All posts by admin

Why people are lugging around their sensitive information every single day

Walking down the street, have you ever seen a woman pushing a wheelbarrow filled to the brim with photos? Have you ever watched a man push a cart overflowing with letters and envelopes? How about a backpack stuffed with rolodexes?

As weird as that all sounds, if you’ve seen a person walking down the street and looking at their phone you have seen exactly what we’ve described. Here’s what we mean:

Those photos in that wheelbarrow, the letters, the rolodexes? They’re representative of the large amounts of data that live on a mobile device. Mobile devices carry around and access so much more information than we realize. It’s the password or fingerprint you use to access your device and all your accounts. The photos of your child’s first birthday. The financial and customer records you access through apps. The personal information you hide in your notes.

You trust this information to your phone or tablet because these devices make your life simpler, more connected. They help you navigate better, inspire you to stay healthy, give you faster and smarter ways to complete your work, and quicker access to your financials — and these are just a few ways mobile devices have helped people all around the world.

Indeed, in many countries phones and tablets act as a primary and portable computing device — cheaper and more reliable in many cases than PCs.

Our lives have become mobile, but with great power comes great responsibility. Sensitive information, or data, is money to a criminal. Check out this article from a past talk at Def Con (the world’s largest hacker conference) about the underground markets where much of this data is sold.

So if your data is increasingly mobile, shouldn’t your security be too?

To learn about how Lookout protects individuals’ mobile devices, read more here. Interested in learning about our Mobile Threat Protection for enterprises? Read more here.

Don’t have Lookout on your device?

Screen Shot 2015-12-04 at 2.17.08 PM Screen Shot 2015-12-04 at 2.17.16 PM

Perimeter Inversion: Turning Digital Security Inside Out

We need security solutions that are designed from the ground up to operate in today’s dynamic environment.

The idea of a network perimeter is quickly morphing into something more complicated. We work outside of the corporate network on our own devices, storing and moving things through clouds of applications, storage, and service providers. How will security change in the next few years to adapt to this new reality?

Almost since its inception, digital security has followed a perimeter model, which may seem like the Maginot Line of cybersecurity. We are spending more and more time outside the firewall, so we need to think beyond it. At the same time, attackers are finding new vulnerabilities to get under the walls, developing new techniques to get around them, and finding softer targets with valuable assets to compromise. With the wide scale adoption of server virtualization and cloud computing, the concept of an enterprise data center has evolved into private and hybrid clouds that span on-premises and cloud-hosted servers in a seamless fashion.

The new security model needs to follow the data and users, as well as their devices and services. This does not mean that security will be completely cloud-based, with no on-premises component. Cloud computing and storage will still incorporate a perimeter and access approach, as will the data center. The data center needs to shift focus from servers to applications and data, which move in a dynamic manner with decreasing emphasis on location or ownership of hardware. But it will have to augment this with multiple vantage points of traffic flows, analytics, and collaborative intelligence. Encrypted communications make it difficult for firewalls to inspect individual traffic flows, increasing the importance of multiple perspectives.

This is strikingly similar to the physical security world we find around us. Attackers are not defined by physical borders, so defenses need a much higher level of collaboration, large volumes of intelligence, and powerful analytics to pull insight out of the noise and chatter.

Real-Time Security

The key to successful security operations in the new data center is real-time dynamic provisioning and orchestration. Security must follow the data, follow the application, and follow the user. One approach is a dynamic perimeter that forms around every flow. The network is no longer static or deterministic; it has become fluid, and security needs to be agile. This means implementing cloud security solutions that can redirect flows between endpoint devices and applications for inspection, analysis, and prediction. These solutions need to ask, “Is this normal activity between this device/location/user/application?”

With mobile users and IoT devices connecting directly to the cloud, the new model means securing the channel between endpoints and applications, not just with encryption but by watching out for attacker redirection and man-in-the-middle attacks that could disrupt devices or data enough to affect your operations. Encryption and tokenization become critical when corporate data is stored on shared resources in hybrid or public clouds. Data must be secured both at rest and at all points of the flow to protect it from hardware or virtualization exploits. Identity and policy management will become extremely important in such a dynamic environment, defining and enforcing policies that prevent sensitive information such as personally identifiable data or health details from straying outside of secure locations and devices.

Another approach of real-time dynamic provisioning and orchestration is shrinking the perimeter around each individual device, forcing the devices to protect themselves. Many devices will not have the compute power necessary to do this, requiring a mix of hardware-enabled trust and cloud-based processing.

Perhaps the most important part of this new security model is the analytics necessary to put together multiple observations from different agents at varying points in the cloud into a cohesive picture that can differentiate signal from noise, without an overwhelming number of false positives.

An interesting analogy to this method is how airplane flight control systems were developed. Different developers in different locations using different languages and algorithms running on different hardware developed systems for the same set of controls. In operation, only when multiple systems were within tolerance would the airplane actually take action. In security, this approach not only reduces false positives, it makes it far more difficult for attackers to develop threats that can evade the detection algorithms because multiple are in use at any time.

We need to build security solutions that are designed from the ground up to operate in this new dynamic environment: Multiple perimeters, hardware-based trust, and cloud-scale analytics fuelled by large volumes of shared threat intelligence must enable local and cloud-based agents to detect and disrupt attacks at machine speeds. 

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, … View Full Bio

More Insights

Four critical Android flaws fixed in monthly Nexus patch update

(Image: CNET/CBS Interactive)

Google has fixed 16 security vulnerabilities in Android, four of which it rated “critical.”

The search and mobile giant said earlier this year it will release monthly security patches to ensure devices are protected against the latest security flaws. On Monday the company released its fifth monthly release so far for all Nexus devices.

Google said the most severe bugs (CVE-2015-6619) is rated at the highest “critical” level due to the possibility of a “permanent device compromise” that could only be repaired by reflashing the Android software.

The bug, which affects all versions of Android, was reported earlier this year. It could allow an attacker to remotely run code by exploiting a flaw in the system kernel.

Google said it had “no reports of active customer exploitation” of these new issues.

The remaining “critical” bugs relate to media file processing.

One of the bulletins (CVE-2015-6616) said an attacker could be allowed to remotely run malware, which could be triggered by sending an MMS with a specially-crafted media file to an affected device, leading to memory corruption.

The critical flaw targets a core part of the Android software, which has access to permissions that third-party apps cannot normally access, the advisory said.

All versions of Android are affected by three of the bugs in the bulletin.

A similar flaw (CVE-2015-6617) affects all versions of Android, which could lead to an attacker running malware by sending an MMS with a specially-crafted media file to an affected device.

Other highly-rated vulnerabilities target flaws in Bluetooth, the media processing service, audio file processing, and how Android handles Wi-Fi.

Nexus devices will get the security updates first, while other Android manufacturers — Samsung, LG, and BlackBerry — will follow suit in the coming days.

Brazen North American Cyber Underground Offers DIY Criminal Wares For Cheap

Inexpensive and easily accessible cybercrime products and services as well as drugs, counterfeit documents, weapons, cater to would-be and existing criminals, new report says.

You don’t have to be a stealthy hacker or member of organized crime to buy and sell goods in the North American cyber underground: it’s a wide open, easily accessible cyber marketplace that makes it easy for anyone to illegally buy weapons, crimeware, and botnets.

What sets the North American underground economy apart from that of Russia and other more stealthy cyber-based crime conduits is that it’s easy for novices to access — there’s no limited access like in the Russian underground. And that means it makes it easy for anyone to conduct cybercrime or access the tools for physical crime, a new report from Trend Micro has found.

“It’s more of an Amazon [type] shopping mall for goods and services, a one-stop shop for anything nefarious,” says Tom Kellermann, chief cybersecurity officer at Trend Micro.

Many of the underground sites studied by Trend Micro are searchable via the Web. All it takes is the right search query, and a novice can access what he or she needs to perform criminal acts, such as guides for how to use VPNs or TOR for nefarious purposes, and goods and services for cybercrime (stolen payment card information), physical fraud (fake passports), drugs, and even murder. “You can get ransomware in the US for $10,” Kellermann notes.

But the brazen openness of the North American cyber underground also means it’s in the sights of law enforcement, a tradeoff the peddlers and buyers seem willing to risk. They get around getting busted by constantly changing up their sites: “Although several criminal transactions are done out in the open, they are very fickle. The life span of most underground sites is short. They could be up one day and gone the next. Investigations will have to keep up with this fast pace,” Trend Micro’s report says.

There’s also rampant competition among the vendors, which has made the purchase of these wares relatively inexpensive.

[When you think cybercrime, Japan probably isn’t top of mind. But like anywhere else, the bad guys there are following the money, and an emerging yet highly stealthy underground economy is growing in Japan. Read Japan’s Cybercrime Underground On The Rise.]

One of the trademark offerings in the North American underground is crypting services, which offer bad guys a way to camouflage their malware from anti-malware systems. They submit their malware, and the providers check it against security tools and then encrypt it such that it’s no longer detectable. That service is available from $20 for a one-shot deal to $1,000 for a monthly offering.

The Xena RAT Builder crimeware kit is price anywhere from $1 to $50, and offers two levels of customer service:  silver ($15) and gold ($20). Gold encrypts it so it’s undetectable. Would-be cybercriminals can buy a worm from between $7 and $10; botnet or botnet-builder tools for between $5 and $200; ransomware for $10; and the Betabot DDoS tool for $74.

There also are DDoS-as-a-service options, which start as low as $5 for 300 seconds of a 40 gigabits-per-second DDoS attack, to $60 for a 2,000-second 125Gbps DDoS. Bulletproof hosting services are also available for $75 per month.

A phony US passport costs $30, and a phony US driver’s license, $145, Trend Micro’s researchers found.

“They’re [the sellers] trying to enable anyone with criminal intentions. That’s problematic,” Trend Micro’s Kellermann says. “It speaks to more crime having a duality to it, and with cyber-components.”

Unlike the Russian underground, North America’s has no organizational structure, he says. “Germany’s is the most sophisticated in operational security … Russia is selling the most zero-days and advanced attack platforms.”

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

More Insights

IBM’s #HackAHairDryer: A lesson in turning STEM women away from your company

screen-shot-2015-12-07-at-12-24-48.png

When a company like IBM unintentionally reinforces stereotypes which compartmentalize women into a species which only cares about looking good and domestic chores, the backlash is going to be something stunning to see.

Let’s talk about #HackAHairDryer, the latest campaign designed to lure more women into the STEM (science, technology, engineering and mathematics) fields by. Big Blue’s latest scheme — dating back from October but receiving little attention — was recently re-advertized over Twitter using the #HackAHairDryer hashtag.

This time, people took notice. A number of female engineers, scientists, coders and the like are not too happy, and you can no doubt guess why if you watch the video below.

[embedded content]

Twitter did not receive the promotion well. Below is a cross-section of some of the responses:

screen-shot-2015-12-07-at-17-15-29.png

screen-shot-2015-12-07-at-17-15-29.png

screen-shot-2015-12-07-at-17-15-59.png

screen-shot-2015-12-07-at-17-15-59.png

screen-shot-2015-12-07-at-17-16-38.png

screen-shot-2015-12-07-at-17-16-38.png

screen-shot-2015-12-07-at-17-17-13.png

screen-shot-2015-12-07-at-17-17-13.png

Speaking to ZDNet, an IBM spokeswoman said:

“The videos were part of a larger campaign to promote STEM careers. It missed the mark for some and we apologise. It is being discontinued.”

Let’s be frank. How anyone in this day and age can think such a campaign is a good idea — especially for a company with the reputation and reach of IBM — is outrageous. Any women in these fields, working alongside their often excellent male counterparts, can be equally competent and should be treated as such.

The video talks of innovation “not caring what you look like,” while at the same time, uses a woman, hairdryer and scattered cosmetics to, what, not enforce stereotypes? If IBM has a shortage of male coders in the future shall we see an accompanying campaign dubbed #HackAHairClipper?

If you compare this promotional content to another video posted by IBM seeking new recruits for digital technology — will both men and women discussing such careers — the #HackAHairDryer campaign comes out even worse. The Digital IBMer video is actually professional, showing both genders to be equal in terms of passion and potential and does not leave a bad taste in the mouth.

The technology industry is stiff with competition and it is not a walk in the park to work within it, whether you are male or female. However, in any industry, women still have to put up with these ridiculous stereotypes across all walks of life, and it will take the gradual adjustment of attitudes in the West — which many companies and individuals are trying to promote — before this changes.

So no, IBM — I don’t want to play with a hairdryer on your behalf. I’m happier cracking connected home appliances and poking servers, thank you.

That’s why it’s so frustrating when companies like IBM mess up, albeit with the best intentions. Not only can this campaign be interpreted as derogatory when it comes to the place of women in tech — and that’s certainly the way I took it — but the video is meant to represent IBM’s business culture.

A wonderful representation, hm?

Bad form, IBM. If you want to promote gender equality and engage more female STEM recruits, leave talk of hair dryers, cosmetics, kitschy music and a terrible voice-over at the door next time.