IT Security From The Eyes Of Data Scientists

Enterprises will increasingly employ data science experts to help drive security analytics and risk mitigation

 As IT security leaders try to base more of their day-to-day decisions on statistical analysis of relevant data coming from IT infrastructure and business processes, they’re running into a skills and resource gap. Often security teams have lots of specialists with deep technical knowledge of attack techniques and trends, but they frequently lack the skills to aggregate and manipulate data in order to draw meaningful conclusions from statistical trends.
Advertisements

90% of passwords are vulnerable to hack

Deloitte warns over 90% of user-generated passwords will be vulnerable to hacking this year

Deloitte has claimed that over 90 per cent of user-generated passwords will be vulnerable to hacking in 2013, which it says could result in billions of dollars of loss, declining confidence in internet transactions and loss in trust of the businesses who fall victim.

Jolyon Barker, global lead for Deloitte’s technology, media and telecommunications industry, said “Whilst moving to stronger, longer passwords means greater levels of security, people understandably find these harder to remember.”

He added that so-called ‘two-factor authetication’, using additional methods, could improve security. “Instead an additional bit of identification can be used. It could be a password sent to a cell phone or smartphone, a physical device that plugs into a USB slot, or possibly be a biometric feature of the user,” Mr Barker said.

Deloitte said inadequate password protection may result in billions of dollars of losses, declining confidence in internet transactions and significant damage to the reputations of the companies compromised by attacks. As the value of the information protected by passwords continues to grow, attracting more hack attempts, high-value sites will likely require additional forms of authentication.

Security software developer Splashdata has its annual list of the worst — and most common — passwords used on the web in 2012. Worryingly, very little has changed from 2011, where “password”, “123456” and “12345678” are still in the top spots.

In addition, several new arrivals in the top 25 awful passwords are “jesus”, “welcome”, “mustang”, and sadly “ninja”.

According to PC World, the data is based on file dumps from online hacking campaigns, which include high-profile security breaches suffered at Yahoo, LinkedIn, eHarmony, and Last.fm. Here is the complete list, including places going up or down:

1 password Unchanged
2 123456 Unchanged
3 12345678 Unchanged

4 abc123 Up 1
5 qwerty Down 1
6 monkey Unchanged
7 letmein Up 1
8 dragon Up 2
9 111111 Up 3
10 baseball Up 1
11 iloveyou Up 2
12 trustno1 Down 3
13 1234567 Down 6
14 sunshine Up 1
15 master Down 1
16 123123 Up 4
17 welcome New
18 shadow Up 1
19 ashley Down 3
20 football Up 5
21 jesus New
22 michael Up 2
23 ninja New
24 mustang New
25 password1 New

According to research from Norton, nearly half of Internet users do not use a complex password and over 25 percent of adults online have been notified to change their password when an account has been compromised. In addition, 46 percent of users aged between 18 and 64 don’t use a password that combines phrases, letters, numbers, symbols and caps or lowercase — which are more difficult to infiltrate.

The simple fact of the matter is that if you choose a password which follows a simple pattern or is an obvious word, not only will it be easy for you to remember, but it will also be easy for simple attacks to breach your personal security.

In order to create a secure password, you should consider avoiding easy keyboard patterns — such as ‘qwerty’ or ‘123’, mix capital and lower-case letters, and keep them varied. A difficult-to-guess memorable word, such as a book character or favorite food would work better than ‘password’ or ‘letmein’, and switching word orders will boost the security of your online accounts further.

US banks under cyber attack !!


Security researchers at McAfee labs believe Project Blitzkrieg, a plan to use malware to steal money from 30 banks in the U.S., is a real threat not to be taken lightly. The security company released a report about the project that was originally announced in September on a Russian forum. A cyber-criminal by the handle “vorVzakone” originally posted the intent to hack into 30 banks across the U.S. and steal information and money using a trojan. A trojan is a type of malware that secretly enters a computer system by pretending to be something innocuous.

McAfee says that the forum post originally called for developer help and said the trojan would be launched within a few weeks. Timing for the attacks have not been confirmed, though a number of banks were recently hit with denial of service attacks (DDOS) that took down their websites. DDOS attacks work by flooding a system’s servers with traffic, causing it to overload and shut down. This kind of attack does not actually reach the inside of the system, allowing hackers access, but is sometimes used a diversion tactic while hackers silently gain illegal access to the servers.

“McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned. Not only did we find evidence validating the existence of an early pilot campaign operated by vorVzakone and his group using the Trojan Prinimalka that infected at a minimum 300 to 500 victims across the United States, but we were also able to track additional campaigns as a result of the forum posting,” said McAfee Labs threat researcher Ryan Sherstobitoff in the report.

McAfee believes the trojan in use here is called Prinimalka, a piece of malware originally built in 2008. VorVzakone’s forum post also said that the trojan had already stolen $5 million from unknown institutions.(Read more at http://venturebeat.com/2012/12/13/us-bank-threats/#miGWuyOSziGXZhGm.99)

On the other hand, Since September, U.S. banks have been battling with mixed success distributed denial of service (DDoS) attacks from a self-proclaimed hactivist group called Izz ad-Din al-Qassam Cyber Fighters. Despite its claims of being a grassroots operation, U.S. government officials and security experts say the group is a cover for Iran.

“There is no doubt within the U.S. government that Iran is behind these attacks,” James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies, told The New York Times.

Mr. Lewis said the amount of traffic flooding American banking sites was “multiple times” the amount that Russia directed at Estonia in a monthlong online assault in 2007 that nearly crippled the Baltic nation.

American officials have not offered any technical evidence to back up their claims, but computer security experts say the recent attacks showed a level of sophistication far beyond that of amateur hackers. Also, the hackers chose to pursue disruption, not money: another earmark of state-sponsored attacks, the experts said.

“The scale, the scope and the effectiveness of these attacks have been unprecedented,” said Carl Herberger, vice president of security solutions at Radware, a security firm that has been investigating the attacks on behalf of banks and cloud service providers. “There have never been this many financial institutions under this much duress.”

Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.

They employed DDoS attacks, or distributed denial of service attacks, named because hackers deny customers service by directing large volumes of traffic to a site until it collapses. No bank accounts were breached and no customers’ money was taken.

By using data centers, the attackers are simply keeping up with the times. Companies and consumers are increasingly conducting their business over large-scale “clouds” of hundreds, even thousands, of networked computer servers.

These clouds are run by Amazon and Google, but also by many smaller players who commonly rent them to other companies. It appears the hackers remotely hijacked some of these clouds and used the computing power to take down American banking sites.

“There’s a sense now that attackers are crafting their own private clouds,” either by creating networks of individual machines or by stealing resources wholesale from poorly maintained corporate clouds, said John Kindervag, an analyst at Forrester Research. How, exactly, attackers are hijacking data centers is still a mystery. Making matters more complex, they have simultaneously introduced another weapon: encrypted DDoS attacks.

Banks encrypt customers’ online transactions for security, but the encryption process consumes system resources. By flooding banking sites with encryption requests, attackers can further slow or cripple sites with fewer requests.A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters has claimed in online posts that it was responsible for the attacks.