks, creating effective EU cyber deterrence capability and strengthening international cooperation on cyber security.

To support cyber security policies, the EU is providing funding research and development projects to develop capacity solutions through the Horizon 2020 programme and for cross-border deployment and cooperation through the Connecting Europe Facility programme, which has a budget of €3bn.

“For the future, the commission has made proposals for the next budget cycle to step up the funding support in cyber security for research and innovation through the Horizon Europe programme and the new Digital Europe programme, with an overall budget of €9.2bn.”

The Digital Europe programme is aimed at supporting procurement of advanced equipment, tools and data infrastructure; supporting the best use of European knowledge, capacity and skills; ensuring wide deployment of the latest solutions across the economy; and reinforcing capabilities for network and information systems.

Other programmes with a cyber security dimension include the European Defence Fund and the European Security Fund, said Gonzalez-Sancho.

Other initiatives involving building cyber security capacity and cooperation, he said, include the NIS directive, the proposed EU cyber security act, and plans to set up an EU-wide certification framework for ICT products, services and processes.

In conclusion, Gonzalez-Sancho said that despite the expertise in Europe, there was the risk of losing ground without effective cooperation regionally and internationally.

Despite the challenges of adapting institutions to work this way and political and economic threats to cooperation, he said it was imperative to improve cyber security response.



Content retrieved from: https://www.computerweekly.com/news/252452087/Cyber-security-high-on-European-Commission-agenda.

AI cybersecurity tools help spot threats before they cause harm


With billions of devices connected to the internet, the cybersecurity threat landscape is getting more complicated. From phones and desktop machines to servers, cloud applications and IoT devices, never before have more targets been available to those looking to cause harm.

According to research firm Enterprise Strategy Group (ESG), between 390,000 and 1 million new malware variations emerge every day. The average organization deals with over 200,000 security events daily. It’s estimated that, by 2021, there will be an astounding 3.5 million unfilled cybersecurity positions worldwide. This means that the threat landscape is not only getting more complicated, but it’s getting harder to manage these threats.

The emergence of AI and machine learning is bringing new intelligent capabilities to the mix to help provide more proactive visibility, control and mitigation of cybersecurity attacks. According to the ESG report, companies are increasingly looking to AI cybersecurity tools. Over 12% of enterprises have extensively deployed AI-based security analytics as of 2017, and 55% of surveyed firms plan to deploy machine learning and AI approaches to cybersecurity.

Advanced threat detection

AI algorithms are particularly good at pattern detection. Machine learning-based systems train on the vast existing databases of viruses and malware and can model the properties and characteristics of malicious programs. Once trained on these patterns, these AI systems can observe network traffic, data exchanges and system behavior to identify malicious patterns that might be worth closer examination.

In this way, AI-enabled cybersecurity tools don’t have to wait for the attack to occur before providing a response. So-called zero-day attacks, in which victim systems have no prior defense or awareness of the threat, can similarly be thwarted and prevented by smart cybersecurity software that learn from attacks on their own systems, as well as those from others in the network.

Similarly, AI cybersecurity tools can use their learning to determine patterns of attacks. The systems can categorize attacks based on threat level and adapt over time. They can determine whether the attacks originate from a specific location, target specific systems or fit specific categories. In this way, security researchers and security personnel can learn how to harden their environments to prevent future attacks and operate more proactively when faced with traffic from specific regions in the world or that target specific systems.

Proactive defense and threat mitigation

In addition to being better than humans or even traditional antivirus and antimalware systems at identifying and mitigating attacks, AI-enabled cybersecurity software can introduce new ways to defend and mitigate threats. Rather than simply shutting down servers or traffic in response to attacks, these systems can respond more creatively and adaptively to thwart attacks. In fact, the blunt response of shutting down systems in response to an attack might actually be the very thing that the attacker wants. From distributed denial-of-service attacks to attempts to harm critical infrastructure, the attacker wins by either overwhelming the system in question or by getting an overly aggressive response from security personnel.

Instead of these brute-force responses, AI cybersecurity tools learn how to thwart these attacks with adaptive responses that also minimize collateral damage. If an attack is trying to disrupt traffic, an AI-enabled cybersecurity tool might identify legitimate traffic from attacker traffic and split traffic to two different directions, keeping customers happy and keeping attackers at bay. If the system detects compromises to data or other infrastructure, it can apply backup data or systems so that any changes are reversed. The security tool can also respond in ways that the attacker can’t easily predict, emulating human behaviors instead of scripted cybersecurity responses.

Improved auditing of systems and patching

On the more mundane side, AI-based software is able to regularly probe systems, devices and data for vulnerabilities and apply patches and fixes to that infrastructure to prevent attackers from using previously identified means of compromising systems. Security analysts are regularly overwhelmed with the sheer scale of architectures and devices they need to protect. They have to constantly be aware of updates and patches that need to be applied to address yesterday’s security issues to prevent tomorrow’s problems. However, this is a near-impossible task for human operators.

While there are a number of automated systems that can be used to apply patches on a regular schedule or when updates are available, these are very much a one-size-fits-all approach and are subject to their own issues. Some updates can cause problems in functionality and need to be rolled back to prior versions. Others only work for specific devices or system configurations. AI-based cybersecurity tools more evenly and successfully apply patches to address security holes without introducing functionality problems. These AI-enabled systems can then continuously monitor systems, sources of patches and bug fixes, and additional sources to apply the right patches to the right systems at the right time.

Adapt to changing threats

Finally, with AI, systems are able to adapt to the continuously changing threat landscape. New devices, cloud applications, servers and systems introduce new threats that companies might not be aware of until the attacks occur. AI-based systems can creatively probe these systems to see what potential threats might emerge. This is a machine learning-enabled version of the penetration testing (pen testing) that software and hardware vendors regularly employ to make sure that their systems are as secure as possible.

Just as software quality assurance is increasingly being automated with AI capabilities, so too are penetration testing capabilities. AI-enabled solutions are increasingly emerging that provide continuous pen testing, as well as the ability for companies to respond to continuously evolving threats.


Content retrieved from: https://searchenterpriseai.techtarget.com/feature/AI-cybersecurity-tools-help-spot-threats-before-they-cause-harm.

Campaign cybersecurity poses next major challenge for federal election officials

By Jacqueline Thomsen – 11/01/18 

Federal officials say they want to help political campaigns guard against against cyberattacks, but are struggling to figure out how.

Election officials said this week that while much of the attention since 2016 has focused on protecting voting systems, campaigns remain highly susceptible to cyber intrusions. However, those same officials have no means of directly communicating with the hundreds, if not thousands, of candidates about how best to address cyber threats.

Robert Kolasky, director of the Department of Homeland Security’s (DHS) National Risk Management Center, said DHS has resorted to contacting the Republican and Democratic national committees to try to reach campaigns. And even then federal officials aren’t able to reach everyone.

Few campaigns reach out to DHS about cybersecurity issues, Kolasky told reporters on Tuesday, adding that candidates are more likely to contact the FBI or their national committees when they notice something has gone wrong.

He said that after the midterms he hopes lawmakers, officials and the political parties can figure out a better way to communicate when it comes to making sure campaigns have stronger protections against cyberattacks.

“Competitors work together on security, they don’t compete on security,” Kolasky said after an event at the Center for Strategic and International Studies (CSIS). “I’d like the department and campaigns to work together on security, work with the government, and not compete on security.”

Groups like the Belfer Center at Harvard University have offered guidance to campaigns on how to beef up their cybersecurity, while private firms have offered free resources to campaigns in recent months.

Microsoft provides free cybersecurity software to campaigns, as well as nonpartisan groups like think tanks, and other companies have offered similar resources at no cost.

John Gilligan, the CEO of the Center for Internet Security, said his group is starting to talk with campaigns about how they can offer support ahead of the 2020 elections.

Gilligan, speaking at the CSIS event, compared campaigns to “pick-up games.” A candidate will decide to run and quickly hire staffers to start the operation, he said, but those workers generally don’t include IT professionals or cybersecurity experts.

He said that after the midterms, his group will be among those “focused on seeing what we can do to help.”

“So we’re really starting an outreach effort now,” Gilligan said.

Still, the lack of institutionalized resources has been underscored in attacks on smaller campaigns, which generally lack the means or the know-how to tackle cyber threats.

Three Democratic candidates in California were victims of cyberattacks shortly before they lost their primaries, and all three attacks could have been prevented with basic security measures.

Jeanette Manfra, the chief cybersecurity official at DHS, said campaigns are more likely to push all of their resources toward getting their candidate elected, rather than focus funds on a relatively new area like cybersecurity.

“So how do you work to make sure that they have what they need from the security side?” she said after an event at the Carnegie Endowment for International Peace in Washington.

DHS and the FBI aren’t the only federal agencies charged with supporting elections. The Election Assistance Commission (EAC), created by the Help America Vote Act of 2002, also plays a role.

But for the time being, EAC’s hands are largely tied when it comes to finding a solution on campaign cybersecurity, according to Executive Direct Brian Newby. The commission has only two commissioners — one short of a quorum — meaning it can’t fully operate until at least one more member is confirmed by the Senate.

President Trump has tapped two nominees for the commission: Donald Palmer in July, and Brandon Halverson earlier this month. Both are awaiting action by the Senate Rules and Administration Committee.

Katie Boyd, a spokesperson for Committee Chairman Roy Blunt (R-Mo.), said the panel has no immediate plans to vote on the nominees. Newby said that if both nominees are approved by the Senate this year, the EAC will have four commissioners for the first time in roughly eight years.

“I think overall, the idea of what we can do to address campaign issues, other issues, I think will get a big boost when that occurs,” he said at Tuesday’s CSIS event.

But even if one of the nominees is confirmed, it’s unclear what role the agency would play in supporting campaign cybersecurity.

When campaigns fall victim to a cyberattack, they generally report it to their national party committee or organizations who in turn notify the FBI or other federal agencies.

A Republican National Committee (RNC) spokesperson told The Hill that the RNC has offered trainings on best security practices for staff and outside groups, and that it has hosted seminars and briefings to state party officials and campaigns on how to protect their systems from cyber threats.

The party also had DHS experts talk to the committee about cyber issues during the RNC’s annual meeting this summer.

At the DNC, chief security officer Bob Lord told The Hill that the committee has been having “low level” conversations with outside groups about how better to provide cybersecurity support to campaigns.

He said that after next week’s elections the DNC and other groups will figure out which areas they need to improve on and create a playbook for the 2020 elections. From there, he said, private and public groups are going to have to work together to come up with a solution to ensure campaigns are better protected from cyberattacks.

“There’s no one organization that’s going to be able to save the day,” Lord said.

Content retrieved from: https://thehill.com/policy/cybersecurity/414182-campaign-cybersecurity-poses-next-major-challenge-for-federal-election.

Team8 announces $85 million fund to build 8 cybersecurity startups

Chris O’Brien – October 23, 2018

Cybersecurity venture capital firm and startup studio Team8 announced it has raised $85 million from a coalition of major corporate partners to develop eight security startups over the next five years.

Those partners include Walmart, Airbus, Softbank, Moody’s, Dimension Data, Munich Re and Scotiabank. They join corporations that have already invested in Team8, including Microsoft’s venture arm M-12, Cisco Investments, and Nokia.

“The commitment from our new partners illustrates the significance of our work to galvanize digital transformation across all industries,” said Team8 CEO Nadav Zafrir in a statement. “The synergy and insight from leaders in retail, aerospace, insurance, financial services and technology combined with our unrivalled attacker perspective and data expertise at Team8 will enable companies to adopt new data-driven methods of working, ensuring they can retain their competitive advantage and thrive, in spite of cyber threats.”

Founded by former leaders of Israel’s military intelligence Unit 8200, Team8 has so far launched four companies and has another four operating in stealth mode. These portfolio companies are developing innovative approaches to cybersecurity. Team8 has now raised a total of $260 million and has 370 employees globally.

Team8 works by partnering with others to develop security companies that can solve problems arising from the rapid digitization of such large traditional businesses. In a press release, Team8 noted its partners were motivated to form a coalition after realizing many emerging security issues were beyond their capacity to address.

Following Team8’s company-building model, which is led by its own researchers and engineers, the collaborative effort will also include chief information officers and engineers from member organizations. Together, the group will decide how to develop companies around various cybersecurity isses and then back them with seed money.

“Walmart’s readiness to experiment with and adopt emerging technologies such as blockchain, VR and robotics is pivotal to continually improve our customer shopping experience, stay ahead of the curve and drive market share,” said Jerry Geisler, Walmart’s Chief Information Security Officer, in a statement. “Our digital transformation is underpinned by more connectivity than ever before. We’re joining Team8’s coalition because of their cybersecurity expertise, proven ability to integrate their viewpoints into leading technology solutions and unique access to insights from other sectors.”

Content retrieved from: https://venturebeat.com/2018/10/23/team8-announces-85-million-fund-to-build-8-cybersecurity-startups/.

IBM brings artificial intelligence to the heart of cybersecurity strategies

By Charlie Osborne – October 15, 2018

On Monday, the New York-based technology company unveiled the open platform, which IBM says “is the first security cloud platform built on open technologies, with AI at its core, to analyze federated security data across previously unconnected tools and environments.”

An analysis conducted by IBM suggests that cybersecurity teams in the enterprise use, on average, over 80 cybersecurity solutions provided by roughly 40 vendors.

This is a potential recipe for chaos and may reduce the overall effectiveness of security and defense.

IBM Security Connect makes use of both cloud technology and AI. Users of the platform will be able to apply machine learning and AI, including Watson for Cyber Security, to cybersecurity products to increase their effectiveness.

At launch, over a dozen security vendors and business partners have signed up.

“IBM Security Connect will help tackle some of the biggest security challenges today via open standards, which can help pave the way toward collaborative innovation,” the tech giant says. “As it is built on open standards, it can help companies build unique microservices, develop new security applications, integrate existing security solutions, and leverage data from open shared services.”

Artificial intelligence, which includes neural networking, machine learning, analytics, and the use of algorithms to complete tasks, allows machines to learn from experience.

In cybersecurity, the machine learning subset of AI has the most use — at least at this stage in AI development. While there is little use of ‘true’ cognitive AI, machine learning can provide a springboard from traditional, signature-based antivirus and cybersecurity solutions to a more extensive means of protection through data collection and analysis.

When machine learning systems are given a large enough data pool to digest and analyze, this can be used to help shrink attack surfaces through predictive analytics, the detection of what is likely to be suspicious behavior, and this, in turn, eases the burden on cybersecurity staff who often have to triage cybersecurity-related events on a daily basis.

AI and machine learning are not perfect and cannot be considered a silver bullet for cybersecurity defense. However, solutions and platforms which leverage these technologies can give the enterprise an additional way to defend themselves against cyberattacks which are constantly evolving and increasing in sophistication.

IBM appears to have recognized this opportunity in the cybersecurity market. Alongside the firm’s IBM Security Connect, the firm’s Security Operations Centers (SOCs) and Watson for Cyber Security are key elements of IBM’s move into the AI for cybersecurity market.

The firm’s SOCs are found in countries including the US, India, Japan, and Poland. The SOCs act as X-Force training hubs which offer training and cyberattack simulations, of which virtual environments are used to interact with real-life scenarios.

The centers process over one trillion security events every month to generate threat intelligence.

Big Blue’s Watson was integrated into a security offering last year. The supercomputer, which combines AI and data analytics, acts as a knowledge repository for cybersecurity professionals using IBM’s Cognitive Security Operations Center platform.

These services are not reserved purely for the enterprise; IBM also caters for government and federal agencies.

The ongoing effort to develop AI solutions for modern businesses is further achieved with the launch of IBM AI OpenScale, an enterprise platform for the creation and management of artificial intelligence applications.

In addition to IBM Security Connect, the company also announced a new addition to its Security Operations Center, a mobile unit called the IBM X-Force Command Cyber Tactical Operations Center (C-TOC).

The mobile unit will travel to companies in the US and Europe and offer training on incident response, defense strategies, and crisis leadership.

IBM has been pushing for the integration and further development of AI solutions in the enterprise and by taking up a vendor-agnostic stance in the AI realm especially when the need for cybersecurity solutions is great, the company is setting itself up as one of the major AI-security players not only in the present but potentially the future.

Content retrieved from: https://www.zdnet.com/article/why-artificial-intelligence-is-at-the-core-of-ibm-cybersecurity-strategies/.

  • Healthcare CIOs fear (and fend off) ransomware threats amid pandemic
    Mt. San Rafael Hospital thwarted a ransomware attack on one of its sister facilities earlier this year before anything could be compromised. The organization is still working through the details of the hack, says CIO Michael Archuleta, whose hospital is part of the BridgeCare Health Network, which includes five hospitals in Colorado.To read this article […]
  • HP CISO seeks to transform cybersecurity
    Driven by digital imperatives, more IT leaders have shed their order-taking shackles to become full-fledged business partners. Cybersecurity leaders are increasingly taking the same tack.To read this article in full, please click here(Insider Story)
  • BrandPost: Episode 2: You’re New to CIAM – Now What?
    So you’ve got a basic understanding of customer identity and access management (CIAM) and why it’s so important. Now it’s time to determine where you fall on Okta’s CIAM Maturity Curve and how to use that assessment to your advantage.In this second episode of our 5-episode podcast, The C-level Strategic Guide for CIAM Investment, we […]



Originally started in 1993, it was a meant to be a party for member of “Platinum Net”, a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I’ll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can’t remember. Why not invite everyone on #hack? Good idea!.

Take The First Step.

Contact Us

What We Do:

Government Cyber provides state-of-the-art, military grade cyber security solutions for municipal, state and federal government agencies as well as corporate clients.

Security Solutions For:


Contact Us