Robert Herjavec Named Trailblazing Cybersecurity Executive of the Year at the 2019 Cyber Defense InfoSec Awards

Press release

March 4, 2019

Robert Herjavec, Founder & CEO of Herjavec Group, has been named the “Trailblazing Cybersecurity Executive of the Year” at the 2019 Cyber Defense InfoSec Awards.

This is a new award category for which the recipient must have demonstrated their excellence as a visionary and trailblazer over a sustained period of time. The criteria includes the following:

• A record of outstanding effectiveness at stopping breaches and choosing the right tools and technologies to continue to defeat threats. 
• The ability to inspire others - to share, promote and drive the vision of one or more market sectors of cybersecurity. 
• The ability to predict and therefore defend against new types of cyber threats.

“As one of the trailblazing cybersecurity executives, Robert Herjavec is the first market leader to drive MSSPs in the direction of Identity and Access Management (IAM) before all others. He had the vision and foresight to realize that most breaches are shifting to the cloud because of too many unmanaged cloud-based services, poor and understaffed IT management and shadow IT. For this and other leadership activities Mr. Herjavec has undertaken in the field of cybersecurity, we believe he deserves this award as the Trailblazing Cybersecurity Executive of the Year for 2019,” says Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

Robert founded Herjavec Group in 2003 and since then, his ability to interpret industry trends and understand enterprise business security demands has helped him achieve the profile of a global cybersecurity expert. Today, Herjavec Group is a global leader in cybersecurity. Robert has served as a Cybersecurity Advisor for the Government of Canada, participated in the White House Summit on Cybersecurity and is a member of the US Chamber of Commerce Task Force for Cybersecurity. His views on the threat landscape, on emerging technologies and on the need for a proactive security framework are regularly profiled across print, digital and television mediums.

Herjavec Group is also thrilled to be awarded three 2019 Cyber Defense InfoSec Awards. To view the full press release, click here.

https://www.herjavecgroup.com/robert-herjavec-trailblazing-cybersecurity-executive-2019/

Malwarebytes Q1 Cybercrime Report: Emotet and Ransomware Attacks Renew Focus on Enterprise; Trojan Detections Grow 200 Percent

Press release

SMBs Face Greatest Risk as Overall Business Detections Grow 235 Percent

Santa Clara, CA – April 25, 2019 – Malwarebytes^TM, the leading advanced endpoint protection and remediation solution, today announced the results of the Q1 2019 Cybercrime Tactics and Techniques report. The report is a culmination of data based on the Company’s unique threat analysis capabilities. Q1 showed a significant uptick in business ransomware detections (195 percent), along with continued momentum for Trojan variations by over 200 percent and a sharp decline in cryptomining.
Trusted as an authority on malware and threat analysis, Malwarebytes’ latest report shows an increasing trend of cybercriminals targeting businesses, and in particular SMBs, whose limited resources make them prime targets. This shift away from consumer targets demonstrates that cybercriminals are focusing on higher value targets with heavier stores of consumer data over individuals. This quarter, a new section on data privacy has been added to the report, detailing the habits and sentiments of consumers on their data amidst the evolving threat landscape, as well as businesses’ lax practices for protecting that data.
“Consumers might breathe a sigh of relief seeing that malware targeting them has dropped by nearly 40 percent, but that would be short-sighted,” said Adam Kujawa, director of Malwarebytes Labs. “Consumer data is more easily available in bulk from business targets, who saw a staggering 235 percent increase in detections year-over-year. Cybercriminals are using increasingly clever means of attack to get even more value from targets through the use of sophisticated Trojans, adware and ransomware.”

Highlights from the report include:

• The US leads in global threat detections at 47 percent, followed by Indonesia with nine percent and Brazil with eight percent.
• Businesses are the prime target. Overall detections of threats to businesses have steadily risen. They increased by about seven percent from the previous quarter, while consumer detections declined by nearly 40 percent. Compared to Q1 2018, business detections have skyrocketed 235 percent.
• Ransomware is back to business. Ransomware has gained rapid momentum among business targets with an increase of 195 percent in detections from Q4 2018 to Q1 2019. Compared to the same time last year, business detections of ransomware have seen an uptick of over 500 percent, due in large part to a massive attack by the Troldesh ransomware against US organizations in early Q1.
• Emotet also continues to target enterprises. Emotet has made a total shift away from consumers, reinforcing the intent of its creators to focus on enterprise targets, except for a few outlier spikes. Detections of Trojans (Emotet’s parent category) on business endpoints increased more than 200 percent since Q4, and almost 650 percent from the same time last year.
• Cryptomining against consumers is essentially extinct. Marked by the popular drive-by mining company CoinHive shutting down operations in March, consumer cryptomining dropped by 79 percent for consumers compared to the same time period last year.
• Mobile Mac devices are increasingly targeted by adware. While Mac malware saw a more than 60 percent increase from Q4 2018 to Q1 2019, adware was particularly pervasive, growing over 200 percent from the previous quarter.
• Exploit authors developed some flashy techniques. A new Flash Player zero-day was discovered in Q1 and quickly implemented into popular exploit kits, including Underminer and Fallout EK, as well as a new exploit kit called Spelevor.

The full Cybercrime Tactics and Techniques Report is available at: https://resources.malwarebytes.com/resource/cybercrime-tactics-techniques-2019-q1-report/

https://press.malwarebytes.com/2019/04/25/malwarebytes-q1-cybercrime-report-emotet-and-ransomware-attacks-renew-focus-on-enterprise-trojan-detections-grow-200-percent/

A cyber security joint analysis lab with BIT established

News

On November 21st 2018, A cyber security joint analysis lab ，named BIT-Antiy Joint Lab ，sponsored by Antiy Labs and BIT was launched at the Information Science Experimental Building of Beijing Institute of Technology (BIT for short), and a technical seminar was run at the same time.

Prof. Luo Senlin, the director of the BIT Information System and Security Countermeasure Experiment Center and the co-director of BIT-Antiy Joint Lab, hosted the seminar. Xue Zhenghui, secretary of the party committee of the School of Information and Electronics, and He Gongdao, the deputy director of Antiy Technical Committee, gave speeches at the seminar separately. Zhang Ji, dean of the School of Science and Technology；Chen He, deputy dean of the School of Information and Electronics；Wang Xiaofeng, senior R&D vice president of Antiy；Luo Yunfeng, director of Antiy public affairs department, and members of the joint lab attended the seminar.

Xue Zhenghui, secretary of the party committee of the School of Information and Electronics, said that BIT is among the first institutes to establish information confrontation major in China, and has first-class research and teaching force in network security, data mining, text security and media security. Antiy is a national-level network security emergency service support unit that leads the development of threat detection and analysis capabilities. By building a joint lab with Antiy, he hopes to integrate research and teaching with engineering technology practice, and promote the synergy of the security industry and the academia.

He Gongdao ，Antiy Vice President ，pointed out that in order to cope with the increasingly serious cyberspace security situation, Antiy continues to strengthen its threat detection engines and support platform systems, and is committed to building a tactical situational awareness platform and a series of capability-based security products. Antiy also applied deep learning techniques to automated analysis of back-end samples. BIT is in a leading position in the field of information security and artificial intelligence. By establishing a joint lab, BIT’s research and teaching talents can be emerged with Antiy’s engineering capabilities, promoting the application of artificial intelligence in network security field.

During thetechnical seminar session, researchers from both sides delivered speeches entitled "Artificial Intelligence-Based Malware Analysis" and "Machine Learning in Engineering Technology", and exchanged their views.

Antiy has long been committed to combining manual analysis with automated methods, to improve the efficiency of threat analysis. In 2001, Antiy proposed applying the industrial pipeline concept to malware sample processing, realizing automated feature extraction of binary samples. In 2004, Antiy realized automated full-sample analysis and determination, and then completed the development of the integrated analysis environment, and gradually realized dimension reduction of manual analysis and the iteration of the manual analysis experience to automated analysis. At present, Antiy conducts automated analysis of millions of new file samples every day, and performs dynamic and static analysis on each of them. Each sample is being dissected into different threat vectors, sample ?size processed daily up to more than 10TB.

As threats continue to ?evolve, Antiy recognizes that security vendors should not only accelerate their own threat capture, threat analysis and capability development, but also establish a closed-loop with adversaries in it, so as to improve the customer’s ability to detect threats, shorten the time span of threat discovery, and improve the effectiveness of security posture.

Relying on the joint lab, Antiy and BIT will promote the exploration of artificial intelligence, data mining and other cutting-edge technologies, and cooperate on scientific research, resource sharing, academic exchange, and project application, etc., forming a mode for university-enterprise cooperation, composite talent training, as well as engineering/academic achievement exporting.

Universities and enterprises are limited by their own roles and modes, and in the past, there were certain limitations in their high-level cooperation. Most of the network security research in universities lacks the support of mature engineering capabilities, some research is even repetition of the work done by network security enterprises. Moreover, most of the network security enterprises and engineers are engaged in product and support development, lacking forward looking, follow-ups and theory transforming. In their cooperation, Antiy adheres to the principle of complementary advantages, narrow-band focus, practice-oriented, and the pursuit of leading edge. As for the direction of cooperation, Antiy selects the areas that they have engineering ability and data foundation and BIT has academic accumulation in the same time. In the cooperation, they give spaces to the theoretical advantages of BIT, and the basic engineering capabilities and data advantages of Antiy providing platform resources, engineering resources and big data resources, helping BIT form high-level academic achievements with forward-looking and practical prospects, and promoting the transformation of scientific research results into effective security values.

https://www.antiy.net/p/a-cyber-security-joint-analysis-lab-with-bit-established/

New McAfee Research Reveals 61 Percent of I.T. Professionals Have Experienced a Serious Data Breach

Press release

Integration of Security Solutions and Employee Training Recognized as Top Steps to Reduce Growing Severity of Breaches

Key Findings

- Top three vectors used to exfiltrate data are database leaks, cloud applications and removable USB drives.

- Nearly three-quarters of all breaches require public disclosure, putting brand reputation at risk.  

- Eighty-one percent of IT professionals report separate policies or management consoles for cloud access security broker (CASB) and data loss prevention (DLP). 

- Intellectual property (IP) surpasses payment card data to tie personally identifiable information (PII) as top target for thieves. 

SANTA CLARA, Calif., April 29, 2019 - SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee, the device-to-cloud cybersecurity company, today released Grand Theft Data II – The Drivers and Shifting State of Data Breaches , which revealed that despite improvements in combating cybercrime and threats, IT security professionals are still struggling to fully secure their organization and protect against breaches with 61 percent claiming to have experienced a data breach at their current employer. Adding to this challenge, data breaches are becoming more serious as cybercriminals continue to target intellectual property putting the reputation of the company brand at risk and increasing financial liability.

McAfee’s study demonstrates the need for a cybersecurity strategy that includes implementing integrated security solutions combined with employee training and an overall culture of security throughout the organization to reduce future breaches.

“Threats have evolved and will continue to become even more sophisticated,” said Candace Worley, vice president and chief technical strategist at McAfee. “Organizations need to augment security measures by implementing a culture of security and emphasizing that all employees are part of an organization’s security posture, not just the IT team. To stay ahead of threats, it is critical companies provide a holistic approach to improving security process by not only utilizing an integrated security solution but also practicing good security hygiene.”

The McAfee report highlights the following:

Savvier thieves: Data is now being stolen by a wide range of methods, with no single technique dominating the industry. The top vectors used to exfiltrate data are database leaks, cloud applications and removable USB drives.
IP tied for 1 ^st : Personally identifiable information (PII) and intellectual property (IP) are now tied as the data categories with the highest potential impact to 43% of respondents. Notably, PII is of greater concern in Europe (49%), most likely due to the recent enforcement date of the General Data Protection Regulation (GDPR). In Asia-Pacific countries, intellectual property theft is of greater concern (51%) than PII.
Blame game: IT is looked at as the culprit with 52 percent of respondents claiming IT is at fault for creating the most data leakage events. Business operations (29 percent) follows as the next most likely to be involved. Highly regulated internal groups including finance (12 percent) and legal (6 percent) were the most secure.
The great divide: Security technology continues to operate in isolation, with 81 percent reporting separate policies or management consoles for cloud access security broker (CASB) and data loss prevention (DLP), resulting in delayed detection and remediation actions.
Taking responsibility: There is a rift in regard to accountability – 55 percent of IT professionals believe that c-level executives should lose their job if a breach is serious enough, yet 61 percent also state that the c-level executives they work with expect more lenient security policies for themselves. Future proofing: IT professionals are taking action, with almost two-thirds stating they have purchased additional DLP, CASB and endpoint detection solutions over the last 12 months.

Respondents believe that between 65 and 80 percent of breaches experienced would have likely been prevented if one or more of these systems had been installed.

The stakes are higher as multiple attack methods are now used in a breach as cybercriminals continue to target personal data and intellectual property. Furthermore, IT security teams are increasingly concerned about external threat actors compromising their network, which has forced more organizations to publicly disclose when breaches occur. The severity of publicly disclosing breaches results not only in financial repercussions but damage to brand and reputation as well.

https://www.mcafee.com/enterprise/en-us/about/newsroom/press-releases/press-release.html

McAfee

La McAfee LLC è un a società che si occupa di sicurezza informatica, fondata nel 1987 con il nome di McAfee Associates da John McAfee che la diresse fino al 1994, quando decise di lasciare la compagnia.

Nel 1992 la compagnia fu incorporata nello stato del Delaware. 

Dopo la fusione con Network General cambiò nome per poi tornare ad essere McAfee nel 2004.

La società come la vediamo oggi è il risultato di numerose acquisizioni avvenute nel corso di circa vent’anni. In tempi recenti l’azienda è stata acquistata dalla Intel e nel 2014 cambiò nome per poi tornare ad essere indipendente nel 2017.

L’antivirus creato da McAfee è uno dei primissimi antivirus entrati nel mercato, tuttavia la compagnia non è solo produttrice dell’omonimo antivirus ma anche di una vasta gamma di prodotti legati alla sicurezza informatica e consultazione per aziende.

Al giorno d’oggi la compagna con base in California a Santa Clara, è guidata da Chris Young, ex di Cisco, RSA e AOL.

McAfee è tutt'oggi una delle più grandi al mondo nel suo campo, con quasi 8000 dipendenti e un ricavo di $2.4 miliardi annui, sotto la guida di Young la compagnia negli ultimi 5 anni è cresciuta notevolmente, non solo nel business legato al campo degli antivirus ma anche nel campo dei servizi cloud, deep learning e analytics.

La società, pur non essendo più correlata in alcun modo al suo fondatore, ne conserva il nome, suo malgrado. Dopo aver cambiato nome, nel 2014, John McAfee di disse felice del fatto, in quanto il suo nome non era più collegato in alcun modo al “peggior software del mondo” a detta sua. Tuttavia la società riprese il nome McAfee qualche tempo dopo.

John McAfee, 73 anni, nato in Inghilterra da padre Americano e madre Inglese e cresciuto a Salem in Virginia. A 15 anni di età, il padre, alcolista, si suicidò. John conseguì la sua laurea in matematica nel 1967.

Prima di fondare la McAfee Associates lavorò per varie società tra cui NASA e Lockheed e proprio durante il suo impiego alla Lockheed cominciò il suo lavoro nel campo degli antivirus.

McAfee è una personalità eccentrica e molto controversa, sia per quanto riguarda le sue idee politiche che per i numerosi problemi con la legge, tra cui vi sono accuse di omicidio del suo vicino di casa, possesso d’armi, possesso di sostanze stupefacenti e molto altro.

Fuggito in Belize e poi tornato negli Stati Uniti, si è candidato nel 2016 per la presidenza degli Stati Uniti D’America, candidatura che riproporrà, a detta sua, durante la prossima campagna del 2020.

A tutt'oggi John è il CEO di Luxcore, una compagnia che si occupa di cryptovalute.

Francesco Rugolo

Fonti:

- https://www.mcafee.com/en-gb/index.html;

- https://www.bbc.com/news/technology-25631183

WhatsApp... è sicuro?

Una delle frasi più sentite, fino a poco tempo fa, per un esperto di sicurezza informatica era: "ma
WhatsApp è sicuro? Posso usarlo per lavoro?"
La risposta, generalmente, era sempre stata la stessa: "Io non lo userei per lavoro, ma al massimo per comunicare con amici e famiglia".
Poi, con l'avvento della crittografia end-to-end e in particolare con la pubblicità che è stata data ad un evento eminentemente tecnico, la domanda non si è più sentita. Tutti si sono sentiti automaticamente tranquillizzati e non aveva più senso fare la domanda.
Ma è veramente cosi?
L'avvento della crittografia end-to-end ha, apparentemente, dato la risposta che tutti volevano sentire : "ora siete sicuri, potete usare WhatsApp per fare tutto ciò che già fate senza ammetterlo, ma ora siete sicuri". Naturalmente era solo una illusione, ma era ciò che tutti volevano sentire e dunque è diventata realtà.
Ecco però, spuntare dal nulla, o meglio da uno dei paesi più avanzati nel settore cyber, la disillusione. Il suo nome è Pegasus, come il cavallo alato nato dal sangue di Medusa…
Pegasus è un software creato è venduto in tutto il mondo dal gruppo NSO, una società israeliana fondata nel 2010 per il 70% di proprietà del gruppo americano "Francisco partners".
NSO afferma di sviluppare "technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime". Tecnologie che ufficialmente sono destinate ai governi israeliano, americano e dei paesi europei.
Pegasus non è nato oggi, già da alcuni anni se ne sente parlare, oggi però ha avuto la notorietà in quanto WhatApp è un sistema impiegato da più di un miliardo di persone e Pegasus, in questo caso, si è trasformato da cavallo alato a cavallo di Troia, consentendo agli hacker, governativi o meno, di svolgere sugli smartphone su cui è installato WhatsApp attività di spionaggio.

Ora potrebbe seguire una spiegazione dettagliata del funzionamento di Pagasus e di come questo abbia sfruttato le vulnerabilità di WhatsApp, ma non credo che la cosa sarebbe comprensibile per tutti. Più utile, a mio parere, dare qualche suggerimento ai lettori.
Primo: non esistono sistemi informatici "sicuri" al 100%, non sono mai esistiti e non esisteranno mai, qualunque cosa vi dicano. La cosa va accettata e gestita.
Secondo: è possibile usare WhatsApp? Si, come qualunque altro software di comunicazione. Oggi si è scoperto che Pegasus sfrutta le vulnerabilità di WhatsApp, domani si scoprirà qualche altra cosa su altri software. Vale la regola del punto uno: non esiste sicurezza al 100%. I sistemi si impiegano gestendo il rischio. Pensare di risolvere il problema delle comunicazioni sicure disinstallando WhatsApp dallo smartphone è una pura illusione!
Terzo: cosa possiamo fare nell'immediato? Semplice, verificare che WhatsApp sia stato aggiornato alla versione messa qualche giorno fa. Se non lo fosse, aggiornatelo. Esistono diverse versioni di WhatsApp a seconda del Sistema Operativo dello smartphone dunque occorre capire qual è la versione giusta ma esistono tanti siti da cui prendere le informazioni. Io personalmente in questo caso mi sono rivolto a Kaspersky per cui tra i link troverete anche un link ad un articolo in lingua italiana dove sono indicate le principali versioni di WhatApp.
Quarto ed ultimo: non dimenticate mai che la cybersecurity non è un gioco e se possedete una azienda o siete un dirigente di una struttura pubblica, organizzatevi per "gestire il rischio" e dubitate sempre di chi vi assicura la sicurezza al 100%.

Alessandro Rugolo

Per approfondire:

https://www.theweek.co.uk/101201/whatsapp-reveals-attack-by-advanced-cyber-actor
https://www.businessinsider.fr/us/whatsapp-hack-who-is-nso-group-spy-firm-behind-attack-2019-5
https://www.thesun.co.uk/tech/9069460/whatsapp-update-how-cyber-attack-surveillance/
https://www.thesun.co.uk/tech/9069460/whatsapp-update-how-cyber-attack-surveillance/
https://securityaffairs.co/wordpress/76333/malware/nso-pegasus-spyware-report.html
https://www.businessinsider.fr/us/pegasus-nso-group-iphone-2016-8
https://www.nsogroup.com/
https://www.kaspersky.it/blog/whatsapp-call-zeroday/17314/
https://www.youtube.com/watch?v=_2be9gcmjjQ
https://www.zambianobserver.com/zambian-mobile-phones-allegedly-targeted-by-notorious-governments-only-spyware/

Generali launches its fully-dedicated Cyber Insurance function and the CyberSecurTech start-up

Press release 

09 October 2018 - 12:16

• New Cyber Insurance function will develop and coordinate the Group’s global cyber risk activities
• Generali’s CyberSecurTech start-up will offer Generali customers innovative cyber risk assessment solutions through a proprietary web-based platform

Milan - Generali launches a new Cyber Insurance function and a start-up company to address its customers’ concerns and needs in the area of cyber risk. The newly-created Cyber Insurance function will combine the wide range of cyber insurance solutions with the support of a fully-owned technology start-up, GeneraliCyberSecurTech, wholly owned by the Group and created with the aim of deploying innovative cyber risk assessment methodologies for Generali’s customers.
The function will develop and coordinate the Group’s global approach to cyber risk: from customer support services to prevent cyber attacks, to preparing the best response to a breach, to technical and legal management of events. In recent years, Generali has invested in creating a highly skilled team of professionals with considerable global experience in managing cyber risks.

Marco Sesana, Country Manager Italy and Global Business Lines, stated: “Today’s announcement confirms Generali’s commitment in cyber security, an increasingly significant and strategic space for individuals, companies and organisations. Generali, as a global insurer, intends to be at the forefront of identifying and mitigating this type of emerging risk, offering innovative and relevant solutions for our customers. Leveraging the new function’s expertise and the Group’s technological innovation, which is the cornerstone of CyberSecurTech start-up, we will able to support our customers’ needs.”

Italy was the first country to test the platform, using it to design and develop the new cyber offer for businesses: a complete and unique solution that encompasses risk analysis, prevention, coverage, and pre- and post-event support services.

Cyber attacks and their consequences, as well as new regulations on protection of sensitive data and relevant implications, represent global emerging risks. Based on the Group’s experience over more than thirty years in managing IT insurance risks, Generali has launched – with CyberSecurTech - a technology platform, known as “Majorana”, designed and developed entirely by the Group’s team of IT security experts. The system uses innovative methodologies to manage risk, allowing the gradual implementation of its global cyber insurance offer. The platform collects and analyses customer data, starting from an assessment of the customer’s web perimeter, then searching the deep and dark web for possible data leaks that may have affected the potential customer, and, finally, reviewing vulnerabilities in the IT infrastructure. Subsequently, results are analysed through a proprietary algorithm, leading to the development of an IT risk insurance policy and an IT security report that can be shared with the customer.

Remo Marini, CEO of the CyberSecurTech start-up, observed: “Developed using innovative technologies based on machine learning and artificial intelligence, the tool’s considerable sophistication enables the real risks to which the customer is exposed to be assessed, providing detailed information that the customer can use to build a plan to mitigate risks and transfer residual risks, both from a technology and insurance perspective.”

Generali’s new Cyber Insurance function and CyberSecurTech start-up will enhance and further boost the Group’s existing offer in Europe, Asia and the Americas.