FireEye Builds Toward a Bigger, Smarter Future
March 14, 2016
Demand for cybersecurity may exist, but one security firm’s first quarter results do not have much to show for it. People are not spending on security published by MyInforms reports this sharing the story of FireEye. Several explanations are offered for the lack of profitability this quarter and next, including their recent purchase of subscription-based iSight Partners and Invotas. The article contextualizes FireEye’s results,
“Security outfit FireEye released some disappointing results and claim it is because firms are skimping on their security budgets. FireEye forecast a bigger than expected loss for the first quarter and said it expected growth in cyber security spending to slow this year. FireEye Chief Executive Dave DeWalt said sales across the industry were boosted by “emergency spending” last year as major hacking attacks prompted some companies to place massive orders.”
Profitability can be looked at in several ways, but that’s another story. What is important to note here is the security concern many businesses have — and notably acted on last year, according to the article. What kind of player with FireEye be in this market with their newly acquired cyber intelligence offerings? We will keep our sights set on them.
Megan Feil, March 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Organized Cybercrime Continues to Evolves
March 10, 2016
In any kind of organized crime, operations take place on multiple levels and cybercrime is no different. A recent article from Security Intelligence, Dark Web Suppliers and Organized Cybercrime Gigs, describes the hierarchy and how the visibility of top-level Cybercrime-as-a-Service (CaaS) has evolved with heightened scrutiny from law enforcement. As recently as a decade ago, expert CaaS vendors were visible on forums and underground boards; however, now they only show up to forums and community sites typically closed to newcomers and their role encompasses more expertise and less information sharing and accomplice-gathering. The article describes their niche,
“Some of the most popular CaaS commodities in the exclusive parts of the Dark Web are the services of expert webinjection writers who supply their skills to banking Trojan operators.
Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.”
The cybercrime arena shows one set of organized crime professionals, preying on individuals and organizations while simultaneously being sought out by organized cyber security professionals and law enforcement. It will be most interesting to see how collisions and interactions between these two groups will play out — and how that shapes the organization of their rings.
Megan Feil, March 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Intersection of the Criminal, Law Enforcement and Technology Industries
February 26, 2016
A ZDNet article covers Arrests made over Bitcoin laundering scheme, Dark Web drug deals
Dutch police made several arrests related to laundering of criminal profits orchestrated through an unindexed section of the web called the Dark Web. The article says suspects allegedly laundered up to 20 million euros from online drug deals. With the information originating from Reuters, this article summarizes the arrests made by Dutch Fiscal Information and Investigation Service and public prosecution department:
“According to the publication, some of the men arrested are traders, while others are “Bitcoin cashers” — traders of Bitcoin online who cash these funds then withdraw money from ATMs. It is possible to find cashers online who run shadow services which exchange “dirty” coins for clean currency. Law enforcement in the United States, Australia, Lithuania and Morocco also participated in the raid.”
Just as criminal offenses are taking place increasingly online, so too must the law enforcement industry have turn to technology to aid its efforts. As the case unfolds, it will be interesting to uncover how these suspects were identified. Perhaps something innovative will be at the source.
Megan Feil, February 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
CyberSpark Billed as New Cybersecurity Capital for Israel
February 24, 2016
Beersheba, a city in Israel with a population of about 200,000 has become the site of several connected academic and technological influences, led by government and industry, which may position it to be the cyber capital of the country. The article Israel’s Cyber Sector Blooms in the Desert article from Security Week covers Beersheba’s industrial park, CyberSpark. A project leader for the Israeli National Cyber Bureau is quoted explaining how this area is primed to become a leader in cyber security. The report describes CyberSpark’s projected growth,
“Two more complexes comprising 27 buildings are to be added, and the municipality expects the population to grow by 100,000 in the next 10 years. About 30,000 soldiers, including 7,000 career officers, will move in the coming years to bases and a technology campus to be built on 100 hectares (250 acres) near CyberSpark and around Beersheba. As a lure from the bustle of cosmopolitan Tel Aviv, the government plans a bonus of $18,000 for single officers and $50,000 for families who spend at least five years in Beersheba.”
More often than not, we hear about cybercriminals taking the initiative while law enforcement, intelligence and others attempt to catch up. While the article frames CyberSpark as a case of proactive collaboration with necessary partners for the sake of forwarding the cyber security industry and protecting citizens, we are not sure it can be called proactive. Let’s not forget, as the article mentions, Israel may be the most heavily targeted country in the world with reports suggesting as many as a thousand web attacks per minute.
Megan Feil, February 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Many Companies Worldwide Underprepared for Cyber Attacks
January 19, 2016
A recent survey from KPMG Capital suggests that only about half the world’s CEOs feel their companies are “fully prepared” to counter a cyber breach in the next three years. One notable exception: businesses in the U.S., where about ninety percent of CEOs feel their companies are ready to fend off hackers. We are not surprised that KPMG is gathering information on in the subject, since it recently took an equity stake in cyber-intelligence firm Norse Corp.
KPMG Australia comments on the survey’s results in its post, “Cyber Security: A Failure of Imagination.” The write-up relates:
“According to the 2015 KPMG CEO Outlook Study [PDF] of more than 1,200 CEOs, one out of five indicated that information security is the risk they are most concerned about. ‘Collectively we sleepwalked into a position of vulnerability when it comes to cyber,’ said Malcolm Marshall, Global Head of Cyber Security at KPMG. ‘This combination of lack of preparedness and concern, from those organizations that are among the best equipped to deal with risks of this magnitude, clearly illustrates cyber security challenges remain severely unaddressed.’”
A lack of skilled cyber-security workers seems to be a large part of the problem, particularly ones who also have management or social-science skills. However, we’re told the root cause here is the “failure to imagine” what hackers can do and might try before they’ve tried it. Clearly, many executives would do well to get themselves up to speed on the subject, before their companies fall victim.
Cynthia Murrell, January 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Business World Is Not Prepared for a Cyber Attack
January 12, 2016
Cyber threats have been a concerning topics since computers became functional and daily tools for people. The idea of a hacker brings up images of IT geeks sitting in a dark basement with their laptops and cracking top secret codes in a matter of keystrokes. Hacking has turned from a limited crime to a huge international problem comparable to the mafia. While hackers are interested in targeting individuals, the bolder thieves target big businesses. News of Bahrain shares that “Biz Not Prepared For Cyber Threat,” translated from headline speech that means the business world would not withstand a cyber attack.
KPMG International released the 2015 KPMG CEO Outlook Study that found businesses are aware of risks associated with cyber attacks, but only forty-nine percent have prepared for one. The study surveyed 1,200 CEOs and one out of five are concerned about cyber risks. The concern has led many CEOs to take action with security measures and safety plans.
“ ‘The most innovative companies have recognized that cyber security is a customer experience, not just a risk that needs to be managed or a line item in the budget. In Bahrain, some firms are finding ways to turn cyber preparedness into a competitive advantage with customers, and they are using this as a differentiator.’ ”
Many companies that are attacked thought they were prepared for any threats, but they underestimated hackers’ intelligence, sophistication, and persistence.
Some of the companies with good cyber security are advertising their technical achievements to prevent attacks. It is a desirable feature, especially as more information is housed on cloud storage and businesses need to be aware of potential threats.
Whitney Grace, January 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Magnetic Forensics Partners with In-Q-Tel to Battle Rising Cyber Crimes
January 6, 2016
The article on GCN titled In-Q-Tel Invests in Digital Forensics Firm discusses the recent addition of Magnetic Forensics to the In-Q-Tel investment portfolio. Digital forensics software is making large strides to improve the safety and security of data in a time when hackers seem unstoppable, and this is the area Magnetic Forensics’ applies expertise and innovation. In-Q-Tel is a technology investment firm that supports and coordinates with the CIA and Intelligence Community. The article explains,
Magnetic Forensics’ flagship product, Internet Evidence Finder, recovers unstructured data — such as social media, chat messages and e-mail from computers, smartphones and tablets — and structures the data for analysis and collaboration. It has been used by 2,700 public safety organizations in 92 counties to investigate cases related to cybercrime, terrorism, child exploitation and insider threats.
Given the almost daily reminders of the vulnerability of our data, investment in this sort of software is timely. Magnetic Forensics’ CEO Adam Belsher explained that IEF works by opening the pipeline of investigator workflow, organizing backlogs, and urgently absorbing the facts of the case to ensure a comprehensive understanding of the issue at hand. Additionally, the partnership will enhance In-Q-Tel’s existing product line while allowing for the creation of new resources for cyber security.
Chelsea Kerwin, January 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Top Trends for Cyber Security and Analytics in 2016
December 23, 2015
With the end of the year approaching, people try to predict what will happen in the New Year. The New Year brings on a sort of fortunetelling, because if companies are able to correctly predict what will happen in 2016 then it serves for positive profit margins and a healthier customer base. The IT industry has its own share of New Year soothsayers and the Executive Biz blog shares that “Booz Allen Cites Top Cyber, Analytics Trends In 2016; Bill Stewart Comments” with possible trends in cyber security and data analytics for the coming year.
Booz Allen Hamilton says that companies will want to merge analytical programs with security programs to receive data sets that show network vulnerabilities; they have been dubbed “fusion centers.”
“ ‘As cyber risk and advanced analytics demand increasing attention from the C-suite, we are about to enter a fundamentally different period,’ said Bill Stewart, executive vice president and leader of commercial cyber business at Booz Allen. ‘The dynamics will change… Skilled leaders will factor these changing dynamics into their planning, investments and operations.’”
The will also be increased risks coming from the Dark Web and risks that are associated with connected systems, such as cloud storage. Booz Allen also hints that companies will need skilled professionals who know how to harness cyber security risks and analytics. That suggestion is not new, as it has been discussed since 2014. While the threat from the Internet and vulnerabilities within systems has increased, the need for experts in these areas as well as better programs to handle them has always been needed. Booz Allen is restating the obvious, the biggest problem is that companies are not aware of these risks and they usually lack the budget to implement preemptive measures.
Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Cybercrime to Come
December 2, 2015
Apparently, we haven’t seen anything yet. An article at Phys.org, “Kaspersky Boss Warns of Emerging Cybercrime Threats,” explain that personal devices and retail databases are just the beginning for cyber criminals. Their next focus has the potential to create more widespread chaos, according to comments from security expert Eugene Kaspersky. We learn:
“Russian online security specialist Eugene Kaspersky says cyber criminals will one day go for bigger targets than PCs and mobiles, sabotaging entire transport networks, electrical grids or financial systems. The online threat is growing fast with one in 20 computers running on Microsoft Windows already compromised, the founder and chief executive of security software company Kaspersky Lab told AFP this week on the sidelines of a cybersecurity conference in Monaco.”
The article also notes that hackers are constantly working to break every security advance, and that staying safe means more than installing the latest security software. Kaspersky noted:
“It’s like everyday life. If you just stay at home and if you don’t have visitors, you are quite safe. But if you like to walk around to any district of your city, you have to be aware of their street crimes. Same for the Internet.”
Kaspersky’s company, Kaspersky Lab, prides itself on its extensive knowledge of online security. Founded in 1997 and headquartered in Moscow, the company is one of the leading security firms in the world.
Cynthia Murrell, December 2, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Its Hacker Season
August 21, 2015
One of the quintessential cartoon feuds exists between Bugs Bunny and Daffy Duck as they argue whether or not it is duck or rabbit hunting season. Whoever wins gets the lovely prize of having their face blown off, thankfully cartoon violence does not obey the rules of life and death. The ensuing argument ends with hilarious consequences, but everyday another type of big game is always in season: your personal information. Hackers are constantly searching for ways to break into vulnerable systems and steal valuable information.
One a personal level it is frightening to be hacked, but corporations stand risk millions of dollars, customer information, trade secrets, and their reputations if their systems get hacked. There are many companies that specialize in software to prevent potential hackings, but Cybereason offers unique selling points in the article, “Introducing Cybereason: Real-Time Automated Cyber Hunting.”
“This is why Cybereason exists, to bring the fight against hackers off of the frontlines and into the depths of your environment, where they lurk after gaining unnoticed access. Security needs to be about having an ever-watchful eye over your endpoints, servers, and network, and the Cybereason platform will allow you to perform real-time, automated hunting across your entire environment.”
On their Web site they posted a product video that feeds on the US’s culture of fear and they present an Armageddon like situation complete with a female voice over artist with a British accent, a Guy Fawkes mask, and Matrix-like graphics. My favorite bit is when Cybereason is made to resemble a secret intelligence agency of superheroes.
Despite the clichéd video, it does give a thorough visualization of what Cybereason’s software and services can do. The fear factor might be a selling point for some clients, but I’d rather hear hard facts and direct solutions. It takes out the dramatic elements and actually tells me what the product can do for me. You have to love Cybereason’s ending phrase, “Let the hunt begin.” It makes me want to respond with, “May the odds ever be in your favor.”
Whitney Grace, August 21, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
