Wednesday, April 21, 2021

Cybersecurity news week ending 18 April 2021 ~ NetworkTigers

0
Microsoft target of federal lawmakers

Cybersecurity news provided by NetworkTigers on Monday, 19 April 2021.

CLAREMONT, CA — Parking app exposes personal data, lawmakers demand better security from Microsoft, NBA team cyberattack thwarted by tight security, Massachusetts school closed after ransomware attack, malicious bots may interfere with COVID-19 vaccine supply, CISA update on Exchange Server vulnerabilities, ransomware attack causes food shortages in Dutch supermarket, cyberattack causes blackout at Iranian nuclear facility, retail broking firm reveals data breach.

Pittsburgh parking app exposes user data

The Pittsburgh Parking Authority has issued a statement that reveals that users of the Park Mobile App have had their data exposed in a breach. Hackers were able to access license plate numbers, email addresses, phone numbers, and, in some cases, home addresses. The statement says that no Social Security or credit card information was compromised. The hack has potentially exposed the data of the app’s more than 20 million users. Read more.

Federal lawmakers demand better security from Microsoft

US federal lawmakers are demanding that Microsoft be more proactive in providing robust security features for government networks in the wake of hackers taking advantage of vulnerabilities within the software giant’s products in the SolarWinds breach. Microsoft is being requested to bring its security standards up to the point where lawmakers feel they should have been prior to the breach. 85% of all government and industry networks are based on Microsoft’s infrastructure, making its ability to protect data and prevent criminals from unauthorized access a nationwide priority. Read more.

NBA team targeted in cyberattack

The Houston Rockets have announced that some of their internal networks had been affected by an attempted cyberattack. According to a statement, the attackers attempted to install ransomware onto the team’s computer system. However, the attack was largely prevented thanks to tight cybersecurity with only a small number of computers affected. The team’s operations have not suffered and the FBI has been informed of the incident. Currently, it is unknown what information may have been accessed in the attack. Read more.

Ransomware attack closes Massachusetts school

Just as Haverhill Public Schools students were preparing to return for in-person classes, the school’s network was hit with a ransomware attack resulting in a continuation of remote learning for much of the district. Haverhill’s superintendent has issued a statement to residents that the average recovery time after such an attack is typically one to two weeks, and that the IT department remains hard at work in their effort to get their systems operational. Read more.

Malicious bots may interfere with COVID-19 vaccine supply

The very same bot techniques that have disrupted supply chains and bought out in-demand items made scarce by the pandemic could also be used to interfere with COVID-19 vaccine rollouts, experts fear. Cybersecurity authorities are urging healthcare organizations and pharmacies to boost their security as soon as possible in order to curb efforts to overwhelm their websites with bot-generated traffic. Malicious bot activity has become more prevalent and more sophisticated over the past year. Read more.

SolarWinds hack has already cost company millions

SolarWinds has disclosed that the hack of its software has cost the company at least $23.5 million in the first quarter of 2021 alone. SolarWinds has spent the first part of the new year working to resolve the myriad of issues springing from the reportedly Russian-led breach. The hack has exposed a tremendous amount of information including data related to DHS officials. The company has employed cybersecurity experts CrowdStrike as well as accounting firm KPMG in its investigation and expects costs to continue to grow. Read more.

CISA provides update on Exchange Server vulnerabilities

Two new Malware Analysis Reports have been added to CISA’s Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. The first identifies a China Chopper webshell that has been seen in compromised Exchange Servers. The webshell can allow remote, unauthorized access to the server. The second update addresses DearCry, a piece of ransomware that can encrypt files and then demand a ransom to reclaim them. The updated report sheds light on the continued struggle to purge Exchange Server of malicious activity resulting from its recent vulnerability. Read more.

Attack on Dutch supermarket supply chain causes food shortages

Dutch supermarket chain Albert Heijn is experiencing shortages of certain foods due to a ransomware attack carried out against its main supplier, Bakker Logistiek. The attack occurred over the Easter weekend and has resulted in the supplier reverting to pen and paper after shutting down its network to mitigate damage and reclaim control. Stock is reportedly on the move again. The case has been forwarded to the authorities and those affected have not commented on whether or not the ransom was paid. Read more.

Cyberattack that caused blackout at Iranian nuclear facility seemingly carried out by Israel

As tensions continue to rise between the two countries, a blackout in Iran’s Natanz atomic facility caused by a cyberattack is being reported to have been carried out by Israel. While the Israeli government has not yet made an official statement on the attack, Israeli media continues to openly credit the country with the attack that Iran has labeled an act of “nuclear terrorism.” The hack took place a day after Iran celebrated its National Nuclear Technology Day and in the midst of US President Joe Biden seeking to reinitiate the 2015 nuclear deal struck with the country. Read more. 

Retail broking firm reveals data breach

Upstox, a leading Indian retail broking firm, has disclosed that it has suffered a data breach. Upstox has stated that they have “appointed a leading international cybersecurity firm” to investigate the incident. Their statement also says that user details have been leaked, but that funds and securities remain safe from unauthorized access. A sample of the data stolen from the company has reportedly been posted on the dark web. Out of caution, the company has initiated a secure password reset requirement for its users. Read more.

More cybersecurity news

Read more cybersecurity news and articles brought to you by NetworkTigers.

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950

Cybercrime in 2021: is it on the rise?

0
cybercrime in 2021

Cybercrime in 2021 dominates the headlines. The massive hack of SolarWinds and the vulnerabilities exploited in both Microsoft Exchange Server and Accellion’s file sharing software continue to result in data exposure and theft.

Hacks of federal networks and utilities call into question the government’s ability to protect the best interests of citizens. Breaches and ransomware attacks carried out against small businesses and healthcare institutions put personal data at risk. Hackers repeatedly victimize schools and universities. Cybercriminals cause damage that is both far reaching and widespread. Their crimes rarely result in capture or prosecution because of how hard it is to track them down.

Cybercrime in 2021 is rising exponentially

Cybercrime is an existential threat for businesses and institutions of all sizes. Data indicates that it is on track to continue to grow to alarming proportions. According to a study conducted by Cybersecurity Ventures:

  • The world will spend a staggering $6 trillion USD in 2021 to cover damages resulting from cybercrime.
  • Cybercrime will cost the world $10.5 trillion USD annually by the year 2025.
  • Sophisticated international cybercrime groups are pooling their resources and joining forces.
  • Cybercrime is on track to become the world’s third-largest economy.

What is causing cybercrime growth?

Opportunities for new criminal activity are on the rise as the world becomes increasingly connected and automated. Here are five major factors contributing to the growth of cybercrime in 2021:

1. The COVID-19 pandemic

Due to social distancing rules, COVID-19 has forced companies into the uncharted territory of remote working. Many security measures were relaxed to allow for employees to work easily from their homes. Tight cybersecurity has become more complex and harder to maintain as a result. Work from home policies were enacted quickly, but in many cases security measures were tacked on afterwards. This allowed time for cybercriminals to probe for weakness and discover vulnerabilities.

2. Cybercrime keeps evolving

Phishing schemes have doubled in frequency over the last year correlating with the increase in work done over email. However, as users become more savvy, hackers continue to develop creative ways to catch them off guard. Forbes reports that their team of cybersecurity experts witnessed a tactic that shows users a graphic of what appears to be a hair on their screen. When users touch the graphic to brush the “hair” away, malware is automatically downloaded onto their device.

3. More people are online now than ever before

Scams are a numbers game. The fact that so many people use connected devices daily has worked in the hackers’ favor because a large amount of targets means increased likelihood of success. More potential victims also provide a larger pool of data for criminals to draw from in order to focus on what scams work the best.

4. Cybercriminals can make a lot of money

There is money to be made from a successful scheme. A 2018 study found that the highest earning cybercriminals at that time were able to make up to $2 million in illegal income a year. Any time a business owner gives in to the demands of a ransomware attack, that money goes directly into the pockets of criminals.

5. Cybercriminals are rarely caught

According to some reports, as few as 5% of cybercriminals are ever apprehended. Those that get caught usually do so not because of superior law enforcement, but because they made an error and revealed themselves. The majority of cybercrime is also actually never reported to the authorities in the first place, which makes it attractive for those looking for schemes that are easy to get away with.

How to do your part to fight cybercrime in 2021

The majority of cyber attacks are carried out against small companies and individuals because they are not properly protected. In 2020 alone, hacks against small and medium businesses increased by a staggering 424%. Many large scale attacks take place only after criminals gather the data they need from poorly protected sources. This means data security is critical from the bottom up. Here’s what you can do to keep your data and information safe:

  • Used and refurbished firewalls are an economical and powerful way to help secure your network. Seriously consider purchasing a dedicated hardware firewall to protect against prying eyes.
  • Update frequently. Operating system and antivirus software creators try to stay ahead of the bad guys. Set up automatic updates and heed any recommendations that may come up in between.
  • Create strong passwords. Password generators found online can create randomized login credentials. Strong passwords make it much harder to access your network without authorization.
  • Set up multi factor authentication wherever possible. The more obstacles between the bad guys and your data, the better!
  • Use a Virtual Private Network to keep your online activity confidential.

Cybersecurity statistics, predictions, and solutions for 2021

0
cybersecurity statistics

In 2020, Cybersecurity has become more important than ever for businesses all over the world. Following various statistics published across the media, we can clearly see that no one is immune against cyber-attacks: major players investing massively in their companies’ cybersecurity, small businesses, and individuals.

Covid-19 pandemic definitely left a huge impact on the overall cybersecurity situation.

First, the global lockdown forced many companies to shift to remote work. Cybercriminals took advantage of vulnerable home networks. Many organizations encountered data breaches at the beginning of the work-from-home shift. For instance:

  • 80% of companies reported an increase in cyberattacks in 2020.
  • Most of the malware was received from email (94% of cases)
  • At the beginning of April 2020, Google reported it was blocking every day 18 million malware e-mails related to COVID-19.
  • Between January and April 2020, the attacks on cloud services increased by 630%

Apparently, the healthcare and financial industries were the most affected ones, as they deal with huge amounts of personal data. For instance, various researches show that:

  • In 2020, 27% of all cyberattacks targeted healthcare and financial sectors
  • From the beginning of February to the end of April 2020, attacks against the banks rose by 238% (when COVID-19 have started spreading).
  • Most of the financial institutions (82%) reported that it is more and more difficult to fight against cybercriminals, as they become more and more sophisticated.

2020 has definitely been a good year for online retailers. Even though according to surveys, Covid-19 has caused big shipping delays for 36% of consumers, the global lockdown made 56% of consumers trying a new retailer during the pandemic period. In addition, of course, this was the biggest holiday season in e-commerce history.
On the other hand, more online sales result in more cyber-attacks. Of course, the e-commerce platforms have already started adapting to the current situation, but the hackers apparently took advantage especially at the beginning of the lockdown period, launching an unprecedented number of attacks, aiming to steal the customers’ data, and making unauthorized transactions. Such attacks include credit card frauds, malware, phishing attacks, etc.

Even though the businesses are trying to adapt to the growing threats coming from cybercriminals, cybersecurity specialists are not optimistic at all, as their researches show that cybercriminals are changing their way of acting even more, and are not planning to slow down. Here are just some f igures and predictions for 2021, presented by Cybersecurity Ventures:

  • By 2021, Cybercrime is expected to cost the world $6.1 trillion annually (more than twice compared to 2015), making it the world’s third-largest economy, after the USA and China
  • The cybersecurity experts predict a cyberattack incident to happen every 11 seconds in 2021 (4 times more than in 2016)
  • In 2021, 1st place in the nomination “The Fastest Growing Kind Of Cyber-crime” will go to Ransomware. As the worldwide costs caused by such kind of damages will reach $20 billion (57 times more than in 2015).

Taking into account all the mentioned statistics and predictions, it is obvious that organizations and individuals must rethink completely their cybersecurity approaches and strategies. So what can we all do to resist the cybercrimes more effectively?

Empower your Employees…with Knowledge

It has been proved that 90% of cyber-attacks are related to human errors. Often, people take cybersecurity for granted, and most of the employees are not even aware of cyber-attack types and risks…until it is too late. Any employee, who is not well-informed about cybersecurity, can unwillingly fall victim to cyber-attacks, placing your company and clients at risk. That’s why it is crucial to educate the employees, especially today when many of them are working from home.

So start spreading cybersecurity awareness right now: provide your employees with all the necessary information concerning cyber threats and bad consequences caused by those; organize cybersecurity training sessions and phishing experiments. Stay in control of the process: make your employees use only secure software and strong passwords, explain to them why they should get the approval of the IT department before installing any software, and why they might have limited access to some data, in some cases.

Protect Proactively

Preventing any damage is always better than repairing it. Cyber-criminals will constantly search the weak points in your company’s cybersecurity infrastructure, that is why you always have to be ahead of them, detecting an attack before it happens. This way of thinking will help you to reduce the damage and avoid major problems. Take all the necessary precautions to ensure your data is protected.

Any Backup Plans?

Researches show that many companies didn’t think about any back-up plans and tactics in the case the attackers have succeeded to steal the data.

  • Again, educate your employees: everyone should be aware of his own responsibilities in all the possible scenarios
  • Constantly control and monitor the entire data stored and shared inside and outside your company’s network.
  • Even though the attacks on cloud storage have increased drastically, never forget to back up your entire content.

But how to make sure that the data stored on your computers and cloud services is really protected…even if it was stolen? The answer is simple. Make it useless for the thieves!

Apparently, as we have seen, following all the figures listed above, your data is ultra-protected not when it cannot be breached (because it always can), but when it cannot be read by unauthorized users.

Today there are various new technologies that render data useless to unauthorized users and protect your data no matter where it is stored. For example, Cybervore offers a patented breakthrough technology, which combines authentication, AES 265 encryption, and fragmentation. It is a cybersecurity software called Fragglestorm™: a secure method where data is encrypted, sliced, or split into a defined number of fragments that are replicated, and only the authorized user has access. This offers a way to significantly increase data protection and integrity, and ensure a user’s data privacy across any on-premise device and cloud storage service.

Source: Free Articles from ArticlesFactory.com

Quantum computing: Is it a Pandora’s Box?

0
Quantum computing Pandora's Box
Quantum computing: great upgrade or a Pandora's Box?

The quantum computing crisis is coming

…or why we need to research a post-quantum computing cryptographic solution

In 2018, IBM Director of Research Arvind Krishna posited that “if somebody is saying that they want something protected for at least ten years, should seriously consider whether they should start moving to alternative encryption techniques now” (Krishna, 2018). Mr. Krishna is referring to the challenge of factoring large numbers with classical computers.  Quantum computers or computers that leverage quantum phenomena to perform certain tasks faster than current computers can quickly factor large numbers once companies develop and deploy these systems. Anyone using these devices could hijack large swaths of the Internet as they will have the power to break current security measures. Companies, governments, or individuals will build and deploy quantum computers within our lifetimes.  We must accelerate the development of post-quantum cryptographic solutions that work on modern or classical computers, or we will face a plethora of economic and computing disasters.

Quantum computing
LAS VEGAS, NEVADA – JANUARY 9, 2020: IBM Q System One Quantum Computer at the Consumer Electronic Show CES 2020

Unless we develop and implement new cryptographic techniques, quantum computing advancement will compromise our current encryption methods and lead to many societal and economic problems. The solution to this problem is post-quantum cryptography. This area of computer science focuses on implementing new quantum-resistant encryption standards on classical machines. This paper will describe the state of progress in this field and the impediments to implementing these solutions. The barriers are significant.  Let’s do a deep dive and explore why the seemingly obvious suggestion that we should halt research into quantum computing until we find cryptographic solutions will not happen. Given that today, no firm, government, or individual can stop quantum computing research.  That means we must urgently research the testing, optimizing, and deployment of post-quantum cryptographic solutions before quantum computing destroys the Internet.

Current encryption works, why change it?

Quantum computing creates the potential for any organization with a powerful enough quantum computer to crack the widely used cryptographic solutions that underpin the Internet’s safe functioning. These solutions rely on the inability of current computer systems to have enough power to quickly factor enormous numbers.

A common companion to asymmetric encryption for transmitting secure data is “symmetric encryption.” Symmetric encryption is a security measure where both sides of the transmission use a mathematical key generated by one party to encrypt the data. This same key would then be used by the encrypted data recipient, who would perform the algorithm in reverse to obtain the original text.

Since a mathematically large number of possible keys are available, or “keyspace” is available third-party hackers would not determine the key in any reasonable period. Again, intense computational math means that symmetric encryption would be safe and secure in a world based on traditional or classical computing.

Still, symmetric encryption has a weakness: sending the key to the recipient directly through electronic transmission would have risks as a malicious attacker could intercept this transmission and then decode messages.

Are you sure no one can hear what you are saying?

In 1977, cryptographers Ron Rivest, Adi Shamir, and Leonard Adleman found a solution to the key distribution problem: asymmetric encryption. They proposed using two keys, known as the public key and the private key, rather than having one key. The two were mathematically linked so that individuals used the private key to decrypt messages encrypted with the public key. Each party would generate a pair of these keys and transmit their public key to anyone who wanted to communicate. Anyone wishing to send data securely would encrypt it with the recipient’s public key before releasing their message. Even with the public key, a third party intercepting it would not decipher the text. The system is effective yet computationally intensive.

Many applications employ intensive asymmetric encryption to exchange for the less intensive symmetric encryption, which is then used for further transmissions (CyberFirst Advanced Course Companion, 2019). Private keys are created by multiplying two huge prime numbers.  If an attacker could factor the large multiplied number into its constituent primes, they would easily reverse engineer the two keys. Today’s best-known traditional computer systems cannot factorize the number in any time shorter than several hundred years. The security of the Rivest-Shamir-Adleman (RSA) cryptosystem and the Internet hinges on this critical fact. 

The current generation of high-speed computers cannot efficiently factor large numbers because there is no known “polynomial-time” algorithm to factor the number. Polynomial-time algorithms are algorithms whose time taken to complete can be represented as a polynomial function of the input size.

Any other computational solution, such as exponential or factorial time, would be too inefficient to be practical. Cryptographic suites essentially employ a mathematical key that cannot quickly be reverse-engineered by third parties. Given that there is no quick and simple solution to breaking current cryptographic systems, the Internet structure is very secure.

This fundamental assumption of security – that computers are not fast enough to solve the problem – will not be maintained in an era of quantum computing. Peter Shor of Bell Laboratories discovered an algorithm that efficiently solves the integer factorization problem in polynomial time. This algorithm would only work in quantum computers (Shor, 1997). Shor’s idea gives a quantum computer using the power to take the widely available public key of one party and deduce the corresponding private key. Shor’s algorithm threatens the Internet’s security as we know it today by providing any quantum computer owner ability to read encrypted transmissions and websites. With this security risk, the world of quantum computing and current encryption cannot coexist.

RSA encryption – worked so far…

The protection currently provided by the RSA cryptosystem to billions of usernames, passwords, and banking details shared between users and corporate servers will be lost. Unauthorized third parties will obtain illegitimate access to user accounts. Without alternative encryption forms, online organizations’ only choice will be to restrict online operations severely. While many high-profile examples of millions of accounts hacked on classical systems, quantum computers would offer an order of magnitude more power. As with any other hacking system, quantum computers utilizing Shor’s algorithm will enable numerous nefarious groups to engage in financial fraud and identity theft.

TCP will be vulnerable

TCP vulnerable
OSI Reference Model and TCP/IP Model Layers

There are two significant areas of vulnerability. The first is when the data is transmitted worldwide via the “Transport Layer” (TL). The second is the potential to hijack and impersonate websites by compromising the domain-validated certificates in the “Domain Name System” (DNS).

In the TL, the data to be sent is encrypted and then electronically launched across the network. Security for the TL is known as “Transport Layer Security” (TLS). TLS operates using protocols such as “HyperText Transfer Protocol Secure” (HTTPS), which employs RSA versions. With the advent of a quantum computer capable of running Shor’s algorithm, hackers will easily break these TLS standards. For example, to log onto a secure website, users must enter their username and password onto a local web page. When they submit their login form, these details are encrypted and sent to the server they are accessing. A quantum computing hacker could monitor network traffic and intercept and decrypt any transmitted data. There would be no limit to the types of encrypted data that a quantum computer hacker could read by monitoring ordinary network traffic.

Disaster? Not yet but…

The fear of what quantum computers could do might precipitate a media firestorm where the public could cause as much damage as an actual quantum computer hack. In October 2019, leaked files from a NASA server indicated that Google had achieved ‘quantum supremacy’ with its 53 quantum bit (qubit) quantum computer.

Panic, interest, or news: the world was captivated in October 2019

The screenshot from Google Trends shows this news quickly captivated the knowledgeable public. An event as important as a quantum computer capable of running Shor’s algorithm would make a much more significant impact than Google’s machine because of its Internet-breaking abilities. A media frenzy full of warnings of quantum computers’ dangers would likely panic the Internet public. People would have to move their sensitive information and assets on the Internet. This decline in Internet use would slow the economy and affect the revenues of many internet-based firms that rely on user engagement or eCommerce. All 21st-century business depends on the online medium, and all would be affected.

This drop in revenue and the collapse of consumer trust could have a further catastrophic effect on the financial markets. The significant decrease in transactions could result in a stock market crash and usher in an economic recession. Stock market share prices are affected by the company’s revenue and the unpredictability of future gains or profits. The drop in profits, combined with internet encryption uncertainty, could lead to collapsing financial markets. Examples of similar events include the stock market crash of 1929. The market had been consistently optimistic and had been steadily increasing until investors began to panic en masse about an impending crash. This instability and sudden uncertainty in the markets led to a steep fall in stock market asset value and a deep economic recession.

The end of DNS?

RSA encryption
RSA: the key to Internet Security

The RSA cryptosystem is the Domain Name Service (DNS) certification system’s backbone. The DNS system consists of two parts. The first and most well-known is domain name resolution. Tens of thousands of name resolution or DNS servers manage this system that translates a name to an IP address. The name resolution system is how the Internet resolves a request for Apple.com and directs requests to routers and servers run and managed by Apple.

The second and more exploitable part is the digital certificate system. A digital certificate authenticates the website’s ownership of a given domain name. This authentication allows end-users to confirm that the website they visit is legitimate. A certificate is created by hashing a known text and then encrypting it with a private key. Certificates are also used for ‘signing.’ Since public keys are widely available, the two keys’ mathematical linking allows concerned users to decrypt the text to verify the organization that authorized the certificate.

The certificate system is further used in verifying the IP address corresponding to a given domain name. The signature is from a reputable third party known as a certificate authority, such as GoDaddy or Verisign, who verifies and confirms any applicant’s authenticity applying for a certificate. The certificate authority sends these New certificates to several DNS servers, which then propagate the certificate to other DNS servers (CyberFirst Advanced Course Companion, 2019). Given the Internet’s reliance on the RSA cryptosystem and the potential speed at which a quantum computer could hack these digital certificates, it will easily compromise its security in the era of quantum computers.

These certificates are the basis of Internet integrity. Any criminally inclined third party who could decrypt these certificates would be able to impersonate any website on the Internet. Once a hacker creates a fake certificate, the name resolution system that runs on tens of thousands of computers worldwide would propagate that fake certificate everywhere. Many people would be logging into phony bank accounts, essentially giving away their login credentials.

A quantum computer hacker would be phishing on steroids.

Today we call this “phishing.” In an era where a hacker would have a quantum computer, it would be “phishing on steroids.” Today, when visiting a web page, savvy users can check the URL’s domain name address to see if they are accessing a domain with a verified certificate. In a quantum computer world, users will no longer use this information as their web browsers will recognize the phishing website’s forged certificate as legitimate.

Quantum computing cleanup is worse than the crime

Removing a false certificate – either incorrectly issued or forged – is costly and complex. The only way to rectify inaccurate information would be to update the DNS servers manually. Manually updating the plethora of DNS servers in the world could prove futile. There could be multiple groups attempting to fix and different groups trying to hack the certificate system simultaneously.

Once users lose confidence in the integrity of the Internet and the sites they would be visiting, users would no longer view the Internet as offering any form of security. Fear and uncertainty would undoubtedly result in a decrease in online transactions.

Inc. magazine had stated that up to “60% of small businesses fold within six months” after being cyber attacked (Galvin, 2019). Not only do companies have to repair any damage from a security breach, but they also have the difficult task of restoring trust with their patrons. The cleanup from a catastrophic cyber attack would be very costly and might take years.

Web fraud is not the only possible use of certificate falsification. In 2001, VeriSign discovered that they had falsely issued two certificates to a person claiming to represent Microsoft. Once found, the security engineers moved quickly to invalidate and limit the impersonator’s ability to cause harm. The fraudulent certificate owners would be allowed to sign their computer programs to appear as if Microsoft wrote them. Fraudulent certificates would encourage users to run the code containing malware. The perpetrator of the fraud could issue malware-ridden updates to Windows operating systems which may automatically install onto some computers.

An example of how much damage a self-perpetuating piece of computer malware could cause, consider the WannaCry attack from 2018. This attack took down the UK’s National Health Service, causing approximately nineteen thousand canceled appointments and ninety-two million pounds in damages (The Telegraph, 2018). WannaCry took advantage of a weakness in the operating system to transfer itself across networks. Pushing a trojan update using certificates falsified with quantum computers to a large number of unsuspecting doctors and consumers could similarly cause large amounts of damage. Without a solid certificate system, security managers would be hard-pressed to stop a malware attack when there would be no suitable method to sort a good player from a bad player.

The final concern would be long-term trust issues. A generation that suffered through a period of internet paranoia would be less likely to return to online retail due to a significant negative experience. Internet commerce would take time to reach the levels of a pre-quantum computer-fuelled attack. Companies’ failure to realize a profit due to the lack of consumer confidence in the security of Internet commerce could cause a delayed economic recovery. Consider the dot-com crash: economists concluded it took the market fifteen years after the market crash to reach its pre-crash highs (Hayes, 2019). In the reality of quantum computers with post-quantum cryptography, a prolonged period of economic depression would be observed as consumers slowly and reluctantly returned to online shopping.

The end of the internet or is there hope?

Quantum computing - clean-up worse than crime
The possible solutions are there: but can a solution be found that is not worse than the problem?

All is not over for the Internet. Alternative methods, dubbed ‘post-quantum cryptography,’ are in development as RSA replacements. Cryptographic researchers have not developed potential solutions yet. The problems discussed above require significant investment to address all issues. Much of modern encryption currently relies on integer factorization without a known polynomial-time solution.

There are security methods based on other mathematical problems not known to have polynomial-time solutions on classical or quantum computers. One such method is lattices. A lattice is “a set of points in n-dimensional space with a periodic structure” (Micciancio and Regev, 2008). Lattices are defined by several basis vectors n, such that n is the lattice’s order. A two-dimensional lattice will have two basis vectors; a three-dimensional lattice will have three, and so on.

Lattice-based cryptography is based on several mathematical problems for which no polynomial-time solution is known, such as the closest vector problem (CVP). Consider we have a two-dimensional lattice L, and we have a vector V, such that V may or may not be in L. The closest vector is the vector in L that is closest to V. While not possible given a random lattice, some lattice bases can more efficiently provide a solution to the problem based on their orthogonality.

The devil is in the detail

Lattice-based cryptography can be used in applications including but not limited to hash functions and public-key cryptosystems. To generate this cryptosystem, one first generates a high-dimensional lattice with mostly orthogonal vectors to be a private key. Next, one generates an equivalent lattice with a different basis such that where the vectors are as close to being parallel as possible to be the public key. Encryption of data is done with a small noise vector, and decryption relies on the private key being the most efficient method for solving the CVP for the given lattice.

Reverse computation from the public key to the private key is difficult if not impossible as a result of the CVP. The decryption of the message with the public key would require immense amounts of processing power, as the vector space of it is chosen specifically so that it is the ‘worst possible basis’ for the task.

While the theoretical version of this system is secure, it does not perform well in practice. To achieve the level of efficiency needed, practical applications often will abstract parts of the security, resulting in a faster system that is not provably secure. Thus, mathematically quantum-proof solutions to the internet security issues raised by the quantum prime-factorization algorithm do exist and need implementation on current systems.

Speed is life?

Speed is life
Milliseconds really do matter.

Putting algorithms such as lattice-based cryptography into practice creates challenges for the computers in use today. A slower security protocol may have delays of up to one second. While this theoretical delay in a secure data exchange using new protocols might not seem significant, a web server hosting a large audience such as Google would have to manage tens of thousands of HTTPS requests per second for searches alone (Internetlivestats.com, n.d.).

When a user requests data from a server, the server must use some of its memory space to maintain a connection to the user. The computer releases this memory space after completing the transmission. If the protocols ran for additional time, the server might not be able to terminate connections faster than it receives. In this slowed-down scenario, the server’s memory usage would become very large, and eventually, the server could run out of room. It would either have to ignore incoming connections or crash. Online businesses could not afford for either option to occur as it would reduce user engagement with the site, affecting earnings in the long term.

Fortunately, some post-quantum solutions operate at relatively fast speeds. A team at Google has been working on “NewHope”. NewHope is a lattice-based method that allows for exchanging the keys used in symmetric encryption.

The Google team performed a laboratory test using a modified version of the NewHope algorithm on a processor with a clock speed of 1.5 GHz. The key exchange transmissions completed in a remarkably fast 0.33 ms (Streit and De Santis, 2018). That figure alone would be enough to justify integration into the everyday computer. NewHope is promising, but there are still issues that researchers must solve before recommending implementation. The Google engineers tested NewHope under ideal circumstances with no other processes running on the same computer. While this allows for acceptable approximations of the time the key exchange would take to complete on classical machines if implemented immediately, this experiment does not accurately represent the delays one would encounter on current systems. Speed is life on the Internet, and a lattice-based system is not yet ready to deploy.

Upgrades people, upgrades

Upgrades
Upgrades: one quantum computer with enough power could, in one fell swoop, outdate all the computers in the world.

The future transition to new cryptographic methods isn’t going to be simple, as many users will still run on older systems that will not meet the latest modern standards. Consider the UK’s National Health Service (NHS). In 2018, they were still using a 2001 Microsoft operating system Windows XP. The NHS is an example of a more significant issue regarding the price barriers of upgrading older technology in large corporations. High-performing computers can cost upwards of thousands of dollars for a single unit. Upgrading every computer in a large company is unaffordable.

Beyond simply upgrading hardware, many companies often rely on legacy programs written in programming languages not used in modern machines. Upgrading would be both a software and hardware issue. Depending on the complexity of any legacy programs, upgrading may cost a significant amount of time, a considerable sum of money and create a world of frustrated employees, managers, and customers. Given all these costs, companies tend to avoid upgrading any technology for as long as possible.

Upgrading one company’s technology is difficult; upgrading the entire internet’s technology would be an arduous task. Changing network security protocols can be similarly tricky as it requires most Internet users to agree to employ the new standard. The only way to successfully upgrade the Internet is a slow and gradual rollout with all the necessary next-generation security algorithms embedded within it. If it takes ten years to upgrade the Internet, then today’s technology has to work for ten years. Suppose quantum computers become available within this ten-year timeframe, and the systems that we are deploying today cannot manage the new protocols. In that case, we are deploying equipment with a future security risk.

Test, test, and then test again

A tall order: post-quantum computing cryptographic solution that is hacker proof.

Whatever security algorithm we wish to implement for the quantum computing world, we must thoroughly test it. Hasty implementation of an algorithm for widespread use could lead to an exploit that would affect all systems using the new encryption. For example, researchers released RSA in 1978. Cryptographers found no significant attacks against it until seventeen years later. Paul Kocher, in 1995, discovered that timing attacks were possible against it. In the early stages of the Internet, users could mitigate any damage by rapid system updates. With hundreds of millions of computer systems, this is impractical. If hackers discovered a significant exploit on a level higher than a timing attack, the Internet would be compromised suddenly and immediately, leading to terrifying consequences.

Any algorithm we implement must meet two requirements. The first is that the solution must be mathematically NP-complete. This type of problem has no known polynomial-time solution. Any cryptosystem based on these mathematical problems would have no efficient solution to reverse engineer a decryption method and thus would be, in this regard, theoretically secure.

The second requirement is that any cryptosystem must be robustly tested for several years by many professionals until a significant period of no exploits occurs. Let’s look at the NewHope algorithm. It meets the first test as it is based on NP-complete problems. Some versions of NewHope exist that do not have mathematically provable security yet have faster performance. Researchers’ challenge is that choosing speed over security or security over speed is a catch twenty-two.

The National Institute for Standards and Technology (NIST) in the United States runs a post-quantum cryptography standardization competition to find a replacement for the RSA cryptosystem. NIST scientists automatically dismiss any competitors that vulnerability to non-mathematical attacks (Alagic et al., 2019). As companies deploy more and more computer systems throughout the world, the more complicated cryptographers will find a solution to the quantum computing encryption problem.

Delay, delay and delay…?

In quantum computing, a qubit or quantum bit is the basic quantum information unit. Classic computing uses the 0/1 two-state relationship as its basis. A qubit is the equivalent unit of information in quantum mechanical systems. While it can take the states of 0 or 1 like classical bits, the qubit can take any combination of the two at the same time.

Noting all the risks and issues discussed above, why not delay creating stable qubits to give security researchers more time to develop solutions to the problems raised by Shor’s algorithm? In theory, there is sound logic for doing this.

Two reasons make stopping development not possible. The first is that having quantum computers would promote enormous scientific advancement and allow the fast management of vast amounts of data. Quantum computers could give scientists the computing power to model complex problems such as quantum phenomena and cancer growth. Second, the financial incentive to build faster and better computers, stopping companies, governments, or individuals from building quantum computers, would not be possible.

Using a quantum computer, a researcher could sort through millions of observations to help develop many medical issues. Beyond medical issues, one could use a quantum computer to design and build even better quantum computers.

Quantum computers allow for rapid calculations that classical computers cannot perform with the same efficiency. Researchers can develop cancer development models and gain a greater understanding of its effects and causes. In practice, medical scientists use high-speed computers to optimize radiation beams in radiotherapy to kill cancer cells efficiently. While there are methods to do so on classical machines, quantum computers could do this work many times faster. (Nazareth and Spaans, 2015). If we choose to delay qubit creation, we could be damaging future scientific advancements and innovation.

A new arms race

a new arms race
Tanks, planes, and bombs: all will be dwarfed by the rise of quantum computing.

There are political consequences of delaying qubit research. Should we choose to regulate quantum research, we may find that other nations do not share our internet security values.
Remember Maslow’s Hierarchy of Needs from that psychology course?

Maslow explained human behavior in terms of levels of need. Maslow’s five levels of needs are:
* physiological needs, such as air, food, and water;
* safety needs, such as employment and property;
* love and belonging needs, including friendship and family;
* esteem, which is to do with respect and status;
*and finally, self-actualization, which is the desire to be the best that one can be.

According to Maslow, when a man reaches the first four, motivation for additional action decreases. However, as one matches the fifth level’s needs, stimulation increases. A more significant increase in research will move the country as a whole more into the fifth need of self-actualization, thus motivating it to research more.  

Quantum computing research is mandatory if a nation wants to maintain control of its Internet, including attacks from foreign countries. One could easily use quantum technology for espionage, population management, political control, etc. No nation or party would try to distance itself from technology. From the lens of a psychological argument, we see that while logically for humanity there could be an imperative to halt qubit research, in practice temporarily, it is an arms race that countries and companies will not be able to resist.

Averting the disaster

Given the current status of post-quantum cryptography and the effects that Shor’s algorithm would cause, there is no reasonable way to stop qubit research. We have no choice but to focus on post-quantum cryptosystems. Their untested nature and usability only hold back the efficiency of algorithms such as NewHope on older machines.

Aside from the NIST and several concerned corporations, consumers have yet to begin preparing for a significant security upgrade (Chen et al., 2016). While it takes time to implement post-quantum solutions, this report and those that follow it indicate that this is not the issue, and instead of that, it is the lack of testing and robustness of the proposals.

We can avert the coming quantum computing disaster by investing more in research, testing, and evaluating new methods. The NIST report also discusses technological inertia and the difficulty of implementing new strategies in an age of massively varying systems. At the slow pace of cryptographic development and testing that we are doing today, we will not likely finish before the advent of powerful quantum computers. We need to devote more time to developing and implementing new encryption algorithms in older machines.

Quantum computing – The only way out

Quamtum computing - light at the end of the tunnel
There is a solution somewhere to avoid the quantum computing Pandora’s Box of problems. Will we find that solution in time?

Given there is no imperative to terminate qubit research, we need to accelerate preparation for the threat posed by Shor’s algorithm. Therefore, we should increase funding for testing and implementing post-quantum cryptographic algorithms. There exist plausible replacements for RSA, such as Google’s NewHope algorithm, which operates with remarkable efficiency and notable baseline security.

Ramifications for not developing and implementing these solutions soon are devastating, ranging from a drop in stock prices and an increase in cyber attacks to total economic collapse and cyber warfare. Time is of the essence for implementation, as technological inertia will inevitably slow us down. With all this considered, Krishna’s words undoubtedly spell a warning that will either be prophetic of the dangers to come or provide the impetus to prepare for cryptographic security in the post-quantum world. If we want to avoid the Pandora’s box of quantum computing, we must quickly find a post-quantum computing cryptographic solution today.

References

Cybersecurity news week ending 11 Apr 2021 ~ NetworkTigers

0
Data breach hacker

Cybersecurity news provided by NetworkTigers on Monday, 12 April 2021.

CLAREMONT, CA — Dark web marketplace hacked, Facebook decides not to notify users involved in data breach, University of Colorado still suffering fallout from data breach, Linkedin user data for sale on hacker forum, Kentucky state unemployment website shutdown after cyberattack, cyberattacks against EU institutions, SAP applications targeted, malware compromises Singapore job-matching website, ransomware attack on French electronics manufacturer, multiple universities affected by Accellion breach, Connecticut DMV hit with cyberattack.

Black market credit card marketplace hacked

Swarmshop, a dark web marketplace specializing in the buying and selling of credit card information, has been hacked. The breach has leaked not only the data of those active in the site’s marketplace, but also the information for sale. This has resulted in the exposure of over 600,000 credit cards. The cards originated from banks in a variety of countries including the US, Mexico, Brazil, France, and Saudi Arabia. The hack occurred in March, and is the third such incident involving an attack against an underground hacker forum that month. Read more.

Facebook opts not to notify users involved in data breach

Facebook has decided not to notify the 530 million individuals who have had their data exposed after a trove of the social network’s user information was posted on an amateur hacking forum. The company’s statements have continued to refer to the fact that the information originated from 2019 and that the vulnerability used to obtain it has been long fixed. While the information does not contain sensitive financial data, health data, or passwords, experts still warn that hackers can do serious damage even with just what’s available in the data pool such as names and phone numbers. Read more.

University of Colorado still reeling from ransomware attacks

The University of Colorado is continuing to suffer from the fallout of a data breach related to its use of Accellion’s third party file sharing platform. Both the university as well as the many individuals who have had their data exposed in the hack are receiving ransom demands as cybercriminals threaten to post stolen data on the internet. It is believed that this may be the largest breach yet to affect a university. The college staff is urging all those who receive such messages to not respond and is providing victims with free credit monitoring services. Read more.

LinkedIn user data for sale on hacker forum

Cybersecurity news and research site CyberNews reports that the data from 500 million LinkedIn users has been posted for sale on a forum popular with hackers and cybercriminals. LinkedIn states that the data is actually scraped from multiple sources and is not the result of a breach on the platform. The information is not as sensitive as credit card numbers or Social Security data, but can still be used to target people for scams or robocalls. The huge number of users affected amount to around 75% of LinkedIn’s total user base. Read more.

Kentucky state unemployment site shut down after cyberattack

Kentucky’s state unemployment website will be shut down for four days after being hit with a massive cyberattack. The shutdown is said to be required to enhance the system’s security with new features, including requiring users to use longer PIN numbers. It is reported that weak, easily-guessed PIN numbers played a significant role in the site’s vulnerability to hackers. It is currently unclear if the attack was carried out by one individual or a group of criminals. Read more.

Disclosures regarding data breaches drop

Audit Analytics has released a report titled “Trends in Cybersecurity Breach Disclosures” that states that public disclosures of data exposures and hacks have dropped in 2020. This is despite the fact that such cyber attacks have increased in frequency. The report also found that of the breaches disclosed, many did not specify the type of the attack or the nature of information exposed. Additionally, the report provides data regarding what kinds of information is most vulnerable, and the time taken to both discover and disclose breaches. Read more.

“Significant” cyberattack carried out against EU Institutions

Bloomberg reports that a cyberattack has been launched against several European Union institutions. Conclusive information regarding the attack has not yet been posted with a commission spokesperson referring to the hack as an “IT security incident.” No breach of critical information has been detected, however the attack was larger than most and was serious enough to have warranted the attention of senior officials. Read more.

CISA: SAP application targeted by malicious cyber activity

According to security researchers from Onapsis, SAP systems that are not properly configured or require updating remain at high risk for attack. The threats observed could lead to full control of SAP applications and, according to a statement from CISA, result in “theft of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and halt of all operations.” Users of SAP are encouraged to read the report and apply recommended updates. Read more.

Malware compromises data of Singapore job-matching site

Singapore-based job matching platform e2i is reporting that around 30,000 users may have had their data compromised in a breach resulting from a malware attack against a third party vendor. e2i has contacted the appropriate authorities, but is facing backlash over the length of time it has taken the company to formally acknowledge the breach given that it was discovered nearly a month ago. The company has stated that it was not the direct target of the hack and will conduct further review of the cybersecurity measures taken by its third party vendors. Read more.

French electronics manufacturer suffers ransomware attack

According to online researchers, world-leading French electronics manufacturer Asteelflash has been hit with a cyberattack from the REvil ransomware gang, also known as Sodinokibi or Sodin. Reports show that the gang was originally demanding a $12 million ransom, but doubled their price to $24 million when the company did not comply. Thus far, Asteelflash has not made a public statement regarding the hack. Read more.

Multiple universities affected by Accellion breach

Data has recently surfaced on the dark web that has been found to be associated with students and staff from the University of Colorado, Yeshiva University, Stanford University, the University of Maryland, Baltimore; the University of Miami, the University of California, and Merced. Victims have received threatening emails and snippets of the data have been shared on Clop, a website known to facilitate ransomware demands. The breach of data is said to be associated with a vulnerability in Accellion software that was discovered and exploited by criminals at the start of the year. Read more.

Connecticut DMV hit with cyberattack

The Connecticut Department of Motor Vehicles is unable to perform emissions testing due to an attack that took its network offline. Reported to be an attempted malware attack, it is still unknown if personal information was accessed during the breach. It is also unknown when the system will be back online, as authorities and technicians work to ensure that the network is completely free from malware. The issue is reported to have affected eight states, and the FBI has been informed of the breach. Read more.

More cybersecurity news

Read more cybersecurity news and articles brought to you by NetworkTigers.

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950

Quantum internet breakthrough could spell death of hacking

0
A quantum processor, for a quantum computer, with three quantum bits (qubits) and three read-out cavities. Source: Wikipedia.

The advent of mass working from home has made many people more aware of the security risks of sending sensitive information via the internet. The best we can do at the moment is make it difficult to intercept and hack your messages – but we can’t make it impossible.

What we need is a new type of internet: the quantum internet. In this version of the global network, data is secure, connections are private and your worries about information being intercepted are a thing of the past.

My colleagues and I have just made a breakthrough, published in Science Advances, that will make such a quantum internet possible by scaling up the concepts behind it using existing telecommunications infrastructure.

Our current way of protecting online data is to encrypt it using mathematical problems that are easy to solve if you have a digital “key” to unlock the encryption but hard to solve without it. However, hard does not mean impossible and, with enough time and computer power, today’s methods of encryption can be broken.

Quantum communication, on the other hand, creates keys using individual particles of light (photons) , which – according to the principles of quantum physics – are impossible to make an exact copy of. Any attempt to copy these keys will unavoidably cause errors that can be detected. This means a hacker, no matter how clever or powerful they are or what kind of supercomputer they possess, cannot replicate a quantum key or read the message it encrypts.

This concept has already been demonstrated in satellites and over fibre-optic cables, and used to send secure messages between different countries. So why are we not already using in everyday life? The problem is that it requires expensive, specialised technology that means it’s not currently scalable.

Previous quantum communication techniques were like pairs of children’s walkie talkies. You need one pair of handsets for every pair of users that want to securely communicate. So if three children want to talk to each other they will need three pairs of handsets (or six walkie talkies) and each child must have two of them. If eight children want to talk to each other they would need 56 walkie talkies.

Securely connecting all

Obviously it’s not practical for someone to have a separate device for every person or website they want to communicate with over the internet. So we figured out a way to securely connect every user with just one device each, more similar to phones than walkie talkies.

Each walkie talkie handset acts as both a transmitter and a receiver in order to share the quantum keys that make communication secure. In our model, users only need a receiver because they get the photons to generate their keys from a central transmitter.

This is possible because of another principle of quantum physics called “entanglement”. A photon can’t be exactly copied but it can be entangled with another photon so that they both behave in the same way when measured, no matter how far apart they are – what Albert Einstein called “spooky action at a distance”.

Full network

When two users want to communicate, our transmitter sends them an entangled pair of photons – one particle for each user. The users’ devices then perform a series of measurements on these photons to create a shared secret quantum key. They can then encrypt their messages with this key and transfer them securely.

By using multiplexing, a common telecommunications technique of combining or splitting signals, we can effectively send these entangled photon pairs to multiple combinations of people at once.

We can also send many signals to each user in a way that they can all be simultaneously decoded. In this way we’ve effectively replaced pairs of walkie talkies with a system more similar to a video call with multiple participants, in which you can communicate with each user privately and independently as well as all at once.

We’ve so far tested this concept by connecting eight users across a single city. We are now working to improve the speed of our network and interconnect several such networks. Collaborators have already started using our quantum network as a test bed for several exciting applications beyond just quantum communication.

We also hope to develop even better quantum networks based on this technology with commercial partners in the next few years. With innovations like this, I hope to witness the beginning of the quantum internet in the next ten years.

  • Siddarth Koduru Joshi is Research Fellow in Quantum Communication, University of Bristol. This article originally appeared on TheConversation.

 

Cybersecurity news week ending 4 Apr 2021 ~ NetworkTigers

0
Data leak, hacker ~ News.NetworkTigers

Cybersecurity news provided by NetworkTigers on Monday, 05 April 2021.

CLAREMONT, CA — Facebook users personal data leaked, Capital One confirms more data than previously thought leaked, DeepDotWed seized by the FBI, Accellion hack results in New York college data leak, data breach at Texas hospital, personal information for 3.5 million users posted for sale, whistleblower claims Ubiquiti’s legal tean silenced data leak disclosure, student data leaked in Georgia county school district, over half Indian organisations hacked in the last year, DHS officials hacked in SolarWinds breach, Australian TV network and parliament under cyberattack.

Personal data from 500 million Facebook users found online

While the information appears to be from several years ago, Business Insider has reported that data from more than 500 million Facebook users covering 106 countries has been found online. The leaked information contains names and phone numbers, including the phone number for Facebook CEO Mark Zuckerberg. While Facebook has stated that the data in question is old and resulted from a security issue that has long been resolved, the leak once more highlights the vast amount of personal user data the social network retains. Read more.

Capital One discloses updated research on 2019 hack

US bank Capital One experienced a hack in 2019 that impacted data associated with over 100 million people. According to Capital One, information related to this hack has been recently reanalyzed and findings have determined that more Social Security information was stolen than originally believed. The bank has issued a statement to clients thought to be affected and is offering free credit monitoring services. Read more.

Dark web news site administrator pleads guilty to conspiracy

DeepDotWeb, a site dedicated to news and current events regarding activity on the dark web, has been seized by the FBI. The site’s administrator, Tal Prihar, has pleaded guilty to conspiracy to commit money laundering in a US court after it was found that he was profiting by providing links to customers allowing them to make illegal purchases on the dark web. In total, it is reported that Prahar and his co-defendant Michael Phan made $8.4 million over the course of the site’s life, using shell companies and various Bitcoin accounts to conceal the nature of their funds. Read more.

Accellion hack results in stolen information from New York college

The IT department of New York City’s Yeshiva University has disclosed to students via email on April 1st that their network had sustained a “data security incident.” The department explains that an unauthorized user has been sending emails to those associated with YU threatening to publish stolen sensitive information. It is understood that the hack took place due to YU’s usage of third party Accellion, who recently suffered a major, widespread data breach. Read more.

Texas hospital experiences breach of patient data

Memorial Hermann hospital in Houston, Texas has informed its patients that their personal data may have been exposed in a breach involving Med-Data, Incorporated, a third party company used to provide solutions for Medicaid eligibility and patient billing. Due to human error, some of Med-Data’s sensitive information was posted to a public-facing website. The data exposed includes Social Security numbers, names, addresses, and information regarding medical diagnoses and conditions. Med-Data, Incorporated has provided those affected with a credit monitoring service, implemented new security measures, and informed law enforcement of the nature of the breach. Read more.

Posting on dark web reveals giant data theft in India

A staggering 8.2TB of personal information affecting 3.5 million users has been posted for sale on the dark web. The data is allegedly from payment platform MobiKwik and contains names, addresses, credit card numbers, and more. MobiKwik has been receiving public admonishment over their handling of the situation due to their initial denial of being the source of the breach in spite of users being able to find information that is unique to their usage of the MobiKwik platform within the leak. Read more.

Breach of Ubiquiti said to be worse than officially reported

Earlier this year, cloud-enabled device vendor Ubiquiti reported that it had suffered a data breach due to third-party vendor exposing customer data. According to an anonymous whistleblower familiar with the situation, the third-party vendor aspect of the statement was deliberately misleading. The whistleblower claims that Ubiquiti’s legal team worked to silence any disclosure of the fact that the company itself had actually suffered a “catastrophic” cybersecurity event. The whistleblower is accusing the company of being negligent with regard to customer data in order to avoid a drop in its stock price. Read more.

Student data in Georgia county school district leaked

PCS Revenue Control Systems, Inc. is emailing the parents of students in the Dekalb County School District regarding a December, 2019 security breach. According to PCS, unauthorized access was detected regarding files associated with its managed student meal programs. The data exposed includes names, Social Security numbers, and birth dates. PCS stated that it has found no evidence of any of the data being misused and has provided those affected with a credit monitoring survive. The Dekalb County School District has not reported any security breaches. Read more.

More than half of all Indian companies hacked in past year

Cybersecurity firm Sophos is reporting that 52% of all Indian organizations have been the victim of successful cyber attacks over the past year. A large majority of those businesses labeled their breaches as “severe” and a significant portion of those attacked were left scrambling to fix the damage for over a week. The report also details that company cybersecurity budgets in India have remained largely the same in spite of the increasing frequency of cyberattacks. Read more.

Highest ranking DHS officials were hacked in SolarWinds breach

Calling into question the US government’s ability to protect itself and others against cyberattacks, it has been revealed that the email accounts of top DHS officials had been compromised in the SolarWinds intrusion. Sources say that the federal agencies that fell victim struggled to identify and mitigate the hack due to outdated technology that was not fully equipped to deal with modern, sophisticated threats. Both the SolarWinds hack as well as the recent hack of Microsoft Exchange were discovered not by the federal government but by private companies. Read more. 

Australian TV network and parliament hit by cyberattacks

In what is being called the biggest hack of a media outlet in the country’s history, Australian broadcaster 9 News was taken off the air for more than 24 hours as it sustained a “significant, sophisticated” attack. The breach is being investigated by the Australian Cyber Security Centre. Australia’s federal parliament computer networks were also attacked, although authorities are not currently sure if the crimes are connected and have stated that the attack on the government network was not successful. Read more.

More cybersecurity news

Read more cybersecurity news and articles brought to you by NetworkTigers.

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950

Small business cybercrime: How to protect your network

0
Small business cybercrime

Small business cybercrime is a stark reality for today’s entrepreneurs. While “cybersecurity” used to be a word associated with giant corporations and government agencies, protection against malware, data breaches, and the theft of sensitive information requires critical consideration for small businesses as well. Cybercriminals often target small companies because their networks are inadequately protected. Small businesses also tend to lack the means to pursue the perpetrators after the attack, and many are never able to fully recover. 60% of small businesses actually end up permanently shutting their doors within months of being hacked.

How to protect against small business cybercrime

There are some key ways you can fortify your business against attack. Here are six practices for keeping your small business protected from the bad guys:

1. Don’t store unnecessary sensitive data

Hackers can only gain access to what you store. Data such as credit card information, social security numbers, mailing addresses, etc. should not be held on file unless it is crucial to the process of doing business. Apart from the possibility of stolen data causing harm to your clients, your business may also be held responsible for not protecting their information adequately. All businesses have to comply with standards such as Payment Card Industry Data Security Standard (PCI SS). 

2. Use reputable ecommerce sources

Trusted, reputable ecommerce sites have built in security that keeps sensitive client information safe. As an added bonus, they also provide systems to ensure PCI SS compliance.

3. Be vigilant against small business cybercrime

Security risks can remain unnoticed until it is too late. Ecommerce sites provide monitoring tools and alerts that can help you locate and respond to suspicious activity. These tools should be utilized to their fullest extent, but old fashioned manual checkups should also be a part of every security assessment.

4. Use strong passwords

Password strength is a basic, foundational pillar of security integrity. The strongest passwords consist of a series of randomized letters, numbers, and symbols. While these are not as easy to recall or guess as your high school mascot, that’s exactly the point. Avoid using your company name or any sequential characters, and change your login credentials several times throughout the year. Be careful not to use the same password across multiple platforms, and never store lists of passwords online in your documents or emails.

5. Use a firewall

Firewalls are a crucial defense against malicious software and bad actors. By monitoring the activity in your network, a firewall can block unwanted traffic or unauthorized users from gaining access to your system. They can be configured to business requirements and should be chosen carefully for optimum security.

6. Keep your website and software regularly updated

Operating systems and websites should be updated regularly to stay ahead of new vulnerabilities and hacks. Set up automatic updates and keep an eye on urgent security matters that arise between scheduled installations.

Best practices to protect against small business cybercrime

Small business cybercrime may rarely make the national headlines, but it is far more common than the large, corporate attacks that do. Ask yourself:

  1. Does your company store only the customer data required to do business?
  2. Is your ecommerce platform well-known and reputable?
  3. Do you actively check and monitor for vulnerabilities?
  4. Are your passwords strong and regularly changed?
  5. Do you have a firewall?
  6. Is your website and software up to date?

Don’t let your small business become a victim of cybercrime! If you cannot answer yes to all of these questions, it’s time to think seriously about improving your company’s cybersecurity.

What is a network switch and why do you need one?

0
Network switch ~ NetworkTigers

A network switch is a common and useful multi-port device that allows the creation of a wired network to connect the equipment in your office. Unlike a traditional hub which inefficiently pushes data to all of its ports at all times, a network switch actually directs the data running through it by prioritizing traffic to the connected devices that currently require it and withholding it from those that do not.

Why do you need a network switch?

An inefficient network can have a ripple effect on your company. Slow data transfers are frustrating and expensive. The time wasted due to laggy responses, downtime in the middle of projects, and waiting for even small tasks to be completed can add up over the course of a project. The bottom line is that a slow network means slow business.

A switch is essential for office environments with a large number of devices and computers running on the same network. However, even small home offices and bare bones operations will benefit from the increased speed and bandwidth offered by incorporating a switch into their traffic flow. Using a switch also allows for hassle free network growth and futureproofing. As your network expands to encompass more devices, more employees, and more computers, you don’t need to worry about its performance suffering as a result.

Companies that prioritize efficiency and forward momentum rely on network switches to keep their infrastructure speedy and their devices consistently communicating.

Three types of network switch

Switches come in a variety of configurations with regard to the speed they support, their physical size, and the number of ports on them. However there are three main types of network switch:

1. Unmanaged network switches

Unmanaged switches are usually “plug and play,” meaning that they’re set to predetermined specifications out of the box without the need for user configuration prior to incorporating it into their network.

This type of switch is a basic building block for most small networks in need of no-frills, set it and forget it connectivity. However, this simplicity is generally too limited for enterprise use due to its lack of customizable features.

2. Managed network switches

Managed switches are a more advanced, specialized option for those who have specific needs and requirements when it comes to their data traffic and security. They require configuration before installation and come at a higher price point than the unmanaged alternatives, so while they may not be the favored choice for the smallest businesses, they are indispensable for data centers and large networks.

3. Smart network switches

Smart switches find themselves in the middle ground between managed and unmanaged models. Smart switches tend to be a more affordable alternative to managed switches, although they are not as fully configurable which may prove to be frustrating for those looking under the hood for features such as IP multi-casting. Smart switches are an excellent choice for those seeking more options when it comes to their data traffic but who don’t need every bell and whistle to properly streamline their network.

What to know before buying a network switch

Keep in mind the following questions as you research network switch options.

1. How many users will be on the network?

How many employees will be using the network? Will they use it at the same time or do they work in different shifts? Do you anticipate growth in your staff and therefore your network? How much and over how long? Ultimately, the goal is to maintain a network that performs at its best for all connected users at all times.

2. How many ports will you need?

Consider not just the users on the network, but the devices. Printers, scanners, telephones, cameras, and everything in between comprise your entire network. Keep in mind that that as businesses grow, so does the need for devices and data. The number of ports you need today could be a limiting factor down the road. Futureproof your switch by getting one with more ports than you currently need.

3. Will I need power?

Some network switches provide power to devices along with data. These switches are popular in special circumstances because they allow for less cable and fewer power sources. While these switches will not power your desktop computer or copy machine, they are an excellent option for systems that include security cameras or other low power devices spread over wide areas. Consider a network switch with power-over-ethernet (POE) if your network is going to include security cameras that allow for that arrangement.

4. What about speed?

Switches are available in a variety of configurations supporting speeds from 10/100 Mbps to 40/100 Gbps. Most small businesses will do fine with middle of the road specifications supported, but be aware of the kind of data your network will be handling. A production office focusing on 4K video and graphic design will have very different requirements compared to a small insurance office transferring mostly documents.

Network switch summary

A network switch can simplify your infrastructure and keep your business humming along well into the future. With careful thought and consideration, an appropriately selected new or used network switch will allow you to:

  • Expand your network
  • Enjoy more bandwidth
  • Ease customization
  • Monitor your data
  • Remove traffic bottlenecks
  • Future proof your network

Cybersecurity news week ending 28 Mar 2021 ~ NetworkTigers

0
data breach - News from NetworkTigers

Cybersecurity news provided by NetworkTigers on Monday, 29 March 2021.

CLAREMONT, CA — Spear-phishing attack on German parliament, FBI Cyber Division issues flash alert, financial firm CNA goes offline because of hackers, British fashion retailer FatFace suffers data breach, university information leaked, broker accidentally exposes customer data, vulnerability discovered in 5G network slicing, disgruntled contractor jailed after cyberattack, petrochemical giant Shell suffers data breach, and comic hosting website offline after cyberattack.

German parliament targeted by hackers

A spear-phishing attack that used legitimate looking emails that appeared to be from trusted sources has targeted almost 40 members of the German parliament. The parties responsible for the attack have not yet been named, and it has been stated that some of the emails were effective in deceiving parliament officials into opening them. The attack has been reported to have targeted political activists as well. This is the second breach of this nature since one that was effectively carried out by Russian hackers in 2015. Read more.

Mamba ransomware triggers alert from FBI

The prevalence of Mamba, a piece of malware that piggybacks the open source full-disk encryption product known as DiskCryptor, has prompted the FBI’s Cyber Division to issue a flash alert. According to the FBI’s statement, the ransomware has been deployed against different levels of government, public transit systems, and commercial users. By “weaponizing” DiskCryptor, Mamba is able to encrypt an entire system. Users are then prompted with a ransom demand. The FBI has posted mitigation suggestions regarding the threat. Read more.

Major financial corporation CNA goes offline after cyberattack

Chicago-based financial firm CNA has suffered a breach that has resulted in those visiting the website to land on a page in which the company explains that hackers have caused disruption to the site. According to their statement, CNA has disconnected their systems from the network out of an “abundance of caution” after sustaining a “sophisticated cybersecurity attack.” Currently, there is no information to suggest that the attack impacted customer data and the company says that its systems, while disconnected, are also unaffected. The company has stated that it is implementing workarounds for those who have been thrown into disarray by the hack and is currently working with a third party forensics team as well as law enforcement. Read more.

Personal banking information stolen from British fashion retailer FatFace

British fashion retailer FatFace has suffered a data breach that has compromised the personal data of both its customers and employees, including sensitive banking information and home addresses. While the company remains firm in its statement that the information leaked cannot be used to make fraudulent transactions, experts say that those affected should be diligent. FatFace has offered its staff a one year free membership to Experian Identity Plus in order to monitor their personal data. Read more.

University information leaked online

Private information accessed from the University of Colorado and the University of Miami via the exploit of Accellion has been leaked online. It is reported that the stolen information is posted on a website closely associated with Clop, a more recent type of ransomware. Both schools have made arrangements to mitigate damage associated with the hack, with the University of Miami stating that the breach had a minimal impact on their system and the University of Colorado saying that they will be using a new vendor for their file sharing needs going forward. Read more.

Online trading broker accidentally exposes customer data

FBS, one of the world’s most popular exchange brokers for online trading, has reportedly leaked over 20TB of sensitive data after it left a cloud based server open with no password protection. The breach exposed the data of millions of users and was discovered by researchers at WizCase, an online cybersecurity review site. The information leaked includes a great deal of critical details including home addresses and financial information which could not only lead to identity theft but actual robbery attempts as well, especially with regard to more wealthy users. Read more.

Vulnerability discovered in 5G network slicing

Dublin-based AdaptiveMobile Security has revealed that it has uncovered a flaw in 5G network slicing, a traffic management optimization that is one of 5G’s most forward-thinking features. AdaptiveMobile discovered that the utilization of multiple instances of network slicing could open up opportunities for hackers to access critical data. The company has stated that it is working with 5G mobile network operators to continue to highlight potential security risks and provide a roadmap for best practices going forward with regard to 5G and cyber security. Read more.

Disgruntled contractor sentenced to jail for cyberattack

Deepanshu Kher, in an apparent act of revenge resulting from the termination of his contract, has been sentenced to jail after hacking into a Carlsbad company server and deleting more than 12,000 user accounts. Kher was reportedly angry due to being fired after the company was not satisfied with his work. The damage done is said to have shut the company down for two days. Kher has been sentenced to two years in prison as a result of the sabotage. Read more.

Shell energy company suffers data breach

Multinational energy and petrochemical giant Shell has disclosed that it suffered a data breach as a result of the hack of Accellion. Shell has stated that the breach did not have an effect on its core IT system thanks to its usage of Accellion’s file sharing services being isolated. The information accessed is reportedly largely associated with Shell’s subsidiary companies and stakeholders. Read more.

Comic hosting website offline due to cyberattack

MangaDex, a website that hosts free manga comics, was taken offline after it was discovered that a malicious hacker had accessed the site’s administrator account which then allowed them entry into a database of user information. The hack was then followed by the individual emailing users of the site and boasting of the site’s security vulnerabilities. Users have been instructed to change their passwords, and the site will remain offline until administrators are confident that they have addressed all weaknesses. Read more.

More cybersecurity news

Read more cybersecurity news and articles brought to you by NetworkTigers.

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950