Category Archives: Security

Malvertising – Hiding In Plain Sight

Malvertising – Hiding In Plain Sight

Security Vulnerabilities In Advertising

Bad guys never quit trying to be bad guys. For as long as there have been personal computers, we have had to put up with viruses, malware, spam, and a host of other carefully created annoyances whose danger level ranges from mild to catastrophic.

We can now add malvertising to this list – a technique by which ads containing malware appear on otherwise trustworthy mainstream sites, and which burrow into a user’s PC.

The creators of these false ads capitalize on an essential open market in which any given page, such as belonging to a legitimate news site or search tool, makes space available for an ad, but the ad itself is customized to the specific viewer, by any combination of variables, such as country, browser software used, or search terms used. As Bromium’s Rahul Kashyap writes in Wired, “an attacker wishing to go after U.S. federal government employees, for example, could rig a malicious ad that only appears when major ad networks see someone in the U.S. using an older version of Internet Explorer (IE) on Windows XP, for example and typing “extended support for Windows XP government” or “government travel allowance” into a search engine. Similarly, an attacker looking to compromise certain high value victims can emplace malicious ads configured to appear in front of attorneys, scientists or other individuals who might be keyword-searching hotel rates at sensitive industry conferences or other gatherings.”

The Good And Bad Guys!

advertising-malware

According to security specialists, Bullguard, there are two types of malvertising methods:

The first involves the placement of “clean” ads on trusted sites, leaving them there to gain a “good reputation”. Later, the bad guys “insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus. In this case, because the ad network infrastructure is very complex with many linked connections between ads and click-through destinations, the criminals’ identity can hardly be traced.

The second approach turns “legitimate ads into malicious ads is by hacking trusted sites and injecting viruses into banner ads. Usually, the next day – after the harm’s been done – they’re gone.

According to the Online Trust Alliance, these ads comprise fewer than one percent of all online ads, but due to the nature by which they propagate, their destructive power is easily magnified. Mobile devices are particularly at risk, due to their propensity to bypass traditional malware detection methods.

Among the suggestions put forth by Bullguard for avoiding getting caught by these false ads: keep your antivirus software up to date, don’t click on any pop-up ads or surveys, and be extra careful on weekends, “when IT resources are low and attacks are less likely to be noticed.”

(Image Source: Shutterstock)

By Steve Prentice

The Importance of the Cloud-Based Repository

The Importance of the Cloud-Based Repository

Backup your backup

One of the most attractive features of cloud technology for the average user is the ability to store documents, files, photos and everything else of importance in a cloud-based repository. This has become such a normal and reliable part of existence for many that the notion of losing stored files is almost inconceivable – until it happens.

DropBox has become one of the most popular cloud-storage systems in existence, but it has not been without its security failures. One of the most recent and infamous occurred in October 2014, and involved the alleged theft of 7 million user accounts. DropBox was quick to publicly address the issue, and stated that the breach was due to “third-party services that users allowed to access their accounts.”

DropBox is not alone in these types of security problems, whether the source is a coordinated hack, a glitch, or end-user misuse. Such irregularities do, however, send a shock to the collective system and force the question as to whether duplicate backups are still as necessary as ever. Added to this is the fact that more and more people are choosing to bring their own tablets and computers to work, and are consequently relying on the cloud to act as their central storage site.

A further concern is the size and amount of the data being backed up as well as the upload speed and throttling being imposed.

What Are The Options?

storage-network

Some experts suggest reverting to traditional hard backups of crucial data, either to a company network drive or even to a physical drive, such as a USB stick. DropBox, and others feel, however, that better password management is the ideal solution.

Tech blogger Chris Hoffman suggests a wide range of backup options, including built-in Windows solutions and third-party software as a complement to the cloud.

One key notion to consider is permanence: how often will you be out of touch – severed from the Internet and the cloud? For most people, total temporary excommunication from the Internet is a rare thing, possibly only occurring during a network crash or a city-wide power failure. But even in those circumstances, it is usually possible to re-join via another channel such as a cellphone. As such, an ideal approach might be to use a second cloud backup provider for your most crucial documents: a totally separate system with its own set of passwords.

The ultimate acid test for any company of any size is to ask the simple question: “If I was cut off from my files at this very moment, what would that mean?” The answer to this question should be written down and then acted upon.

With the exception of trips to Internet-deficient areas of the world, or long flights in non-Wifi-enabled planes, both of which allow for adequate preparation, the odds of being separated from the cloud seem low. However, they are still odds, and for them to stay in your favor, a pragmatic and redundant storage and retrieval system must be considered an essential component of business.

By Steve Prentice

Migrating to a Business Cloud (5 Warnings)

Migrating to a Business Cloud (5 Warnings)

Migrating to a Business Cloud 

In theory, migrating to cloud computing should be easy. Choose a cloud provider, move the files to the data server and everything is good to go. While that may work for the personal cloud, migrating into a business cloud format is a lot more complicated.

As Ann Bednarz pointed out in a CIO.com article, companies are dealing with IT legacy systems that have been in place for years, and this makes switching to a cloud format all the more difficult.

Here are five issues to watch out for when turning to cloud computing:

Migration TimeTable 

Christopher_Messer
Christopher Messer

Complications may arise if organizations don’t take ample time to plan out their migration path and clearly identify their needs. “Complications usually revolve around overly aggressive migration timetables and not having enough time to sync large amounts of data, or not enough cycles being allocated to mapping out the new workflow for employees on the new cloud platform,” said Chris Messer, vice president of technology at Coretelligent.

It’s critical to not attempt to migrate multiple services, data-sets or interconnected and complicated services with a large number of dependencies without careful planning and a clear understanding of how all the services will operate on the new cloud platform, Messer added. “Most cloud migration challenges can be easily avoided by allocating ample time to both the planning and execution and migration phases of the project. Businesses need to ensure that they’re working with an experienced vendor, or that their IT team is leveraging a proven method or product for the migration

Security 

Even though security within the cloud has improved over the past few years, it remains one of the more complicated issues involved with cloud migration. As Asaf Cidon, CEO of Sookasa, pointed out, business owners need to think not just about the security of their data in the cloud, but also the security of the data on the devices accessing the cloud.

A move to the cloud will not magically improve security around your application or service, nor will it automatically maintain the good security controls and procedures you have in place presently. “Your organization needs to bring all the stakeholders to the table and think about what will change and what will remain the same with regard to security,” Hazdra from Neohapsis said. These stakeholders typically include the line-of-business manager, IT application development team leads, your information security team, and potentially representation from legal and compliance teams.

Shadow Cloud

shadow-it-cloud

Before the cloud migration even happens, IT departments need to realize a simple fact: employees are already using the cloud. And they are already storing corporate data there. They aren’t waiting for the company to use cloud computing, and the use of Shadow Cloud can great a lot of headaches for IT, Rajiv Gupta, CEO of Skyhigh Networks explains. IT departments need to investigate how their employees are already using the cloud and then work to migrate that use from Shadow Cloud formats into the organization-designated cloud.

Picking the Right Provider 

When it comes to cloud computing, the service provider is one of the most important elements. Choose the wrong provider, and it could cost the company thousands of dollars in security-related costs, lost or compromised data, too much down time, and other headaches. According to Stephen Pao, GM of Security Business at Barracuda, before moving to the cloud, IT decision makers need to ask questions such as: What are the agreement service levels and agreement objectives? Are there any additional service charges or hidden fees? Is there a service level objective or does it cost extra to have more services? Read the best cloud reviews. The way to avoid problems is to know what the provider can do for your company – and what it cannot do – before signing any formal agreements.

Flexibility of Infrastructure Choices 

david-bio
David W. Hsieh

One of the best things about the cloud is the number of choices available. One of the worst things about the cloud is the number of choices available. The cloud can actually reduce the amount of flexibility a company has over its infrastructure choices, according to David Hsieh, VP of Marketing at Instart Logic. “Cloud providers offer a menu of choices, but you have to choose from their options — there’s usually no ‘substitutions’ or ‘secret menu’ items you can choose from. This can cause a certain degree of inefficiency because you can’t fully tailor your infrastructure to meet specific needs.”

There will always be some manner of risk involved with migrating business functions to the cloud, but as companies become more reliant on the cloud – especially as mobile access increases – there will be risks with not moving to the cloud, as well.

It is highly beneficial for all of the teams mentioned above to analyze, assess and present what they view as the benefits and risks so effective business decisions can be made,” said Hazdra. “Cloud migration projects offer an excellent opportunity to review and improve upon the security controls present in your organization.”

By Jeremy Page

Cloud Infographic – CloudTrends Report 2014

Cloud Infographic – CloudTrends Report 2014

CloudTrends Report 2014

Report finds that enterprise-managed services for greater visibility, control, QoS and security of cloud applications are on the rise

Key findings of the Allot CloudTrends Report include:

  • Over 45% of CSPs are offering public cloud applications and services for enterprises ranging from basic email and storage to fully-fledged unified communications, CRM and ERP solutions.
  • Microsoft Office 365 is the most prevalent office suite offered by CSPs to SMBs and Enterprise with over 33% of CSPs surveyed offering the Microsoft platform. Office 365 represents over 90% of the virtualized office suite type offerings, while the Google Apps offering comes in at a distant 8%.
  •  QoS management for cloud services lags behind basic adoption. Just 23% of CSPs are currently offering QoS and/or visibility solutions for mission-critical applications and 32% of CSPs offer some form of cloud-based security service such as anti-DDoS or URL filtering.
  •  QoS management for cloud services is much more prevalent when unified communications, Office, and Microsoft Lync are involved, indicating the need to actively manage access to these critical applications. With unified communications, 32% of CSPs offer QoS management, 48% offer Office applications and 50% offer Microsoft Lync.

Higher Quality PDF Version

INF_CloudTrends_H2_2014_US_Publish (1)_001

INF_CloudTrends_H2_2014_US_Publish (1)_002

Don’t Go Breaking my Heart – Wearables and Your Health

Don’t Go Breaking my Heart – Wearables and Your Health

Wearables and Your Health

Former Vice President Dick Cheney famously admitted recently that he had the wireless feature of his pacemaker turned off. The ex-VP, who has a history of cardiac trouble, recently underwent a pacemaker upgrade, but is naturally reluctant to leave it exposed to hackers who might find a way of remotely shutting it down. Mr. Cheney’s situation is one of the more famous examples of the dangers lurking within wearables, those devices that connect humans to the Internet of Things more closely and more permanently.

Jimmy Nichols of CBR points out a number of distinct areas of vulnerability for wearables wearers, which include, on the health front, privacy violations and compilation of data regarding the products we consume and even our state of health – which might adversely affect insurance rates; and medical failure, in which connected technologies that ordinarily allow physicians or nurses to access patients’ vital signs and machinery remotely, might fall into the wrong hands.

Such dire yet legitimate warnings tend to scare away many who fear the dangers of technological progress more than they revel in its promise. But alongside, or in spite of, the efforts of the bad guys, wearable technology continues to offer great leaps forward in health care. External technologies range from intelligent tracking devices that monitor a hospital inpatient’s vital signs through RFID, through to new methods of diagnosis and drug-free healing.

Jim-Johnson
CEO-Jim-Johnson

Just one of these, called “below sensory nocturnal therapy DC stimulation” offers DC electrical stimulation into a patient’s tissue during sleeping hours when the body’s immune and regenerative systems are most active. The developers of this therapy, Prizm Medical, showcased its potential at the Wearable Technologies Show in Dusseldorf, in November 2014. Prizm CEO Jim Johnson acknowledged that the big players, such as Apple and Google are getting into the medical and sports medicine market space, which means everyone should pay attention.

Wearables are also making their mark in the treatment of Ebola and other highly infectious diseases.

These range from hand washing hygiene monitors to infrared cameras that can detect higher-than-normal body heat and which can be mounted on a cellphone camera case. Additional technologies include 48-hour body thermometers that attach to the skin, and location software that help calculate the risk to caregivers based on time spent at a specific location where an Ebola patient was situated.

Another vendor at the Dusseldorf MEDICA show, Evena Medical, demonstrated their smart glasses, which help in the difficult process of venipuncture (inserting needles into patients’ veins.) This seemingly common procedure is very difficult when dealing with Ebola patients, and according to the Infusion Nurses Society (INS), first attempts fail 40 percent of the time. The smart glasses help make “invisible” veins visible to medical staff, speeding up the process and rendering it safer.

Wearables promise to deliver major innovations in health care and treatment. As with all other types of intelligent devices, however, the human operators themselves must seek to remain on guard. They must change their perception of a simple device such as a thermometer from being an isolated device to being part of a matrix of shared information and access. This will serve as a major barrier against invasion and criminal misuse.

By Steve Prentice

Cloud Infographic –  DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms

Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive record.

An effective incident response program, including one where a security information and event management (SIEM) is in place to detect compromises earlier, helps lower the cost of a compromise. Yet in the SANS and AlienVault survey, 85% of the security professionals polled reported that they aren’t using a SIEM to support in staying ahead of the threat.

Included is an infographic provided courtesy of AlienVault.

AlienVault-IncidentResponse-infosec1

Juniper Reports Discovers Mobile Commerce Growth Powered By The Cloud

Juniper Reports Discovers Mobile Commerce Growth Powered By The Cloud

Juniper Reports Discovers Mobile Commerce Growth

A recently unveiled report from Juniper Research has found that the total number of users who plan to engage in mobile transactions is going to grow considerably over the coming years. They predict that just over 2 billion mobile phone or tablet users will make mobile commerce transactions by the end of 2017, up from 1.6 billion during this calendar year. 

Powered by advances in mobile-based cloud computing and data security, mobile consumption of services such as banking, money transfer and purchases of goods and services is surging as consumers either migrate from desktop usage or become first-time eCommerce users through their smartphones or tablets. Juniper believe that the key to the huge growth lies in developed markets – claiming that within the next five years, half of all online transactions would be completed on mobile devices, rather than on computers. 

mobile-devices-use

Although the number of 2 billion seems huge, Juniper apply a fairly liberal definition to the term ‘mobile commerce’. They define it as anything people do regarding finance on mobile devices (mainly smartphones and tablets) – including everything from banking to money transfers and from eBay e-commerce transactions to app store purchases. 

Away from the more typical transactions, the report also touches on contactless payments. It noted that while the technology still hadn’t garnered much traction outside of Japan and South Korea, the upcoming worldwide rollout and subsequent growth of Apple Pay was expected to provide Near Field Communication (NFC) with real momentum. Apple Pay is already seeing success, with CEO Tim Cook recently noting that more than 1 million credit cards were activated with Apple Pay, while fast food giants McDonald’s has said that half of US touch purchase transactions are made using Apple Pay). 

The final significant finding of note was the potential of social networks in accelerating mobile commerce adoption. According to report author Dr Windsor Holden: “Brands and retailers should certainly seek to integrate their offerings with players such as Facebook and FourSquare. Integration offers reach, allied to the potential to target specific user demographics”. Her suggestion of letting brands and retailers integrate with social networks such as Facebook and Foursquare is especially noteworthy given Facebook is working on integrating payments into its Messenger app, which recently surpassed 500 million monthly active users. Facebook CEO Mark Zuckerberg, however, has cautioned payments wouldn’t be coming anytime soon. 

It’s not all positive though – as ever, security concerns feature prominently. Indeed, the report notes that consumer concerns around transaction security remain the primary inhibitor on service adoption.

What do you think? Can NFC and mobile commerce replace traditional in-shop purchases? Could it even remove the need for physical banks entirely? Let us know your thoughts in the comments below.

(Image Source: Shutterstock)

By Daniel Price

The Importance of Password Management – Do the Eyes have it?

The Importance of Password Management – Do the Eyes have it?

The Importance of Password Management

One of the main drawbacks to the borderless space that comprises the cloud is that of security. Recent breaches such as Heartbleed, Target and Home Depot demonstrate that crucial data – the passwords and PINs that keep the bad guys away from our money and information, need constant vigilance and upkeep, primarily in terms of keeping passwords complicated and unique.

For many, this becomes too much work, which is why the most common passwords, such as 123456 are still heavily used.

The importance of security has always been paramount, but is about to become a whole lot more critical as the Internet of Things opens the world of data up from simply PCs and phones to refrigerators, baby monitors, home automation systems and much more. With each of these items able to talk to each other across a common platform, any one simple misappropriated password attached to one device becomes the entryway that can infect an entire system, much like the hugely complex human body can be brought down by a single insect bite or infected needle.

The Open Web Application Security Project (OWASP) recently released a list of the top ten security weaknesses of the Internet of Things, which included Insecure Web Interface, Insufficient Authentication/Authorization, Lack of Transport Encryption, Insufficient Security Configurability, and Poor Physical Security.

One company that seeks to change this is Eyelock, a New York City-based company whose new product, Myris, promises to deliver secure access literally in the blink of an eye. It sells an inexpensive device that consists essentially of a mirror and a camera to read the unique pattern of a person’s iris, and can do so even if the individual is wearing glasses. Eyelock’s people state that the application can also distinguish between a real eye and a picture of an eye.

eyelock

Iris and retina readers are the newest and most James Bond-like of security devices, but just below them on the glamour scale rests another concept, that of the online password keeper. Applications such as LastPass not only remember all the passwords that a user might have for his/her many applications and websites, but also generates highly complex ones consisting of numbers, letters and symbols. The idea behind LastPass is that the only password needed from this point on is the one that opens up the LastPass application itself.

Such sophisticated approaches to defending data are only as strong as the weakest link, which, as always, is the human user. From the overly simple (123456, qwerty and the actual word “password” topped the Huffington Post’s annual ranking of bad passwords for 2013), through to sloppy human usage – leaving a browser open, leaving passwords written down, or forgetting to log off – human actions will always be the ones that will leave a computer – and every single device that the computer can talk to – open and exposed.

Literacy, in the age of the Internet of Things is about information management, and this includes protection of that information.

By Steve Prentice

CloudTweaks Comics
15 Cloud Data Performance Monitoring Companies

15 Cloud Data Performance Monitoring Companies

Cloud Data Performance Monitoring Companies (Updated: Originally Published Feb 9th, 2015) We have decided to put together a small list of some of our favorite cloud performance monitoring services. In this day and age it is extremely important to stay on top of critical issues as they arise. These services will accompany you in monitoring…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Utilizing Digital Marketing Techniques Via The Cloud

Utilizing Digital Marketing Techniques Via The Cloud

Digital Marketing Trends In the past, trends in the exceptionally fast-paced digital marketing arena have been quickly adopted or abandoned, keeping marketers and consumers on their toes. 2016 promises a similarly expeditious temperament, with a few new digital marketing offerings taking center stage. According to Gartner’s recent research into Digital Marketing Hubs, brands plan to…

Surprising Facts and Stats About The Big Data Industry

Surprising Facts and Stats About The Big Data Industry

Facts and Stats About The Big Data Industry If you start talking about big data to someone who is not in the industry, they immediately conjure up images of giant warehouses full of servers, staff poring over page after page of numbers and statistics, and some big brother-esque official sat in a huge government building…

Cloud Infographic – Big Data Analytics Trends

Cloud Infographic – Big Data Analytics Trends

Big Data Analytics Trends As data information and cloud computing continues to work together, the need for data analytics continues to grow. Many tech firms predict that big data volume will grow steadily 40% per year and in 2020, will grow up to 50 times that. This growth will also bring a number of cost…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

Cloud Computing – The Good and the Bad

Cloud Computing – The Good and the Bad

The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be a big part of our future in both business and personal spheres. The current and future possibilities of global access to files and data, remote working opportunities, improved storage structures, and greater solution distribution have…

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and expertise to operate efficient cloud infrastructure and applications. Organizations patronizing those companies benefitted with apps that offered new benefits in flexibility, scalability and cost effectiveness. These days, the sharp division between cloud and on-premises infrastructure…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…