PwC Weekly Security Report - PwC India

Identity and access

Ransomware

Application security

Top story

PwC Weekly

Security Report

This is a weekly digest of security news and events from around the world. Excerpts from news items are presented and web links are provided for further information.

Identity & Access Google to trial passwordfree log-ins with banks

Ransomware Cybercriminals add DDoS component to ransomware payloads

Application Security Use SAP applications? Here's how to respond to the security flaw

Top story Microsoft may ban your favorite password

Identity and access

Ransomware

Google to trial password-free log-ins with banks

Application security

Top story

Google's play at password-free apps ? Project Abacus ? is set to be trialed with several major banks next month, it emerged on Friday.

First revealed at the I/O developer conference last year, Abacus is a new system for mobile authentication which "moves the burdens of PINs and passwords from the user to the device itself," former head of Google's ATAP (Advanced Technologies and Projects) division, Regina Dugan, said at the time.

It does this by combining biometrics like facial and voice recognition with user behavior such as the times and locations you usually try to log-in. From these it deduces a Trust Score which can then be used to check if the individual trying to log-in is you.

"Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security," he added.

"This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine."

Source:

The idea is that more sensitive applications like those for online banking access will require a higher Trust Score.

Google is hoping to push out a Trust Score API to developers by the end of the year so they can start testing it and, ultimately, decide if it works well enough to replace traditional passwords or 2FA.

It has already been trialing the system with over 30 US and international universities over the past few years and will now be looking to take things forward with "several large financial institutions," according to new ATAP lead, Dan Kaufman.

If it works successfully, the benefits are obvious, as Abacus is completely passive and would not require users to remember a string of different passwords for multiple online accounts.

Richard Lack, EMEA director at identity management firm Gigya, argued the future of authentication lies with methods that don't involve passwords ? both for security and convenience.

Our perspective

Learnings from this trial will go a long way in understanding user preferences and behavior towards password-free logins. The trade-off with such an alternative biometric authentication mechanism is that users will need to share large amounts of information related to their personal traits, including biometric information, with a corporate entity. By and large, most smartphone users have become comfortable with the use of biometric authentication (fingerprint scanning) to unlock their phones; however, a password-free login for a public website is very different matter.

Identity and access

Ransomware

Cybercriminals add DDoS component to ransomware payloads

Application security

Top story

Instead of just encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs, according to KnowBe4.

This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one (and two ways cybercriminals can make money off victims).

"Adding DDoS capabilities to ransomware is one of those `evil genius' ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years," said KnowBe4's CEO Stu Sjouwerman.

Analyzing Cerber ransomware

Discovered by Invincea, who noted in a blog post: "The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive."

The attackers use Visual Basic to launch a file-less attack, and most antivirus and next-gen antivirus vendors are completely blind to file-less attack methods. Consequently, they are unable to see this until it has been dropped on the disk. At that point scanners can find it, and many do, but often that's too late.

Sjouwerman advised, "The sample Invincea analyzed is being detected by 37 out of the 57 antivirus engines on VirusTotal, but the next sample will be invisible for a few days so do not count on your endpoint anti-malware layer 100%, as that will provide a false sense of security. The attachment relies on social engineering the employee to activate the Macro feature in Office, which then executes a malicious VBScript that downloads and runs the malware."

The ransomware is executed first, which encrypts the user's data and then blocks their access to the computer by locking the screen. After this sequence, a second binary called 3311.tmp is launched into execution and starts sending a large amount of network traffic out of the infected computer.

Source: 2016/05/24/cerber-ransomware-ddos/

Our perspective

Ransomware-based attacks are often very targeted in nature and are becoming very popular. Regular user awareness sessions as well as an active defense strategy to detect and prevent malware infections are highly recommended.

Identity and access

Ransomware

Use SAP applications? Here's how to respond to the security flaw

Application security

Top story

Cybercriminals are targeting SAP business applications by using a security defect that the global enterprise application company patched in 2010, according to the US Computer Emergency Readiness Team (US-CERT). The news should serve as a wake-up call for businesses that have been slack in updating their SAP software.

That's because the vulnerability can enable cybercriminals to remotely control business operations and processes--and access other applications and data from within the SAP environment. US-CERT said at least 36 organizations worldwide have been affected by the SAP defect since 2013.

Given the massive trove of critical data stored on SAP applications--the company says its customers comprise 87% of the Forbes Global 2000 Companies--the financial impact of data loss is potentially enormous. What's more, attackers could use the vulnerability to shut down essential business and manufacturing services, possibly incurring a world of financial, operational and reputational damages.

Click here for a full discussion on the SAP defect.

Separate, but insecure, systems

So why do businesses remain vulnerable to a flaw that was patched years ago? In a word, complexity. The intricate demands of SAP applications mean that security is typically managed by application specialists rather than enterprise security teams. As a result, SAP security maintenance is siloed and the enterprise cybersecurity team often lacks visibility into the SAP environment.

Complicating matters is the fact that administrators typically manage SAP software as an internal system and tend to focus on application-specific controls. In doing so, they may fail to properly implement processes and technologies to help guard against external Internet-facing attacks that the vulnerability makes possible.

Identity and access

Ransomware

Application security

Top story

Patching, in particular, is a significant challenge. SAP applications often comprise a complex network of interconnected applications and it may be difficult to determine what patches are critical and what additional configurations will be required.

Take action to protect your business

While no specific breach has yet been linked to the defect, it ultimately may be more instructive than destructive. How so? The vulnerability provides a timely opportunity for businesses to start a discussion about integrating SAP security with enterprise cybersecurity practices.

Doing so will require a risk-based approach that is aligned with overall cybersecurity strategy, processes and people skills. Also necessary will be a full quantification of the potential operational impact and financial costs of these risks.

For most businesses, checking for exposure to the SAP vulnerability likely will be a relatively straightforward undertaking. (Here's how.) Determining whether your business has been hacked as a result of the defect, however, will require cybersecurity expertise and advanced threat-detection and incident-response capabilities. That can be a complex initiative, so now is a good time to start a discussion about SAP security with your executive and cybersecurity teams.

Source: m=email&utm_campaign=Feed%3A+pwccy bersecurityblog+%28PwC%27s+Cybersecuri ty+Blog%29

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download