FOUR CISO SKILLS NEEDED FOR SURVIVAL

FUJITSU Laboratories Ltd. today announced that it has developed an AI technology that automatically determines whether action needs to be taken in response to a cyberattack.

When a business network has been hit with a cyberattack, various security appliances detect the attack on the network's servers and devices. Conventionally, an expert in cyberattack analysis then manually investigates and checks the degree of threat, to determine whether action is needed to minimize damage.

To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has now developed a technology that identifies and extracts attack logs, which show the behavior of a cyberattack, from huge amounts of operations logs. It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This generates a sufficient amount of training data.

In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts' conclusions regarding the need for action, and they did not miss any attack cases that required a response. The time necessary to reach a conclusion was also shortened from several hours to several minutes.

By using these technologies, countermeasures can quickly be put in place for cyberattacks that have been determined to require action, contributing to business continuity and the prevention of loss.

Development Background

In recent years, the number of cyberattacks against business networks continues to increase. With targeted attacks(1), which is a type of cyberattack, the attacker uses clever techniques to embed malware(2) that can be controlled remotely in an organization, and then remotely controls devices infected with malware to conduct intelligence activities. In defense, when a company discovers suspicious activities with such monitoring equipment as a security appliance, a security expert manually investigates the attack, and takes time to evaluate danger and risk, then determines the necessity to respond.

The decision to respond needs to be made carefully as the responses themselves may have consequences. For example, attacked business devices may need to be isolated, and the network reconstructed, resulting in operation stoppages that impact businesses.

According to statistics from Japan's Ministry of Economy, Trade and Industry(3), by 2020 there will be a shortage of 193,000 security professionals in Japan. That being said, AI-based automation is expected to rapidly determine the necessity to respond to attack cases, making decisions on the same level as an expert who has advanced knowledge and insight on attacks.

Issues

In order to develop an AI-based model to make determinations, the following issues regarding training on attack information needed to be addressed:

1.  The operations logs for normally functioning servers, devices, and network equipment coexist with the attack operations logs, and both logs are accumulated in great abundance. To conduct proper learning with AI, it is necessary to identify the traces of targeted attacks from the large number of logs. However, distinguishing between logs is difficult because intelligence activities via targeted attacks utilize OS commands and other methods.

2.  It is extremely difficult to extract attack operations logs from the huge amounts of existing logs, while securing them in large quantities as training data. For AI technologies, it is possible to increase the small amounts of training data through procedures and conversions such as noise processing; however, such simple processing of the training data of targeted attacks can cause the attack characteristics to be lost, making data expansion difficult.

About the Newly Developed Technology

Fujitsu Laboratories has developed technologies to secure sufficient amounts of training data related to targeted attacks required for the creation of highly accurate, AI determination models. Features of the developed technologies are outlined below:

1. Training data extraction technology

Based on the know-how Fujitsu has accumulated in its security-related business and research, as well as from about seven years' worth of actual attack analysis data, Fujitsu Laboratories has built a database of attack patterns that includes commands and parameters linked to intelligence activities of targeted attacks. By using this database, users can accurately identify and extract a series of intelligence activities from the vast amounts of logs.

2. Training data expansion technology

This technology generates simulations of new intelligence gathering activities-a type of targeted attack-without losing attack characteristics. The technology calculates attack levels and identifies the important commands of intelligence activities in the extracted targeted attack, then converts the parameters within the range existing in the attack pattern database. As a result, it becomes possible to expand the training data fourfold.

Effects

Fujitsu Laboratories combined the newly developed technologies with its own Deep Tensor AI technology, and ran evaluative testing on the determination model that had been trained on the new training data. Run in a simulation using about four months of data-12,000 items-the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity. 

Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform(4) which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyberattacks targeting companies. 

The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness.

With these AI technologies, determinations of the necessity of action, which until now have taken an expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes. 

Furthermore, by combining these technologies with Fujitsu Laboratories' high-speed forensic technology, which rapidly analyzes the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can be automated, enabling immediate responses to cyberattacks and minimizing damage.

Future Plans

Fujitsu aims to make use of these technologies within its Managed Security Services, as a response platform for cyberattacks.

Symantec Corp., the world’s leading cyber security company, today announced a new Managed Endpoint Detection and Response (MEDR) service and enhanced EDR 4.0 technology. These advancements improve attack discovery and incident response using AI-driven analytics and automation to quickly discover and stop sophisticated cyber attacks. 

Enterprise IT and Security Ops teams are increasingly challenged to investigate and respond to advanced and emerging threats with available resources and staff. Symantec’s MEDR service harnesses the power of EDR 4.0 to improve incident response, threat hunting and forensics, fortifying teams with investigation expertise and threat intelligence from a world-class team of Symantec SOC analysts.

Symantec MEDR detects stealthy attacks and expertly examines suspicious activity for faster incident validation and response. A powerful combination of Symantec EDR 4.0, the SOC technology platform, and the Global Intelligence Network, allows Symantec analysts to provide 24x7 expertise. Managed threat hunting, remote investigations, and endpoint containment enable security teams around the world to stay ahead of threats. Features include:

· Industry- and region-specific analysts provide 24x7 coverage across six global SOCs.

· Managed threat hunting provides detection for zero-day and unknown threats.

· Industry best practices including MITRE ATT&CK framework help to quickly identify critical indicators of attack.

· Rapid containment of compromised endpoints using pre-authorized measures.

· Custom and emerging threat reports, business reviews, and 24x7 coverage.

“Many customers simply can’t find enough cyber security experts to meet demand. Our MEDR service provides access to Symantec’s elite SOC analysts and advanced machine learning techniques to reduce the burden on staff and shrink the time it takes to investigate incidents,” said Art Gilliland, EVP and GM Enterprise Products, Symantec. “For organizations with robust security response teams, EDR 4.0 is now available on any device, anywhere, before or after an attack occurs to provide comprehensive detection and response.”

Symantec’s EDR 4.0 continuously updates AI-driven detection engines using threat research from Symantec’s elite team of researchers and global telemetry from 175 million endpoints to train analytics to detect new attack patterns. EDR 4.0 is now available on any device, anywhere, before or after an attack. New features include: 

· Advanced attack detections to help thwart “living off the land” file-less attacks.

· Automated playbooks to quickly initiate investigations.

· MITRE ATT&CK framework enrichment to expose gaps in the attack lifecycle.

· Advanced pre- and post-breach comprehensive EDR tools.

· Flexible deployment options for Symantec Endpoint Protection (SEP) and non-SEP endpoints for macOS, Linux and Windows.

“Many organizations are struggling with threat detection and incident response because of both the volume and sophistication of attacks, and an expanding attack surface. They also face many challenges including the volume of alerts and a continued reliance on manual processes,” said ESG senior principal analyst Jon Oltsik. “With a critical shortage of skilled investigators available, security teams need smart tools and services that can help them deal with the scale and speed of the modern threat environment, making it easier to identify and fix impacted endpoints. To improve IR processes, cybersecurity professionals must eschew legacy approaches and embrace the right tools and services.”

Symantec MEDR and EDR 4.0 are available now. For more information, please visit: 

· MEDR: https://www.symantec.com/services/cyber-security-services/managed-endpoint-detection-and-response-service 

THE dangerous but true reality of the world is that there are growing cyberthreats that are faced by consumers and organizations that are exacerbated by the increasingly connected world. 

This according to  a Trend Micro report, Mapping the Future: Dealing with Pervasive and Persistent Threats, highlights The report warns that attackers will increase in the effectiveness of proven attack methods, by adding more sophisticated elements to take advantage of the changing technology landscape.

“Cybercriminals will continue to follow a winning formula – exploit existing flaws, social engineering and stolen credentials – to drive profits,” said Ian Felipe, Country Manager for Trend Micro Philippines. “As both corporate attacks surface and unknown cyber threats increase, it’s more important than ever for organizations to put more resources behind cybersecurity education to help protect against these growing attacks.”

 E-Celeb Accounts Will Be Abused In Watering Hole Attacks

The role of social engineering in successful attacks against businesses and individuals is predicted to increase throughout the year. It is expected that cybercriminals will compromise famous YouTubers and other “online-famous” personalities’ social media accounts, including Instagram and Twitter, by taking over their accounts via targeted phishing attacks. These will shine a light on account security in mainstream media, but not before millions of users following these accounts have been affected by whatever payload the attackers have in store for them. 

Filipinos spend an average of 3 hours and 57 minutes a day on social media sites. Among their activities are following celebrities and reading their updates on Facebook, Twitter, and Instagram. 

Sextortion Cases Will Rise

Sextortion, or the process forcibly demanding money or sexual favors by threatening to publish a victim’s recorded sexual activity, is a growing epidemic in the Philippines, with the country being seen as one of the crime’s biggest breeding ground.  Even if there is no guarantee that a blackmailer will come through, the highly personal nature of this kind of attacks will make the victim seriously consider fulfilling the attacker’s demands, whether that means money or sexual favors. As sextortion, in particular, becomes more widespread, this kind of attacks will affect, and perhaps even claim, more lives in 2019.

Fake News Will Continue To Proliferate

The 2018 Pulse Asia Research shares that 9 out of 10 Filipinos who surf the internet to access their social media accounts are aware of fake news. Despite this awareness, the side of technology that allows fake news propagators to sway public sentiment and present itself as legitimate news has become even more powerful, which leads to governments expressing interest in regulating social media platforms. House Bill 5021 in particular, or the proposed Social Media Regulation Act of 2017, aims for social media accounts to be subjected to utmost identity verification to confirm authenticity. Trend Micro believes that this year, the improvements social media has made to fight fake news will not be enough to keep up with the deluge of cyberpropaganda. This proves to be alarming as the same survey showed that half of Filipinos who use the internet for social media have changed their views on government and politics based on what they see online.

More Cloud-Related Software Vulnerabilities Will Be Discovered

Trend Micro also predicts attackers will leverage on proven technological methods against the growing cloud adoption. According to Cloud Readiness Index 2018, the Philippines is among the countries lagging behind in cloud infrastructure and yet to mature in terms of cloud adoption. It is generally perceived that transitioning to the cloud makes users more prone to security breaches and attacks. Vulnerabilities found in cloud infrastructure, such as containers, and weak cloud security measures will allow greater exploitation of accounts for cryptocurrency mining, leading to more damaging breaches due to misconfigured systems.

Highly Targeted Attacks Will Begin Using AI-Powered Techniques

Attackers will also implement emerging technologies like artificial intelligence (AI) to better anticipate movements of top-level executives. They can use AI to determine when and where corporate executives are expected to be in the future, such as the hotels their companies typically book them in, the restaurants they pick for meetings, and other preferences that can help narrow down their next likely locations. This will lead to more convincing targeted phishing messages, which can be critical to BEC attacks. Additionally, it is likely that BEC attacks will target more employees who report to C-level executives, resulting in continued global losses.

The threat landscape promises a lot of challenges for almost all sectors of the internet-using public in 2019 even as faster internet, for better or worse, looms on the horizon. But the available tools and technologies should empower users and enterprises into positioning themselves more securely in the fight against cybercriminals and other emerging threat actors. A deep understanding of these issues is a step in the right direction.

HEALTHCARE continues to be a prime target for cybercriminals
Healthcare networks are rich with exploitable resources. Unlike retail, for example, healthcare databases not only include the financial information of their patients, but their entire personal and medical histories, often collected over years. In addition, many hospitals and medical centers serve as networking hubs for a significant number of clinics, satellite offices, and individual practices, which means that a successfully compromised network can be mined for data for a long time.

And because these networks are often so large, they are constantly in flux, making imposing consistent security extremely difficult. Providing healthcare today depends on sharing critical information – both medical and financial – across a wide variety of healthcare providers and devices. Rolling data collection and input systems, access points, and medical IoT (MIoT) are only part of the potential attack surface. As with other industries, doctors, nurses, administrators, patients, and guests all tend to blend their personal and professional lives onto a single mobile device, creating new avenues for attacking a network.

Malware detection is up 62%
This is part of the reason why exploits designed to target the data and systems of individuals and organizations are at an all-time high, with the number of unique variants showing double-digit growth. While many attacks are comprised of the minimal amount of change that allows them to avoid detection by traditional security devices, many of them are also more advanced than ever.

According to the recent Fortinet Threat Landscape Report for Q3 of 2018, the number of new malware variants based on existing exploits grew 43% last quarter. And the volume of directed attacks grew over that same time period, causing the number of unique daily malware detections per organization to rise by 62%. Because cybercriminals continue to evolve threats by creating unique malware variants and families, the ongoing importance of leveraging threat intelligence and keeping assessment tools updated has never been stronger.

Four threat trends healthcare security teams need to follow

Here are four trends we have seen over the third quarter of 2018 that healthcare security teams need to be paying special attention to:

1) Mobile devices are a growing threat vector. Exploits targeting mobile devices are a growing threat that must be addressed. Over one-quarter of organizations experienced a mobile malware attack in Q3, with the vast majority targeting the Android operating system. Compromising mobile devices allows attackers to not only steal data stored on that device, but intercept the flow of data moving between the user and the healthcare database and other connected resources. And increasingly, they can become a gateway through which the larger healthcare network can be exploited. In fact, of all the threats organizations faced last quarter from all attack vectors, 14% were Android related. By comparison, only .000311% of threats were targeted to Apple iOS.

2) Cryptojacking has become a gateway for other attacks. In many industries, cryptojacking has leapfrogged ransomware as the malware of choice. While ransomware continues to be a serious concern for healthcare networks for a variety of reasons, the number of unique cryptojacking signatures nearly doubled in the past year, while the number of platforms now being compromised by cryptojacking jumped 38%. Perpetrators include advanced attackers using customized malware, as well as “as-a-service” options available on the dark web for novice criminals. Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, a growing number of new attack techniques include disabling security functions on devices, enabling cryptojacking to become a gateway for additional attacks. As a result, underestimating the repercussions of cryptojacking places an organization under heightened risk.

3) Botnets are getting smarter. The number of days that a botnet infection was able to persist inside an organization increased 34% during Q3, rising from 7.6 to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, protecting devices such as MIoT that can’t be directly hardened, and thoroughly scrubbing a network after an attack has been detected. The importance of consistent security hygiene remains vital to addressing the total scope of these attacks as many botnets can go dormant upon detection, only to return after normal business operations have resumed if the root cause or “patient zero” has not been rooted out.

4) Encrypted Traffic Reaches a New Threshold. Encrypted traffic now represents over 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data in motion as it moves between a central physical or cloud-based network and clinics, practices, and mobile healthcare professionals, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of most legacy security solutions continue to limit the ability of organizations to inspect encrypted data at network speeds. And so, rather than slowing down critical medical activities, a growing percentage of this traffic is not being analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.

Addressing the Challenge
The challenge facing many healthcare organizations is that transformation efforts have spread their security resources thin, restricted visibility and fragmented the controls of many organizations. To successfully address today’s challenges, healthcare security teams need to rethink their strategy, from implementing effective security hygiene measure, to implementing an integrated security fabric architecture that can seamlessly span the entire expanding attack surface for unified visibility and the ability to orchestrate controls from a single console.

Additional strategies include:

1. Countering today’s advanced threats. Digital transformation requires an equivalent security transformation. This includes a shift from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, and threat-intelligence is centrally collected and correlated.
2. Implementing automation. As the speed of threats rapidly increases, the time windows for prevention, detection, and remediation continue to shrink. Rapid response times are crucial, which makes the implementation of automation essential. Organizations require a security platform where each element is designed communicate with the others in real time.
3. Tracking devices. One essential approach to combatting things like cryptojacking involves maintaining a comprehensive inventory of devices (especially MIoT devices) using third-generation network access controls and baselining their behavior. With this information in hand, you’re able to monitor for aberrant behavior that may reflect cryptojacking and other malicious activity.
4. Addressing the threat of mobile device. More than seven in 10 clinicians in a recent survey say their hospitals support some sort of BYOD strategy. But even in hospitals and clinics where BYOD is prohibited, 65 percent of doctors and 41percent of nurses report that they still use their personal devices on the hospital network. Security leaders need to ensure they have the appropriate controls in place to protect themselves against compromised mobile devices. This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls, combined with automated threat-intelligence sharing. Network access control solutions can also help establish broad device visibility combined with more granular network control.

KASPERSKY Lab experts have identified an overlap in cyberattacks between two infamous threat actors, GreyEnergy – which is believed to be a successor of BlackEnergy – and the Sofacy cyberespionage group. Both actors used the same servers at the same time, with, however, a different purpose.

BlackEnergy and Sofacy hacking groups are considered to be two of the major actors in the modern cyberthreat landscape. In the past, their activities often led to devastating national level consequences. BlackEnergy inflicted one of the most notorious cyberattacks in history with their actions against Ukrainian energy facilities in 2015, which led to power outages. 

Meanwhile, Sofacy group caused havoc with multiple attacks against US and European governmental organisations, along with national security and intelligence agencies. It had previously been suspected that there was a connection between the two groups, but has not been proven  until now, after GreyEnergy – BlackEnergy’s successor – was found to be using malware to attack industrial and critical infrastructure targets mainly in Ukraine, and demonstrated some strong architectural similarities with BlackEnergy.

Kaspersky Lab’s ICS CERT department, responsible for industrial systems threats research and elimination, found two servers hosted in Ukraine and Sweden, which were used by both threat actors at the same time in June 2018. GreyEnergy group used servers in their phishing campaign to store a malicious file. This file was downloaded by users as they opened a text document attached to a phishing e-mail. At the same time, Sofacy used the server as a command and control centre for their own malware. As both groups used the servers for a relatively short time, such a coincidence suggests a shared infrastructure. 

This was confirmed by the fact that both threat actors were observed to target one company a week after each other with spear phishing emails. What’s more, both groups used similar phishing documents under the guise of e-mails from the Ministry of Energy of the Republic of Kazakhstan.

“The compromised infrastructure found to be shared by these two threat actors potentially points to the fact that the pair not only have the Russian language in common, but that they also cooperate with each other. It also provides an idea of their joint capabilities and creates better picture of their plausible goals and potential targets," Maria Garnaeva, Security Researcher at Kaspersky Lab ICS CERT explains.

To protect businesses from attacks from such groups, Kaspersky Lab suggests customers to:

• Provide dedicated cybersecurity training for employees, educate them to always check the link address and the sender’s email before clicking anything.
• Introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks. 
• Automate operating systems, application software and security solutions updates on systems that are part of the IT, as well as enterprise’s industrial, network.
• Deploy a dedicated protection solution, empowered with behavioural-based anti-phishing technologies, as well as anti-targeted attack technologies and threat intelligence, such as the Kaspersky Threat Management and Defense solution. These are capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

Every company’s IT infrastructure is uniquely complex. As such, businesses require IT security providers with specialized cybersecurity solutions and services that address specific needs – from hybrid cloud security, to defense from targeted attacks and industrial network protection. 

To help them meet these expectations, Kaspersky Lab has launched a new global partner program ‘Kaspersky United’. This program enables Kaspersky Lab partners — including resellers, service providers, and system integrators — to focus on selling the Kaspersky Lab services and products that match their own specializations. They will also receive access to education, sales and marketing toolkits and benefit from a new transparent monetary rewards scheme.

According to a Kaspersky Lab survey, when it comes to cybersecurity, the complexity of IT infrastructure is the factor that’s putting the most pressure on CISOs.  Complexity widens the attack surface – it makes the protection of every aspect of infrastructure even more difficult, as it requires specific cybersecurity measures. As a result, cybersecurity providers may need to develop in-depth expertise in certain domains to offer customers specialized IT security solutions and services.

“The channel is being transformed to meet customers’ expectations, with new service offerings and business models emerging," Ivan Bulaev, Head of Global Corporate Channel, at Kaspersky Lab, comments. 

Through the Kaspersky United program, partners can maintain and monetize their specializations across different status levels (Registered, Silver, Gold and Platinum) in one or several domains: by solution (hybrid cloud security, threat management and defense, or fraud prevention), or by services, such as managed service provider, managed detection and response provider, or authorized training center. 

Certification in different skills or techniques can also help partners drive sales, by demonstrating to customers that they are experts in their particular areas of need.

"For example, system integrators have established security operation centers in their data centers, and offer them as a service. We are also seeing companies specialize in niche areas, delivering very specific expertise in SaaS form, such as threat intelligence platforms. We also see more and more small and medium customers moving to an IT outsourcing model and MSP business growth following this pattern," Bulaev adds. 

Within the program, partners will also get comprehensive support and privileges from Kaspersky Lab, including:

·      Compelling monetary rewards including significant upfront discounts, rebates on target achievement, proposal-based marketing development funds

·       Specialist partner rebates of up to 20%

·       Priority presales and implementation support

·       Marketing and sales toolkits

·       Education materials, online and offline training sessions and workshops

"To help the channel work effectively, as a vendor, we need to take these trends into account and create conditions in which each of our partners will find opportunities to develop and provide customers with the best solutions and services. That’s what we want to support through Kaspersky United," Bulaev said.

The next phase of the program will see Kaspersky Lab update the partner portal, where a variety of valuable information can be found, such as whitepapers, webinars, competitive comparisons, and certifications. New partners will gain access to specially designed Partner Onboarding training, and assets to ensure newcomers have all they need to start selling and earning more quickly.

“The new Kaspersky Partner Program is a very innovative tool for a Partner thanks to the structure of specializations, the commercial technical skills recognized as an important differentiator on the market and the constant support that the vendor guarantees. For us at Alfa Group, a Kaspersky Platinum Partner for several years, the new channel program is testimony to Kaspersky Lab’s continued investment in its partner community by recognizing even more quality, expertise and joint business opportunities.” — commented Fabrizio Mancini, Sales Director, ALFA SYSTEM S.P.A.  

CYBERCRIMINALS will operate in new ways, using the same powerful technologies as the good guys but will still find the old ways of penetrating protected systems as the best entry points. This is the main prediction at the Palo Alto Networks Inc. cybersecurity forecast held recently.
 

Palo Alto Networks security experts Kevin O’ Leary, Field Chief Security Officer and Oscar Visaya, Country Manager for the Philippines took turns in explaining how the cybersecurity landscape will change drastically, but the channels by which breaches willl happen will remain the same.

“These predictions come from identifying really, the weakest links and finding a way to make these strong. You will notice that in the course of our discussions the intrusion points are the usual suspects. The challenge is in how stop cybercriminals as they craft their way around known protection systems—will there be the difference between an attack and and defense,” Visaya explained.

In the US over 5,000 major attacks on enterprises resulted in losses of upwards of $109B in terms of time and or data lost or stolen. The way that cybercriminals operate did not really change according to Visaya, it is how the structures of cyberprotection needs to keep up.

This should be done, according through a network security platform that is built on automation. This platform must prevent successful cyberattacks, focus on automating tasks, which means reducing human intervention as much as possible, and consume innovations fast, that means be up-to-date on what the cybercrime community is doing and developing solutions a step ahead. 

For his part O’ Leary quickly discussed Palo Alto predictions for 2019.

Prediction No. 1: Business emails will come with nasty surprises. Since businesses are cybercriminals’ favorite targets, over $12B worldwide has been stolen over the past five years due to business email compromise. As the theft of passwords and login details becomes increasingly common in enterprise environments, attackers have grown more confident and motivated, targeting small and large organizations by masquerading as partners or internal stakeholders – a pattern that will continue to plague businesses if they fail to adapt. 

The solution says O’ Leary is for businesses to assess their internal flow of information as well as implement more comprehensive checks and approval processes, especially with regard to the movement of resources. 

“As we have seen, passwords remain amongst the weakest links in computer security – easy to steal, difficult to secure and offering little proof of a user’s identity. In response to this, 2019 will see measures such as two-factor or multi-factor authentication and biometrics become increasingly commonplace,” O’ Leary said.

Prediction No. 2: the weak link is the supply chain. Since the digital age has helped break down barriers to create an interconnected, global supply chain, making it very easy for businesses to tap suppliers and outsourced services from around the globe. 

Pinpointing and avoiding cybersecurity risks will soon be nearly impossible as the global supply chain becomes increasingly complex. 

“Perhaps it is time for organizations in other sectors to start asking, ‘Do we know who or which individuals, organizations and other third parties have been connecting to our networks? Do you know which systems and services your organisation is dependent on?” O’ Leary asked.

As a solution, Chief Security Officers will need to look carefully at traffic within the network to ensure sensitive information is kept separate and secure, away from external devices and systems. As multiple unsecured devices connect to corporate networks, the internet of things, or IoT, can quickly become an ‘internet of cyberthreats’. 

A strong solution is to apply a Zero Trust mode to inspect and verify all traffic by placing them in a zone which only allows approved users and apps to communicate with them. In 2019, an unsecured connected device could serve as a gateway for attackers as easily as any computer or smartphone.

Prediction No. 3: Data protection legislation. As Asia-Pacific countries pledge greater cooperation with cybersecurity initiatives, the move towards formalising data protection frameworks seem inevitable. Countries like Australia and Singapore have taken the first plunge, and others in the region will soon follow as they wake up to the urgency of national security and data protection for their citizens. 

In the Philippines, for example, the country has made strides for prioritizing cybersecurity with the new 2012 law: the Data Privacy Act. In addition, the Philippines recently won a seat in the International Conference of Data Protection and Privacy Commissioners (ICDPPC) after being members of the global privacy body for two years. 

Prediction No. 4: Cloudy skies ahead. This app-powered era is thriving partly because of Cloud computing, which has become a go-to resource for businesses looking to deliver new products and services without bearing hefty initial investments in compute resources.  Implementing a Cloud computing strategy often means that mission-critical data and systems will sit with third parties. These assets will need to be securely stored and transmitted, and only accessible to authorised personnel is of utmost importance. The security of the Cloud is not the sole responsibility of the Cloud service provider; but is shared with enterprises that also must grapple with the security of data, applications, operating systems, network configurations and more. 

“To succeed, enterprises must ultimately have the processes, technology and – most importantly – people in place to keep systems adequately secured. It is critical to remember that legacy security systems, made up of various point products, have proven inadequate to prevent the rising volume and sophistication of cyberattacks. Too many security tools depend heavily on manual intervention, which can’t enact new protections quickly enough to have a meaningful impact on ongoing, targeted attacks. Reducing cyber risk requires having integrated, automated and effective controls in place to detect as well as prevent threats, known and unknown, at every stage of the attack lifecycle,” O’ Leary points out.

Prediction No. 5: why critical infrastructure is so critical. More than just a catchall term to describe public infrastructure and resources, the definition of critical infrastructure (CI) today has evolved to encompass other essential sectors, such as banking and financial services, telecommunications and the media. As CI goes digital and automated, cross-pollination between corporate and industrial networks has made them easier targets for cybercriminals. This is especially dangerous as industry systems such as supervisory control and data acquisition (SCADA) and industrial control systems (ICS), which are critical to the energy, water and public transport sectors, often rely on legacy and unpatchable systems.

Data from the Kaspersky Security Network (KSN) revealed that over three-in-10 (33.3%) users in the Philippines were attacked by Internet-borne threats from July to September.  Kaspersky Lab products have detected a total of 8,133,815 malware incidents on the computers of KSN participants in the country.

This places the Philippines as the 10th most attacked country worldwide in terms of online infections for the third quarter of 2018.

"While the latest threat statistics in the Philippines are relatively lower than last quarter at 10.6 million, eight million is still alarmingly a huge leap from last year's numbers. In fact, we discovered just nearly two million online threats during the third quarter of 2017," says Yeo Siang Tiong, General Manager at Kaspersky Lab Southeast Asia. 

"In the same period last year, the Philippines ranked only 35th most attacked worldwide in terms of web threats.. The young and globally known Internet savvy Filipinos are fast becoming a prime target for the money hungry cybercriminals. It’s high time that they get their defenses up."

Kaspersky Lab also discovered that online infections last quarter were detected on:

• 28.30% home users of Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, and Kaspersky Free Anti-virus
• 9.08% business users of Kaspersky Enterprise Security

The main sources of these attacks were the United States (65.60%) followed by the Netherlands (12.31%), France (4.93%), the Philippines (3.95%), and Portugal (2.44%).

Web-based threats – or online threats – are malware programs that can target someone while using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers.

Web threats include drive-by download that refers to the unintentional download of malicious code to one's computer or mobile device leaving it open to a cyberattack. A drive-by download can take advantage of an app, operating system, or web browser that contains security flaws due to unsuccessful updates or lack of updates.

This infection can also be done through social engineering which involves tricking the human mind to download a legitimate-looking but infected program on a computer.

Internet-borne malware have been used to steal money and confidential data as well as to serve as launch pads for bigger attacks against large companies worldwide.

“These types of attacks can be avoided with a lot of common sense and vigilance. The lack of cyber-hygiene habits plays a very significant role in cybercriminals' success. Filipinos need to be cautious with the sites they visit, files they share, apps they download, and the information they divulge online through social media platforms. Add-on a solution that holistically detects and blocks malware, and you will surely give these cybercriminals a hard time stealing your data and your money,” adds Yeo.

Similar to the global trend in web threats, most of the infections monitored against Philippine-based Internet users were malicious cryptominers. 

Malicious cryptocurrency mining differs from legitimate mining only in that in the former, malefactors are using hardware that does not belong to them --- they either infect computers or lure victims on mining websites. 

The top five most attacked countries during Q3 2018 include Algeria (45%), Venezuela (40.7%), Belarus (40.5%), Albania (39.0%), and Moldova (37.9%). 

About Kaspersky Security Network

Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to processing cybersecurity-related data streams from millions of voluntary participants around the world.  The statistics in this report are based on completely anonymous data obtained from Kaspersky Lab products installed on users' computers in the Philippines. This technology assists Kaspersky Lab in the swift detection of new malware, identification of its source, and blocking of its launch on users' computers. It generates reports for countries with more than 10,000 Kaspersky users.

24 May 2018

In the first quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented more than 3.6 million attempts to visit fraudulent social network pages, of which 60% were fake Facebook pages. The results, according to Kaspersky Lab’s report, ‘Spam and phishing in Q1 2018’, demonstrate that cybercriminals are still doing what they can to get their hands on personal data. 

Social network phishing is a form of cybercrime that involves the theft of personal data from a victim’s social network account. The fraudster creates a copy of a social networking website (such as a fake Facebook page) and tries to lure unsuspecting victims to it, forcing them to give up their personal data – such as their name, password, credit card number, PIN code, and more – in the process.

At the beginning of the year, Facebook was the most popular social networking brand for fraudsters to abuse, and Facebook pages were frequently faked by cybercriminals to try and steal personal data via phishing attacks. 

This is part of a long-term trend: in Q1 2017, Facebook became one of the top three targets for phishing overall, at nearly 8%, followed by Microsoft Corporation (6%) and PayPal (5%). 

In Q1 2018, Facebook also led the social network phishing category, followed by VK – a Russian online social networking service - and LinkedIn. The reason for this is likely to be the worldwide 2.13 billion active monthly Facebook users, including those who log in to unknown apps using their Facebook credentials, thereby granting access to their accounts. This makes unwary Facebook users a profitable target for cybercriminal phishing attacks. 

The distribution of different types of social network phishing detected by Kaspersky Lab in Q1 2018

This all reinforces the fact that personal data is valuable in the world of information technology both for legitimate organizations and attackers. Cybercriminals are constantly searching for new methods to hit users, so it’s important to be aware of fraudster techniques to avoid becoming the next target.

For example, the latest trend is spam emails related to GDPR (Europe’s General Data Protection Regulation).  Examples include offers of paid webinars to clarify the new legislation, or invitations to install special software that will provide access to online resources to ensure compliance with the new rules.

“The continuous increase in phishing attacks --- targeting both social networks and financial organizations --- shows us that users need to pay more serious attention to their online activities. Despite the recent global scandals, people continue to click on unsafe links and allow unknown apps access to their personal data. Due to this lack of user vigilance, the data on a huge number of accounts gets lost or extorted from users. This can then lead to destructive attacks and a constant flow of money for the cybercriminals,” said Nadezhda Demidova, lead web content analyst at Kaspersky Lab.

Kaspersky Lab experts advise users to take the following measures to protect themselves from phishing:

• Always check the link address and the sender’s email before clicking anything. Even better, don’t click the link, but type it into your browser’s address line instead.
• Before clicking any link, check if the link address shown, is the same as the actual hyperlink (the real address the link will take you to). This can be checked by hovering your mouse over the link.
• Only use a secure connection, especially when you visit sensitive websites. As a minimum precaution, do not use unknown or public Wi-Fi without a password protection. For maximum protection, use VPN solutions that encrypt your traffic. And remember: if you are using an insecure connection, cybercriminals can invisibly redirect you to phishing pages.
• Check the HTTPS connection and domain name when you open a webpage. This is especially important when you are using websites which contain sensitive data – such as sites for online banking, online shops, email, social media sites etc.
• Never share your sensitive data, such as logins and passwords, bank card data etc., with a third party. Official companies will never ask for data like this via email.
• Use a reliable security solution with behavior-based anti-phishing technologies, such as Kaspersky Total Security, to detect and block spam and phishing attacks.

Other key findings in the report include:

Phishing:

• The main targets of phishing attacks have remained the same since the end of last year. They are primarily global Internet portals and the financial sector, including banks, payment services and online stores.
• About $35,000 USD was stolen through one phishing site that appeared to offer the opportunity to invest in the rumored Telegram ICO. Approximately $84,000 USD was stolen following a single phishing email mailshot related to the launch of ‘The Bee Token’ ICO.
• Financial phishing continues to account for almost half of all phishing attacks (43.9%), which is 4.4% more compared to the end of last year. Attacks against banks, e-shops, and payment systems remain the top three, demonstrating cybercriminals’ desire to access users’ money. 
• Brazil was the country with the largest share of users attacked by phishers in the first quarter of 2018 (19%). It was followed by Argentina (13%), Venezuela (13%), Albania (13%), and Bolivia (12%).

Spam:

• In the first quarter of 2018, the amount of spam peaked in January (55%). The average share of spam in the world’s email traffic was 52%, which is 4.6% lower than the average figure of the last quarter of 2017.
• Vietnam became the most popular source of spam, overtaking the U.S. and China. Others in the top 10 included India, Germany, France, Brazil, Russia, Spain, and the Islamic Republic of Iran. 
• The country most targeted by malicious mailshots was Germany. Russia came second, followed by United Kingdom, Italy, and the UAE.