New Approach in AI learning leads to CAPTCHA break
Issue 002 | NOVEMBER 2017
Biometric Systems Could be the future of Cybersecurity
Words of wisdom and industry insights from Mr. Ashok Banerjee, CTO of Enterprise Symantec
内容概括
Table of Contents
Recommended Business Books for 2017
Publisher’s note
5 10-11
Feature ArƟcle AI and Cybersecurity: Be Afraid
Malware/Ransomware
8-9
Cybersecurity Policy
Malware-Infected CCleaner Roams Computers 14 for a Month Undetected US U li es Will Splash $7 Bln on Cybersecurity by 2020 US Senate Looks into Blockchain’s Cybersecurity Applica ons
12
15
Apple Launches New Patches
15
htpRAT Latest Sign that Cybercriminals are Ge ng Smarter
16
More Transparency on “Vulnerabili es Equi es Policy and Process (VEP)”
17
13
SEC Says Data Breach Could Have Resulted in Illegal Trading
13
New European Cyber Laws GDPR and NISD
13
2
MS Office Feature Lets Hackers Into Configura on Data
Issue: 002; November 2017
Weste Western Cyber Cybersecurity Comp Companies China Cyber Cybersecurity Comp Companies
30-34 CEO Corner
35-37
Cyberspace in Asia
Mr. Ashok Banerjee
Singapore Government Allocates $16 Mln for Cybersecurity R&D
CTO, Enterprise Security at Symantec
22
6–7 Global Cyberspace Security Cybersecurity Advisory
Top 10 Cybersecurity Events for 2017
24
F-Secure: 2017 was Worse for Cybersecurity than 2016
FDA Warns Medical Device Makers to Priori ze 18 Cybersecurity
25
Biometric Systems Could be the Future of Cybersecurity
IBM Warns of Sixfold Increase in A acks Involving Cryptocurrency Mining CPUs
26
New Approach in AI Learning Leads to CAPTCHA Break
Researchers Teach Computers to Make Be er 19 Password Guesses
27
Enterprise of Things Fraught with Cyber Risks
20
10 Free Security-Related Tools And Resources
21
Machine Learning Can Help Cybersecurity Efforts but Can’t Replace Everything Else
Issue: 002; November 2017
28-29
19
3
LET'S GET
SOCIAL! Let CYBER SPACE ASIA and CyberAsia360 help you improve your social network: global trade events, monthly print magazine, weekly email marke ng, video promo on, and daily social media posts.
4
Issue: 002; November 2017
Publishers’ note
In his book, “Where is Technology Taking the Economy?”, economist and author W. Brian Arthur purports: Digital technologies have created a second economy, a virtual and autonomous one. It’s that it is steadily providing an external intelligence in business—one not housed internally on human workers but externally on the virtual economy’s algorithms and machines. While the book emphasizes the positive aspects of this second economy in terms of productivity, efficiency and convenience brought to human activities, we must remind ourselves that algorithms and machines are created by people, and human being behavior sometimes falls on the negative end of the spectrum; with greed and evil that can be cruel and destructive. Cyberattacks have increased with each technological advancement and as such have become an on-going battle in modern business practices, with most intelligent functions powered by big data. Based on findings by IDG, International Data Group, the cost of data breaches worldwide for enterprises rose 11 percent in 2017. In the U.S., the average cost of a cyber attack for enterprises grew from $1.2 million in 2016 to $1.3 million in 2017. And the trend is expected to continue. Having said that, we have compiled this issue of CyberAsia360 to bring more awareness to increasing cyber threats and to provide a prevention guide against potential cyber attacks. We are fortunate to share with you, on page 6, the words of wisdom and industry insights of Mr. Ashok Banerjee, CTO of Enterprise Symantec. To better protect businesses, Cyber Space Asia and CyberAsia360 magazine aim to serve as an across-board platform to facilitate exchange among industry intelligence through collaboration and cooperation on a global scale. We hope to receive your feedback and to have a dialogue as to how we can best serve you, our faithful readers! Send inquiries, comments and suggestions to sunny@cyberasia360.com.
Thank you and happy reading! Ying Wang, Maggie Zhang, Sunny Sun Editorial team
Issue: 002; November 2017
5
CEO Corner
My Conversation with
Mr. Ashok BANERJEE CTO, Enterprise Security at Symantec by SUNNY SUN Editor’s note: A statement holds true by ARM’s CEO, Simon Segars: “The Internet of Things will change the way we live, but we’re s ll plagued by one big thing: a lack of security”. With increased connec vity and breaches to businesses, large and small, occurring more frequently, I felt an urgency to know how we can protect both our enterprises and our selves. Most of us habitually lock our cars and our homes, which are physically obvious to us. But are we consciously aware of how we should protect ourselves, when we can’t rely on passwords or updated firmware on our devices? How can we be prepared to live in the newly connected world of IoT? In pursuing answers to this, I was very fortunate to have had a conversa on with Mr. Ashok Banerjee, CTO Enterprise Security for Symantec, one of the world’s leading pure-play cyber security companies. I am pleased to share his valuable insights on awareness, preven on, and protec on against poten al threats.
How will security awareness help prevent ransomware for a majority of no-tech equipped SMEs ? I recommend anti-malware like Symantec Endpoint Protection for Corporate Endpoints and Norton for Consumer Endpoints to safeguard against ransomware. Where will you be attacked – home laptop or work laptop or will you be targeted at all? You have to understand why the hackers target you or your organization. Are you or your business the target (wealthy or confidential information), or are you a part of the supply chains to some target entity (wealthy or confidential information). In Supply Chain attacks you are attacked by the hacker as a stepping stone to a desired destination. No one will be immune from being targeted or attacked. We all have to be on “security-ready” mode both in your awareness and technology preparedness. The more we depend on digital technology, the more we become vulnerable. How can we balance innovation and safety? It is always Convenience vs. Safety. With IoT the motiva-
6
tion of the attacker moves from exfiltration of information to sabotage in physical world. Many of the systems in IoT were built pre-connectivity. Security was an after thought because there were physical layers of security mitigating the otherwise vulnerable operational things. Pre IoT the operational things were vulnerable but were not internet accessible so physical layers of security could mitigate the digital vulnerabilities. IoT opens the floodgates to both opportunities and risks. A selfdriving car halted in the middle of the freeway can cause a cascade of accidents. A railroad crossing-gate remotely opened when it should be down to prevent collisions with trains can cause accidents. Attackers can attack remotely attack repeatedly with no fear or consequence. Remote attacks can be from outside the jurisdiction of the country. From power grids, self-driving cars, emergency services, medical systems to nuclear plants are all suddenly within reach of attackers. Attackers infiltrate and hold control of activation/ deactivation or IOT controls. All this is achieved from outside the jurisdiction without the dirty work of breaking into physical systems risking arrest etc. The awareness people have for the physical world with locking doors and windows somehow does not extend as well to the digital world. We make sure to lock our doors and windows when we leave the house to protect ourselves from a possible burglary invasion; however, we lack the conscious awareness to shut down our digital access to prevent potential hackers’ invasions and we have little knowledge about how to go about it. That is why we need to collaborate on a global scale and
Issue: 002; Novem November 2017
laws to be implemented at the UN level. A lack of law and jurisdiction in cyberspace will be the problem that amplifies the danger. What would be the best prevention you can recommend? There is no silver bullet we need to secure every line, as a layered defense from social awareness and training, to network security, endpoint security, data loss prevention identity and IOT Security everything matters. Given the consequence of breach for Banks, Hospitals, Oil and Gas etc I believe it is better to have unavailability than to have security breaches. What lesson should we learn from the recent Equifax breach? Once again layered defense. Symantec has many layers of security for a reason. Stay cyber-resilient. Background information: Atlanta-based Equifax disclosed a little over a month ago that cyber criminals had breached its systems between mid-May and late-July and stolen the sensitive information of 145.5 million people. Randy Abrams, an independent security analyst, said he noticed the issue late on Wednesday when he was attempting to check some information in his credit report and a bogus pop-up ad appeared on Equifax’s website. The pop-ups could trick visitors into installing fraudulent Adobe Flash updates and infect computers with malware, he said in an interview with Reuters on Thursday “You’ve got to be kidding me,” he recalled thinking when he first saw the ads. Then he successfully replicated the problem at least five times, making a video that he posted to YouTube. (bit.ly/2z3GTLc) Equifax’s security protocols have been under scrutiny since Sept. 7 when the company disclosed its systems had been breached. As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.
From your perspective, are most security breaches more likely a business issue or a technology issue? A single breach crushes the reputation of biggest icons in the industry. Attackers always look for the weakest spot from social to technical. The larger the company the greater the attack surface.. For example, for a company with a staff of 10,000, the attack surface of employees is hundred times larger than a company with a staff of 100. So the bigger the company the bigger the target and it should focus increasingly more on CyberSecurity. There will be cloud-based platform applications/services. Will it introduce more open outlets for potential breaches? The cloud-based providers are more automated in DevOps, Provisioning etc., However the larger more successful cloud services are also excellent targets for attackers: hack ONE, to hack ALL. For example, if hackers are able to hack into Salesforce, the attacker gets the CRM data for a large number of companies. A single such breach would give the attacker a com-
Issue: 002; November 2017
plete picture of every sales pipelines for every industry around the globe. Today the attackers are much more organized. Its not a lone wolf attempting things at night, this is not after work, hacking is the work for entire teams. Could Artificial Intelligence be introduced to Cybersecurity? AI has actually been used by Symantec for10 years. My impression is McAfee and Trend were also possibly using AI given the attack volumes. We have more data than anyone else in determining attacks. We have more data, but the attacker has more time. It comes down to game theory and adversarial machine learning - my area of focus. For a Netflix movie there is no one trying to make Netflix believe you like movies you don’t however in CyberSecurity we have a active adversary. With CyberSecurity we aren’t just looking for needles in a haystack but active needles that make a conscious effort to look like hay. The 21st century will not just be machine learning but increasingly adversarial machine learning. My machine learning versus your machine learning in a increasingly connected increasingly adversarial world. “Seeing is Believing and Hearing is Believing” may themselves be attacked. Facial Reenactment for instance if used with Adobe Photoshop and a effective fake news campaign the consequences are scary. With advancements in AR (Augemented Reality) and VR (Virtual Reality) can fake news be far behind. What would be game-changing cyber-security technologies or standards to maximize security in the digital environment? There are two things: first, security is a layered sport which is why Symantec focuses on the entire span from Network to Endpoint to Email to Storage to Data Loss Prevention and IOT. The hacker targets vulnerability everywhere—hardware, software, network, email --so cybersecurity needs to be everywhere as well. This domain is unique because 1+1 = 3 the shared context of Email, Network, Identity and Endpoints enables us to do machine learning on data that no one else in the industry has. Second, most in cybersecurity focus on machine-learning too much, and too little on game theory. Cyber attack and cyber defense have co-evolved. Every move results in a counter move of the adversary and all that matters is the Nash equilibrium of the adversarial game. In conclusion, cybersecurity should be ingrained from design to threat modeling to runtime at network, email, endpoint, storage and through the entire process. It is always easier to attack than to defend given the ever increasing surface of our companies. Multi-week vulnerability remediation is no longer good enough, almost instantly we need a mitigation so though the system is vulnerable the vulnerability is mitigated in the environment of the customer instantly. If we mitigate after attackers incursion teams have set up a reverse shell a remediation after that still leaves the reverse shell for the attackers. Overall I highly recommend a layered defense strategy.
7
Featured Ar cle
AI and Cybersecurity:
Be Afraid
By IRINA SLAV
8
Here’s a question for everyone following AI developments: do you think we can honestly believe that artificial intelligence will forever remain in safe hands? The question is of course clearly rhetorical and its implications are quite scary. What’s even scarier is how fast cybercriminals are moving. For example, here’s a piece of seemingly good news on the cybersecurity front: at least one lab is working on biometric software that would be able to “read” passwords straight from a user’s brain. According to one biometric industry insider, this software would be impossible to hack. Really? Here’s a piece of older news: a study from the University of Alabama in Birmingham found that EEG headsets can also read PINs and passwords based on brain-wave monitoring and, guess what, these can be hacked already. But that’s not AI, is it? Well, based on what we already know about cybercriminals, that is, that they never let cybersecurity experts take a break but find new ways to challenge the solutions they come up with, what are the chances of anyone developing completely, totally, absolutely safe AI? Issue: 002; November 2017
HACKING BRAINS Not high, apparently. Recently, Newsweek reported that brain-computer interfaces can be hijacked and not by a human actor but by rogue artificial intelligence. Newsweek cites a commentary by 27 scientists, including neuroscientists and machine intelligence engineers, who warn that the AI involved in BCIs can turn on humans even if the person supposed to control it does not wish it. The authors of the commentary describe a hypothetical situation in which a paralyzed person takes part in a BCI trial. The person dislikes the researchers conducting the trial and the AI reading his thoughts through the BCI takes this as a command to harm the researchers. Okay, that’s far-fetched and all the proponents of AI insist that there is no way for an AI system to jut go rogue like that but, first, how long will such a scenario continue to be far-fetched given the sharp exponential growth we are witnessing in the tech space and, second, how do you make absolutely sure that AI can’t go rogue? Not just sure, but absolutely sure? Interestingly, the authors of the commentary specifically mention Neuralink, the startup Elon Musk set up to research ways of connecting brains to computers as a way of avoiding a catastrophe when—not if, you understand, but when—artificial superintelligence comes on the scene. Musk is by no means alone in warning against excessive optimism about AI, Bill Gates and Stephen Hawking are worried as well, to mention just two. And they have every right to be.
NO EV IS SAFE Musk says Tesla is putting a lot of effort into making the cars’ software secure. Yet it can’t be absolutely secure: there were recently news reports about a Dutch company that claims to have hacked the software of a Tesla Model S and made it run on hydrogen. Let’s leave the point of doing anything like this (given that the conversion itself cost north of $50,000) aside. What’s more interesting is the very fact the hack was possible. This fact was a simple demonstration of what cybersecurity experts like to remind us: that anything that can be hacked, will be hacked, including electric and, by extrapolation, autonomous cars.
SELF TEACHING AI? Here’s some more potentially scary and potentially wonderful news. An approach dubbed reinforcement learning can enable AI to acquire skills
Issue: 002; November 2017
and knowledge without the intervention of a human “teacher”, simply by a repeated action that the AI internalizes. It was by mimicking a natural tendency in animals—including humans—to learn new behaviors by remembering the outcome from one and from another behavior, that Alphabet’s AlphaGo became the first AI to beat a human at Go. Now, the same approach is used to, for example, simulate complex traffic with self-driving cars. What happens if someone hacks into a selfdriving car, or two or a dozen? Nothing good, that’s what. What are the chances of this happening? The companies developing self-driving cars would certainly argue that these chances are very slim but they do have a vested interest in self-driving cars. Those skeptical of everything, such as myself, would suspect that however slim the chances are there and their implications are pretty nasty. After all, how many cybercriminals do what they do for charitable reasons?
NO GOING BACK A lot of companies are working on various forms of artificial intelligence. Granted, most of the information on these developments is, hopefully, secured behind the digital equivalent of a dozen locks and keys but there some of it is public. Can a hacker somewhere develop their own artificial intelligence based on what’s publicly available? What’s to stop them? So, AI is potentially a huge threat to cybersecurity. In fact, it is the biggest one, as security and AI analyst Martin Beltov notes in this story. That’s not exactly news but the need to start working on ways to curb the disastrous potential of what is also one of humankind’s greatest achievements is getting increasingly urgent. Standards, Beltov says, need to be drafted and implemented as soon as possible and they should span the whole, increasingly wider, spectrum of artificial intelligence. This would involve the input of experts in numerous fields and the good will of politicians, which is already there, luckily. Yet, as one U.S. governor recently asked Elon Musk during a recent discussion of AI, among other things, how do you begin regulating something that you know so little about? AI is a mixed blessing. So mixed, in fact, that it’s very easy to see it as a threat only. But that would be wrong, just as it would be wrong to view it as a pure blessing alone. The right attitude seems to be the one made popular by David Cronenberg’s The Fly: be afraid. Be very afraid.
9
Reset Ellen Pao’s memoir about her experience as a woman working in male-dominated Silicon Valley
Recommended Business Books for 2017
In 2015, Ellen K. Pao sued a powerhouse Silicon Valley venture capital firm, calling out workplace discrimination and retaliation against women and other underrepresented groups. Her suit rocked the tech world—and exposed its to cu vee PR PR toxicc culture and its homogeneity. Her message overcame negative attac attacks that took aim at her professional conduct and her personall life, Shortlisted an the and she won widespread public support—Time hailed her as ““the for the 2017 Financial f face of change.” Though Pao lost her suit, she revolutionized the Times and McKinsey ld. conversation at tech offices, in the media, and around the world. In Reset, she tells her full story for the first time. The daughter of immigrants, Pao was taught thatt through hard work she could achieve her dreams. She earned Named multiple Ivy League degrees, worked at top startups, and in a best fall book 2005 was recruited by Kleiner Perkins, arguably the world’s by Elle and Bustle le leading venture capital firm at the time. In many ways, she did everything right, and yet she and other women and people of colo color were excluded from success—cut out of decisive meetings and email discussions, uninvited to CEO dinners and lavish networking trips, and had their work undercut or appropriated by male executives. It was time for a system reset. Ellen K. Pao’s Reset is a rallying cry—the story of a whistleblower who aims to empower everyone struggling to be heard, in Silicon Valley and beyond.
business book of the year
The Great Leveler Walter Scheidel’s exploration of the regularity with which violent events like wars and plagues remake society Ho only violence and catastrophes have consistently reduced inequality throughout world How history history? A Are mass violence and catastrophes the only forces that can seriously decrease economic ineq equ u inequality? To judge by thousands of years of history, the answer is yes. Tracing the global histo history of inequality from the Stone Age to today, Walter Scheidel shows that inequality never dies peacefully. Inequality declines when carnage and disaster strike and increases when peace and stability return. The Great Leveler is the first book to chart the crucial role of violent sh h shocks in reducing inequality over the full sweep of human history around the world. Ever since humans began to farm, herd livestock, and pass on their assets to future generations, economic inequality has been a defining feature of civilization. Over thousands of years, only violent events have significantly lessened inequality. The “Four Horsemen” of leveling―mass-mobilization warfare, transformative revolutions, state collapse, and catastrophic plagues―have repeatedly destroyed the fortunes of the rich. Scheidel identifies and examines these processes, from the crises of the earliest civilizations to the cataclysmic world wars and communist revolutions of the twentieth century. Today, the violence that reduced inequality in the past seems to have diminished, and that is a good thing. But it casts serious doubt on the prospects for a more equal future.
10
Issue: 002; November 2017
The Spider Network David Enrich’s inside account of the Libor collusion, the biggest scandal in the financial world since the global crisis The Wall Street Journal’s award-winning business reporter unveils the bizarre and sinister story of how a math genius named Tom Hayes, a handful of outrageous confederates, and a deeply als al corrupt banking system ignited one of the greatest financial scandals in history.
Shortlisted for the Financial Times
business book of the year
Adaptive Markets And Andrew Lo’s critique of the efficient-markets hypothesis evolutionary explanation of markets and investor behavior A new, n Half of all Americans have money in the stock market, yet economists can’t agree on w whether investors and markets are rational and efficient, as modern financial theory assumes, or irrational and inefficient, as behavioral economists believe―and as financial bubbles, crashes, and crises suggest. This is one of the biggest debates in economics and the value or futility of investment management and financial regulation hang on the outcome. In this groundbreaking book, Andrew Lo cuts through this debate with a new framework, the Adaptive Markets Hypothesis, in which rationality and irrationality coexist. Drawing on psychology, evolutionary biology, neuroscience, artificial intelligence, and other fields, Adaptive Markets shows that the theory of market efficiency isn’t wrong but merely incomplete. When markets are unstable, investors react instinctively, creating inefficiencies for others to exploit. Lo’s new paradigm explains how financial evolution shapes behavior and markets at the speed of thought―a fact revealed by swings between stability and crisis, profit and loss, and innovation and regulation.
The One Device Brian Merchant’s history of the iPhone How did the iPhone transform our world and turn Apple into the most valuable company ny m ever? Veteran technology journalist Brian Merchant reveals the inside story you won’t hear from Cupertino-based on his exclusive interviews with the engineers, inventors, and developers who guided every stage of the iPhone’s creation. This deep dive takes you from inside One Infinite Loop to 19th century France to WWII America, from the driest place on earth to a Kenyan pit of toxic e-waste, and even deep inside Shenzhen’s notorious “suicide factories.” It’s a firsthand look at how the cutting-edge tech that makes the world work-touch screens, motion trackers, and even AI-made their way into our pockets. The One Device is a roadmap for design and engineering genius, an anthropology of the modern age, and an unprecedented view into one of the most secretive companies in history. This is the untold account, ten years in the making, of the device that changed everything.
Issue: 002; November 2017
11
Cybersecurity Policy
US Utilities Will Splash $7 Bln on Cybersecurity by 2020 U.S. U. S. uti tili lities will need to sp spend around $7.25 billiion on bill on cybersecu curi rity ty ove ver th he ne next three years, research ch h firm m Zpryme has estim imatted d based on the curren nt un unssatisf sfac actory state off cy cybe b rsecur be urit ityy systems in thee seecto ector. r Forb rbees aut u hor Co Con nsta tanc nce Do D uris noted in a reccentt art re rticcle tha hatt at pre reseent nt,, th ther eree ar aree no n consisten nt cybe cy bers rsec ecu urit ityy co conttro rols ls for the ene nerg rgyy di dist stri ribu buti t on syst sy stem em in the th he co coun untr try. She rec e al alle led d
the 2015 cyberratttack on Ukraine’s electric grid, which h caused a power outage affecting 225,000 customers, suggestingg a reep pea e t of thi hiss at hi a ta tacck on n an another grid is always a po ossi sibi bili lity ty. Such an at a ta tack ck k cou ould ld cau ausse major disrupt ptio ions n in electricity su upp pply ly in la larg rgee area eaas, which is why utilitie iess will have to sta t rtt thi hink nkin ing ab a out th thes e e co controls, an nd soon. The go good od d news is thaat there are already such cybersecurrity ity so olu luti tion ti onss av avai aillablle that, according to the National Ins n ti titu tute te of St Stan anda dard ds and Technology, can be integra rate teed in uti tili lities net etwo work wo r s to deal with attacks. rk Am mon ng th thes esee so olu l ti tion onss ar aree Siiemens’ Ruggedcom Crossbow ow, Ci Cisc sco’ co’ o s 29 2 50 0 (Ag Aggr greg e ato or), and Schneider
12
Electric’s Tofino Firewall. Utilidata and Raytheon are working together to develop new solutions for electric grids, and the Sierra Nevada Corporation has launched a Binary Armor – a product providing bidirectional security for communication layers on the grid, Douris writes. ViaSat, BAE Systems, IBM, and Leidos are also working on cybersecurity solutions for power utilities. The funding of these solutions’ implementation, however, is a problem for both utilities and government agencies. While the Department of Energy and the Depaart rtme m nt of Homeland n Security have allocated g ants for suc gr uch so solu luti tions, s, the allocations are not large enough gh,, wh whic ich is why
the state agencies are encou uraging utilitie i s to partn ner with h other co c mpanies on f inding wayys to o boo oost cyber erse s cu urity withou wi ut in ncreasing cos osts tss too much h. A l th Al that a said, it al all startss wit ith h a cy c be berr ri risk sk assessmeent nt,, Do D urris sayys. Thi hiss sh hou o ld be do done ne now ow, on a regular basi sis, s, ratthe herr th han afterr an n attack k occcurs. https://www.for fo bes.com/s m/site ites/constancedouris/2017/0 7/09/2 9/21/u 1/ tiliti itieswill-spend-bbill illions-on-ccybe y erse rsecurity-as-threat-grows/#794 79 c8a 8acf6 cff cfe cf
Issue: 002; November 2017
US Senate Looks into Blockchain’s Cybersecurity Applications The latest U.S. Senate defense bill—a bulky $700-billion affair—includes a mandate for a study on the cybersecurity applications of blockchain technology. The mandate was proposed by Ohio Senator Rob Portman as an amendment to the bill and calls for a study of “the potential offensive and defensive cyber applications of blockchain technology and other distributed database technologies and an assessment of efforts by foreign powers, extremist organizations, and criminal networks to utilize these technologies.” There was unanimous consent on the amendment and the study should be completed within six months of the signing of the defense bill into law but first the Senate must co-ordinate the details with the House, which passed a similar blockchain cybersecurity bill in July. https://www.coindesk.com/700-billion-senate-defense-bill-calls-blockchaincybersecurity-study/
SEC Says Data Breach Could Have Resulted in Illegal Trading The Securities and Exchange Commission said that a data breach in a filing system the authority uses may have led to some illegal trading in 2016. The filing system is called Edgar and a review of the agency’s risk profile showed that an incident detected earlier had in fact resulted from an attack on a vulnerability in Edgar. The good news is that the breach did not result in any personal data exposure, SEC’s chairman Jan Clayton said. The SEC uses Edgar to file financial market disclosure papers, with a throughput of 1.7 million documents annually. http://www.businessinsider.com/ap-sec-reveals-2016-hack-thatbreached-its-filing-system-2017-9
Issue: 002; November 2017
New European Cyber Laws GDPR and NISD
In December 2015, two new pieces of EU legislation were agreed. General Data Protection Regulation (GDPR) represents a profound reform of data protection law in Europe, shifting the balance of power towards the citizen to whom the personal data belongs, away from organisations that collect, analyse and use such data. Network and Information Security Directive (NISD) can be regarded as a complementary law to GDPR, designed to create a focus on the protection of IT systems in European critical national infrastructure (CNI). Essentially it introduces new breach reporting obligations to whole new swathes of industry, including the energy, transport, banking and healthcare sectors. Both GDPR and NISD are expected to come into force in spring 2016 but there will be a period of up to two years during which organisations will be allowed to prepare for the new regulations and for the directive to be transposed into country law.
13
Malware/Ransomware
Malware-Infected CCleaner Roams Computers for a Month Undetected Cybercriminals managed to infect the installer of mporary CCleaner, a Piriform program for deleting temporary m was internet files, and the infected program al alware downloaded by millions of people before the malware ed d an an was detected. The CCleares gets downloaded ery average of 20 million times per month. It’s a ver very ed it popular program, so users who downloaded between August 15 and September 12 should scan their computers for malware. Up to 3% of CCleaner users may have been affected in the attack. The malware was detected by researchers from the Talos group of Cisco Systems. One of their products signaled malware detected on the CCleaner installer and investigation revealed a backdoor program added to the clean one. The worst about the incident, according to some, was that the malware was installed by someone who was digitally signed with the legitimate certificate of the developer and the infected program was then distributed via the developer’s official servers. This makes the incident stand out because it basically shatters the notion that if you download an program from the official developer’s website, you’re safe. Apparently, this is no longer the case. As the Talos researcher explained it, as quoted by Motehrboard,
Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion i off their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization. It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code.”
Cybersecurity major ESET put forward three most plausible scenarios about how the developer of the CCleaner, Piriform, fell victim to hackers. First, the ESET experts suggested, it could have been an unhappy employee who decided to take revenge on their employer. Second, it could have been an outsider. Third, the attack could have been carried out through a compromised ISP or proxy that redirected download from the real website to a temporary location where the infected program was stashed. ESET experts also noted in their analysis of the event that it is strange only the 32-bit version of the CCleaner was hit, especially given that damages in the 64-bit version would have been much more severe. Perhaps, they suggested, the cybercriminals could get a digital signature for the 32-bit version. https://motherboard.vice.com/en_us/article/ a3kgpa/ccleaner-backdoor-malware-hack https://www.welivesecurity.com/2017/09/21/ cconsiderations-on-ccleaner-incident/
SOURCE: Piriform Blog
14
Issue: 002;; November 201 2017 017
MS Office Feature Lets Hackers Into Configuration Data An undocumented feature in Microsoft Office apparently allows hackers access to sensitive configuration data about the system they are targeting and all it takes for them to gather this access is tricking recipients into opening a Word document. The feature, Kaspersky Lab warns, is used by hackers in multistage attacks. The cybersecurity firm went on to say that the feature, which told attackers which version of MS Office the target computer has, is present in Word for Windows but also in Microsoft Office for iOS and MS Office for Android. To date, the company has detected several spear phishing attacks using the feature. The Kaspersky experts explained that
To ensure a targeted attack is successful, intelligence first needs to be gathered, i.e. the bad guys need to find ways to reach prospective victims and collect information about them. In particular, they need to know the operating system version and the version of some applications on the victim computer, so they can send it the appropriate exploit.” The phishing campaign they detected—and that included the feature—involved Word documents in OLE2 format. OLE2, or Object Linking and Embedding, allows
users to embed, as the name suggests, various objects and link them to numerous resources and other objects within the Word document. When the researchers studied one such document, they found its INCLUDEPICTURE field used Unicode in its instructions rather than ASCII, which it should have used. The use of this feature for phishing campaigns suggests that hackers are being very inventive and thorough in their preparations, profiling their potential victims and investigating them in depth ahead of the attack. https://threatpost.com/attackers-use-undocumented-ms-office-feature-toleak-system-profile-data/128011/
Apple Launches New Patches Along with the official release of the iOS 11, Apple also announced several patches for a range of vulnerabilities. Eight of these concern common vulnerabilities and exposures, including two bugs that let hackers spoof the address bar, tricking users to go to a specific site by manipulating URLs. Another patch addressed CVE-2017-7089, which is a universal cross-scripting bug that addressed a logic issue in the way iOS handles parent tabs, according to Kaspersky Lab. Yet another of Apple’s new patches targets a problem with the implementation of Exchange ActivSync on iOS. The vulnerability allows an attacker who is already present on a network to erase an iPhone or an iPad during Exchange setup. In addition to these, the company also released patches for the iOS Mobile Backup preventing the program from
Issue: Issu sue: 002; 002 02; November Novem 2017
performing unencrypted backups, and for denial-of-service vulnerabilities detected in the Messages, Mail MessageUI, and iBooks. The vulnerabilities identified in these services could lead to the device crashing. https://threatpost.com/ios-11-update-includes-patches-for-eightvulnerabilities/128036/
15
Malware/Ransomware
htpRAT Latest Sign that Cybercriminals are Getting Smarter The htpRAT malware attack on a number of computers in Southeast Asia is yet one more sign that cybercriminals are getting smarter and more difficult to catch. Believed to be backed financially by the Chinese government, the htpRAT is a newgeneration Remote Access Trojan malware that in addition to the usual features of this sort of malware also has additional ones that, unfortunately for the victims, improves its efficiency. Like oth her RATs, the htpR pRAT uses logging keystr trokes to steal al security credentials, captures da data from screenshots, can n manage file less on the victiom’s comput uter, and d can record audio and video from a computer’s videocam. Yet, on top op of that, the people behind the htpRAT usee the Command and Control server sid de to create new functionalities and commands ommands d that h are then sent to the malware for execution. Writing for the Enterprise Times, technology analyst Ian Murphy notes that like other malware, the htpRAT is distributed via a spear phishing campaign sending an Excel file with macros that, when the file is enabled, start a Windows PwoerShell command and staged downloads. The staged download approach makes it harder
Step 1: Computer gets infected by RAT
Step 2: The malware program connects back to the a acker
Step 3: The a acker gets unauthorized AƩacker
access to the computer and can now control it form a remote loca on
for the victim to detect the attack and easier for the cyberattacker to detect any cybersecurity software on the target device. Researchers from security solutions provider RiskIQ found that the malware downloaded code in five stages in total, with the first four setting the stage for the actual download of the malware program. Interestingly Murphy notes,
the cyberattackers behind the htpRAT hosted their payload on GitHub, which, unlike most payload servers, is unlikely to ever get blocked simply because of the number of organizations using it for software development. At the same time, the good news for cybersecurity researchers is that GitHub stores history, so the RiskIQ researchers were able to glean some common malware components and details about
16
VicƟm
the identity ty of the attackers. Amongg the information obtained about the attackers at was the fact that they had regist stered their C2 domain two years ago, whic ich, according to RiskIQ, means Chinesee government backing: state-backed hacckers enjoy more time to plan their attac acks. For cybersecurity software that usess the age of domain registration as an n ind ndic icat ator or of th thee domain owner’s rep putation, this is a way of subversion, use sed in this case as well. According to Murrphy and RiskI kIQ, the attackers behind htp pRAT have lo longterm plans that are link ked to China’s Ch regional dominance pla lans. In nitially infecting small businessess, ove ver time the attackers can start infeccting ng larger, internationally present, orga gan anizations, potentially wreaking havoc on on various industries. https://www.enterprisetimes.c .co.uk/2017 17/10/27/ htprat-chinas-laatest-attack-a k-asean/
Issue: 002;; November 2017 201 017 01 7
More Transparency on “Vulnerabilities Equities Policy and Process (VEP)” The VEP is the internal process by which the government decides which software vulnerabilities in its possession it will disclose to vendors, and which it will hold on to and exploit for the purposes of intelligence gathering and supporting national security operations. The United States is a world leader when it comes to sophisticated processes and conversation on this topic, and no other nation in has created and run a process as advanced, meticulous, and transparent as ours,” wrote Rob Joyce, the White House cyber security coordinator in a post Wednesday announcing the charter. According to the Vulnerabilities Equities Policy and Process charter, rules require an annual report that discloses information regarding the number of flaws discovered, retained and disclosed. If the VEP review board votes and agrees for a vulnerability to be disclosure, the private-sector company will be notified “when possible” within 7 business days, according to the charter. https://threatpost.com/white-house-releases-vep-disclosurerules/128917/
Issue: Issu sue: 002; Novem November 2017
17
Cybersecurity Advisory
FDA Warns Medical Device Makers to Prioritize Cybersecurity In its new medical device interoprability guide, the operate and how they integrate with others, so the risk of a Food and Drugs Administration has advices manufacturers of malfunction or error is minimized. medical devices to keep cybersecurity at the top of their priorIn cybersecurity, the FDA warned that older medical ity list, alongside actual interoperability. The agency believes devices could represent a greater cyber risk than newer ones that the document, officially titled Design Considerations as some of these were marketed when cybersecurity was not and Pre-market Submission Recommendations for as big an issue as it is today. Now, they are fitted with vices, should help Interoperable Medical Devices, WiFi connectors to make them interoperable manufacturers make their devices betbut the cyber risks remain as they don’t Wireless Implantable nt where have builtter suited for an environment built-in security features. Medical Devices tmost It is because of considerinteroperability is of the utmost tion ation important as the digitization ations such as these that risk Deep Brain Cochlear ass of healthcare expands. assessment has become an NeurosƟmulators Implants es Although medical de-essential part of FDA’s prem vice makers must focus on market reviews of mediinteroperability, the FDA cal devices, compared to Cardiac Defibrillators/ Gastric said, they must also pay a peripheral matter just a Pacemakers SƟmulators close attention to issues couple of years ago. The such as verification, valiagency aims to deterdation, and risk manmine whether the manuagement. In interoperfacturer has assessed the Insulin Pumps ability, manufacturers potential for cybersecurity Foot Drop Implants v need to make sure that the vulnerability of a device and th device’s functional, perforthe mitigation measures it chas taken. mance, and interface characated teristics are clearly formulated and easily accessible to users. https://healthitsecurity.com/news/medicalhttps://h SOURCE: device-sec device-security-critical-with-fda-interoperaThe makers of the devices need to MassachuseƩs InsƟtute bility-guide of thechnology ers how they be able to instruct their users
18
Issue: 002; November 2017
IBM Warns of Sixfold Increase in Attacks Involving Cryptocurrency Mining CPUs IBM cybersecurity experts have warned they have most. Each of these two accounted for 29% of the attacks, detected a major increase in network attacks involving followed by arts and entertainment, at 21% of the attacks, cryptocurrency CPU mining tools. According to data from IBM information and communication technology, at 14%, and Managed Security Services data, over the first eight months retail, at 6%. This distribution of attacks suggests that between January and August, these attacks, mostly targeting manufacturing and financial services are the most vulnerable imes. In all enterprise networks, increased six times. to cyberattac cyberattacks, which should be a wake up call for compan of these attacks, the cybercriminals used a companies operating in these fields. 6% ent tool for the mining of several different https://securityintelligence.com/network-attacks-containinghttps: coins, hidden in fake image files. Thee cryptocurrency-cpu-mining-tools-grow-sixfold/ 14% files were hosted on compromised 29% web servers running WordPress Manufacturing Top 5 or Joomla or stored on JBoss Financial Services TargeƩed Industries Application servers, Security Arts & Entertainment Intelligence writes. (Volume of A acks Informa on and Communica on Technology Containing The cybercriminals most Retail 21% Mining Tools) often tried to mine CryptoNotebased digital currencies, targeting SOURCE: IBM Managed Security Services data, networks from the manufacturingg January 2017 to August 2017 29% and financial services industries the
Researchers Teach Computers to Make Better Password Guesses Researchers from the New York Institute of Technology and the Stevens Institute of Technology have announced the application of Generative Adversarial Networks for generating password guesses. The team said GANs to teach the machines to improve the rate of password generation, using data from previous password leaks. The machine, based on these data, can then develop new password rules that seem to be better than manual password generation tools that are widely applied at the moment. In a paper titled PassGAN: A Deep Learning Approach for Password Guessing, the researchers write that “PassGAN represents a substantial improvement on rule-based password generation tools because it infers password distribution information autonomously from password data rather than via manual analysis. As a result, it can effortlessly take advantage of new password leaks to generate richer password distributions.”
generative and a discriminative one. The networks are used as a deep learning tool to generate new output from a set of data, such as creating a new image from a set of other images. The PassGAN approach, according to one of the paper’s authors, Paolo Gasti from NYIT, could represent the first foray of this tool into cybersecurity, replacing humans in the analysis of hundreds of thousands of passwords to come up with better, safer ones.
Kaspersky Lab’s Threat Post explains that GANs are tools for deep learning that comprise two deep neural networks – a
https://threatpost.com/deep-learning-passgan-tool-improves-passwordguessing/128039/
Issue: 002; November 2017
19
Cybersecurity Advisory
Enterprise of Things Fraught with Cyber Risks A new report from BlackBerry has warned that the growing adoption of connected devices in Internet of Things environments has increased cyber risks. The conclusion, which came after a survey of businesses from a wide range of industries and government agencies, is hardly a surprise: the cybersecurity sector has been warning that IoT brings with it a lot more cyberthreats. At the same time, this conclusion once again highlights the urgent need for cybersecurity solutions that can be scaled to handle billions of connected devices, as BlackBerry’s COO Marty Beard said in the report.
“We are focused on securing the EoT because for all its promise, the expanding adoption of connected things means that companies are only as secure as their most vulnerable endpoint.” Beard said.
Marty Beard, BlackBerry’s COO
20
The survey, meanwhile, found that at least in terms of cybersecurity awareness, things are looking good in the enterprise of things. A majority of 78%, for example, said they would be interested in a cybersecurity solution allowing them to manage all the endpoints of their network from a single place. For 63% cybersecurity was top concern when it came to digital tech and processes. Yet, as App Developer magazine notes, only 37% of those surveyed had a formal digital transformation strategy prepared.
In terms of preparedness, it seems the enterprise of things is most vulnerable to external attacks: almost 66% of respondents in the survey said hack attacks and cyberwarfare were their top concerns. Also, for medium and big enterprises, with a workforce of over 10,000, there was an additional challenge: lack of collaboration between departments. This was true for 51% of medium-sized business respondents and 39% of large enterprise respondents. https://apple.news/AkbPuZmJBTY62MIdb2dmVQ
Issue: 002; November 2017
10 By KIRIL KIRILOV
Free Security-Related Tools And Resources We have a compiled a small list of interesting free security tools and resources as part of our ongoing effort to provide many of the best curated discoveries to our readership. Please continue to visit CloudTweaks as we will be providing several new and updated lists. You can also visit our archived articles covering server, network security scanning as well as performance monitoring tools.
THREAT CLOUD Real time visualization of worldwide cyber attacks showing both the attacking and target country, as well as the malware used for the specific attack. The website also counts the total number of daily cyber attacks worldwide. Visitors can view which are the most attacked countries and where from these attacks originate.
KASPERSKY CYBERMAP Malware detection flow visualization that uses Kaspersky data to show cyber threats discovered worldwide. It also displays botnet activity. Visitors can view cyber threat stats for a selected country.
DIGITAL ATTACK MAP Displays daily statistics on the large and unusual DDoS attacks all over the world. Visitors can view which countries are experiencing unusual high traďŹƒc of cyber attacks for a given day and sort attacks by type, duration, source port, and destination port. Real time and pause mode.
THREATBUTT Shows detected global cyber attacks in real time. Visitors can view the attacking and the target IP addresses. The website displays the type of malware used, including unknown malware.
FIRE EYE Real time visualization of global cyber attacks. Displays the total number of detected daily attacks as well as the five most attacked industries for the past 30 days. The service lists detected attacks in real time and shows attacking and target country.
Issue: 002; November 2017
HAVEIBEENPWNED Visitors can check if they have an online account that was compromised in a data breach. Visitors can enter an email address or username to be checked and then get a list of possibly compromised accounts with information what type of data was compromised in the specific hacking attack.
HACKADAY Hardware and software tips for advanced users who want to tweak their hardware or take advantage of cheap source hardware that can be upgraded to perform advanced functions. Visitors can find useful tips and tricks about various hardware topics.
HACKERONE Bug bounty and vulnerability disclosure platform that also hosts a large community of white-hat hackers. Visitors can explore a list of hacker activity and bug bounties awarded. Clicking on a vulnerability report displays info about the severity of a possible bug and its eligibility for a bug bounty.
DOWNDETECTOR Displays information about the top weekly online service outages. Visitors can check which companies are currently experiencing downtime issues or select a company from their list. Info about past outages is available.
THREAT METRIX Threat Metrix provides a fairly unquie fraud detection map. It oers a feed highlighting the origin of account takeover attempts, payment fraud and identity spoofing attempts around the world.
21
Cyberspace in Asia
Singapore Government Allocates $16 Mln for Cybersecurity R&D Singapore’s Finance Minister Heng Swee Keat has announced two funding programs for research and development in the field of cybersecurity worth a combined $16-million. The programs, he said, should further public-private partnerships in the area and stimulate the development of more commercially available cybersecurity solutions. The announcement follows the setting up of a National Cybersecurity R&D Program last year, which has to date distributed $15.6 million in grants for nine research projects. The Program was set up to respond to Singapore’s growing cybersecurity needs.
The Program addresses three main priority areas: national security, critical infrastructure, and Smart Nation and each of the projects that received funding from it, were led by partnerships between cybersecurity companies and academic research teams. The idea of these partnerships is that while the academic teams will bring in their expertise in cybersecurity, the business partner will speed up the
Singapore’s Finance Minister Heng Swee Keat speaking at the opening of the second Singapore Week of InnovaƟon and Technology (Switch)
journey of new solutions to market. The projects that have received funding so far focus on issues ranging from developing a safety management system for drones to setting up a malware database for attacks targeting iPhones, and to the development of a secure platform for the storage and sharing of confidential research data on cybersecurity. Singapore is really taking cybersecurity seriously. In addition to all the local funding, the city state is also allocating $1.5 million over the next three years to train technical officers in ASEAN in a bid to improve the region’s preparedness for cyberattacks. http://www.straitstimes.com/singapore/16m-funding-for-projectsto-boost-singapores-cyber-security-rd
Ministers and Senior Officials from all 10 Asean Member States
22
Issue: 002; November 2017
Cyber Space Asia 2018
Beijing Exhibition Center April 28–30, 2018
Hosted By: Beijing Municipal Public Cyberspace Administration Organized By: China Electronics International Exhibition & Advertising Co., Ltd.
Net Area:
Attendees:
20,000
30,000+
Exhibitors:
200+
Sqm
About Cyber Space Asia Cyber Space Asia (“CSA”) is China’s largest event focused on the cyber security industry, and as such, has a positive influence on industry development. CSA 2018 will bring together the top enterprises, both domestic and abroad, such as Alibaba Group, BIDU, Tecent, 360 Total Security, Cheetah Mobile, Huawei, Kaspersky, Microsoft, IBM, and many more.
CSA 2018 will offer fabulous informational sessions, including: • • • • •
Security policy Data breach incident management Cloud security Legislation and standards Artificial intelligence
• • • • •
Fintech security Payment Security Identity Access Management Internet of things Healthcare system
Factsheet on Cyber Space Asia 2017 (Cybertech 2017) Date: Apr 26-28, 2017 Venue: Beijing Exhibition Center Opening Hours: 9:00 am —5:00 pm Interval: annually Since: 2014 Exhibitors: 124+ Exhibition Area: 20,000 Sqm Visitors: 30,000 visitors for three days Media: 50 Media outlets, both domestic and abroad, featuring reports on China Cybertech 2017
Activities • 2016 Data Breach Investigations Report • Two Major International Defense Competitions • More than 14 New Product Annoucement Conferences • Over 20 forums on Cloud Computing, Big Data, IoT, AI, Fintech, Cyber Crime, Health, Identity Authentication, Legislation and Standards, etc.
Cyber Space Asia Conference Contacts: China Electronics International Exhibition & Advertising Co., Ltd. Cecilia Shan/Blair Fan Tel: 010-84415380 010-84415385 Cell: 18612185359 13301001304 Email: shanxiao@ceiec.com.cn fanxuejuan@ceiec.com.cn
Issue: 002; 02 0 2; November 2017 7
Description The Beijing Cyber Security Expo, one of the most influential Cyber Security events in Beijing, China, is held every year on April 28th to 30th. It is hosted by the Beijing Municipal Public Security Bureau and organized by CEC Expo. Thus far, the Expo had successfully attracted cyber security giants such as BAIDU, TECENT, 360 TOTAL SECURITY, CHEETAH MOBILE, HUAWEI, KNOWNSEC, NSFOCUS, KASPERSKY, and more.
23 3
Top 10 Cybersecurity Events for 2017 It’s hardly a surprise that there is a growing number of cybersecurity-focused conferences and other events. The team of Infosec Conferences has made a special effort to select the best ones in the field and there is the list for 2017 as of end-September.
Troopers: This German event, which takes place in Heidelberg, is one of Europe’s finest cybersecurity events. It offers networking opportunities with some of the brightest minds in IT security globally.
#1
#7
#2
#8
Def Con: That’s the most famous one, the “hacker convention”. Since 1993, it’s been held annually in Las Vegas and brings together the cream of the cybersecurity business and research.
ShmooCon: Organized by the Shmoo Group, this event also features top cybersecurity experts, as well as a wide variety of talks and presentations, and, to top it all, it’s affordable.
#3
ToorCon: This West Coast conference is the perfect place for cybersecurity hopefuls. It features lots of hands-on experience sharing from some of the top experts in the field and it’s also popular for its more intimate ambience: the maximum number of attendees is 400.
#4
Thotcon: This one is a nonprofit and non-commercial event for all those interested in cybersecurity but unable to afford the rates of the big guys. Speakers share in-depth knowledge and experience. It takes place every year in Chicago.
#5
Black Hat: Infosec calls this the commercial arm of Defcon. It takes place in locations across the world. For cybersecurity professionals it’s a must, a right-of-passage sort of event. It is also the place where breaking news are first announced.
24
#6
Nuit de Hack: As the name suggests, this conference takes place in France and is among the oldest “underground” events in the cyber space. It brings together pros and amateurs to demonstrate skills. Also, Nuit de Hack has a jobs portal for participants. Chaos Communication Congress: That’s a classy event, with lectures and workshops on technical and hacking topics as well as political issues. Every year, more than 10,000 people gather in Berlin to take part in it. It’s the largest hacker organization in Europe.
#9
NorthSec: Greate place to be if you’re new to cybersecurity. This Canadian event is relatively new but has already earned a lot of praise. This year, there were three tracks at NorthSec: Application & Infrastructure, Cryptography/ Obfuscation, and Society/Ethics. They also do a great Catch the Flag game.
#10
nullcon: This Indian event has won the admiration of the InfoSec team for the friendly spirit of its organizers and its practical bend: the conference features presentations of innovative hacks and problemsolving exercises, along with speeches and networking. https://infosec-conferences.com/events/ conferences-top-ten-must-go-to/
Issue: 002; November 2017
Global Cyberspace Security
F-Secure:
2017 was Worse for Cybersecurity than 2016 The Biggest Targets Finnish cybersecurity services provider F-Secure has compiled cyberattack data for the first half of 2017and things are not looking good. According to the company, this year will be worse than 2016. That’s certainly saying something since, as we know, 2016 brought some unpleasant trends and events such as ransomware basically becoming a mainstream event, two major data leaks, and an alleged hacker interference in the US presidential elections. The Finnish company used a network of what it calls honeypots—decoy servers that attract attackers with the promise of valuable data—to collect data about attacks, including source location and type. The first worrisome finding is that
United States 42%
Other 29% Germany 7% Netherlands 7% Japan 1% Italy 1%
United Kingdom 4% Austria 3% Russia 2%
China 2% Ireland 2%
SOURCE: F-Secure AƩack Landscape H1 2017
the honeypot network experienced a 223% jump in connections, meaning a 223% jump in potential attacks from the second half of 2016. While the company acknowledged that some of the increase was due to the higher number of honeypots included in the network, the size of the increase clearly indicated that attacks are on the rise. In terms of geographical location, as much as 40% of attack attempts came from Russia. A distant second was the United States, with 15% of attack attempts. Some 7% came from the Netherlands, Germany and Belgium were home to 6% of attacks each, and China accounted for
Where AƩacks Are Coming From Russia 44% France 1%
UK 2% Vietnam <1% Ukraine <1%
United States 15%
China 5% Germany 6% Belgium 6%
5%. As for target locations, most were in the US, at 42%, followed by Germany and the Netherlands, at 7% each, and the UK, at 4%. F-Secure also notes that attackers are continually refining their attack methods, which all cybersecurity experts are warning about all the time, anyway. Now, the Finnish company says, they are more and more often trying to pass for normal users of a network, disguising themselves in the crowd. They also shift away from “noisy” attacks to more silent ones, opting for remote connections instead of port scanning, for example. What all this tells businesses and network users is that the chances of becoming a cyberattack target have increased, just as IoT device use has increased. Hackers are, by the way, probably welcoming the IoT as a gift from god – so many devices to target! F-Secure advises users to make sure they have the latest version of their operating system—although as we’ve seen recently, that’s no longer guarantee for security—and install auto-updates of their defense software. Since 57% of attackers in the period that F-Security analyzed behaved like normal users, potential targets might consider it safer to hire a cybersecurity services provider to monitor their traffic and improve the chances of attack detection and response.
Other 12%
Netherlands 7%
SOURCE: F-Secure AƩack Landscape H1 2017
Issue: 002; November 2017
https://business.f-secure.com/report-cyberattack-landscape-of-2017-so-far
25
Global Cyberspace Security
Biometric Systems Could be the Future of Cybersecurity With cyberthreats on a fast risingg curve, cybersecurity experts are constantly looking for new, better ways, to deter attacks and biometric technology is beginning to feature more prominently in their efforts, writes Katie Dolamore for the Telegraph. nt PINs and passwords are still all-present but biometric identification technologyy iss beginning to encroach on their territory because of its better effectiveness, experts say. The great thing about biometric identification is, of course, that it works with unique features, such as fingerprints or irises. However, existing systems of this kind can sometimes be tricked by photos or by hacking the system.
So, researchers are developing biometric solutions that cannot be tricked. These include a complete 3D scan of a user’s face for authentication, instead of a single element, and a vein scan, among others. acce French startup OneVisage offers 3D fface g, recognition through elaborate scanning, eliminating the danger of an attacker fooling the system with as 2D photo of a person. Hitachi’s vein-reading software offers an alternative to fingerprint scans that ca be spoofed. In fact, vein authentication seems to be among the most promising biometricc cybersecurity solutions for the future. Thee tech uses near infrared rays to scan the vein pattern beneath the skin of your fingers to authenticate you. This pattern does not change with age, which makes it applicable for a wide demographic, and, what’s more important, it is very hard to hack: the tech only works with the actual vein patterns of living people. Naturally, there is an issue of personal information security and it is an important question that legislators are addressing. A lot of awareness-raising is needed so people understand what sort of personal information
26
th hey are a agreeing to disclose via biometric they t systems and how this information will be secured. For now, however, biometric systems are far from the perfect state of affairs where every user of an authentication system can choose whether they want to have their personal information captured and stored or not.
The future looks bright for biometric security solutions. It starts looking a bit creepy, though, when you learn that advancements in biometric are also moving in the direction of mind-reading. OneVisage’s CEO, Christophe Remillet, says, a biometric authentication system that can read your password directly from your brain yo wo would be completely unhackable. Yet, a some cybersecurity experts would as say, everything that can be hacked, will be hacked. http://www.telegraph.co.uk/business/socialinnovation/biometric-technology/
Issue: 002; November 2017
New Approach in AI Learning Leads to CAPTCHA Break A team of researchers who applied a new method of developing artificial intelligence have announced their efforts have resulted in the AI acquiring the ability to parse the text in CAPTCHA boxes like a human, essentially tricking the program into believing the AI a human. The method that the team employed is called Recursive Cortical Network and is an alternative to the deep learning approach, which basically comes down to—when we talk about CAPTCHAs—showing an AI machine hundreds of thousands of different shapes of, say, the letter A, until it memorizes them all. Unlike that approach, which is far from perfect, recursive cortical network building equips the machine with the ability to build internal models of the
A representa on of the le er A, which can be used to crack CAPTCHAs.
Issue: 002; November 2017
shapes—CATCHA letters—it “sees”. This means the AI can create its own model of what the letters are supposed to look like. How is this helpful for breaking down CAPTCHA defenses? It is closer to how the human brain processes visual information: we know how an A is supposed to look, so we would recognize the letter if it’s wobbly, or slanted, or twisted in any other way. Now, although the AI is not always accurate, its success rate in tricking CAPTCHA programs has been impressive, at 66.6%
for reCAPTCHAs, 64.4% for BotDetect, 57.4% for Yahoo, and 57.1% for PayPal The long-term goal of the researchers, as with all AI researchers, is
to create an artificial to create an artificial intelligence intelligence that that is is capable capable of human reasoning. of human reasoning. Yet the implications of such a development as this AI’s ability to trick systems it is human, may extend into cybersecurity. After all, CAPTCHAs are a very popular way of making sure you can tell humans from bots. Or at least they used to be. But things are already moving on: Google has replaced its CAPTCHA system with more advanced identification tests. It’s really a case of action and reaction: the more advanced AI becomes, the more advanced cybersecurity checks will need to become to outsmart the new intelligence that could fall into the wrong hands all too easily. http://www.npr.org/sections/thetwoway/2017/10/26/560082659/ai-modelfundamentally-cracks-captchasscientists-say
27
Global Cyberspace Security
Machine Learning Can Help Cybersecurity Efforts but Can’t Replace Everything Else In a paper titled Is Machine Learning Cybersecurity’s Silver Bullet?, ESET looks into the advantages and limitations of using machine learning for cybersecurity purposes. First of all, ESET makes the distinction between supervised and unsupervised machine learning stating that the latter is practically useless for cybersecurity unless the algorithms are used to simply classify similar data and separate it from any anomaly they encounter.
According to ESET, four are the main limitations to the use of machine learning in cybersecurity.
Machine learning has been getting a lot of headline attention as it penetrates a growing number of industries thanks to its varied applications. Cybersecurity is a natural direction in which machine learning can develop and some even argue it can replace other cybersecurity approaches. Basically, ML proponents argue, you can teach the computers what to do and leave it all to them. However, one of the veterans in the business, ESET, warns that this is a too simplistic approach. 28
First among these is what the company calls the training set. In order to be able to utilize the powers of algorithms for cybersecurity solutions you need truly vast amounts of data that the algorithms can use to learn to distinguish between clean, potentially unwanted, and malicious input. Accumulating this amount of data takes a lot of time. What’s more, regardless of how much data an algorithm is fed, there is no guarantee it will be able to identify all future inputs it receives correctly, which renders the whole endeavor rather pointless.
I
Issue: 002; November 2017
The second limitation, ESET says, is thatt maths can’t solve everything. A lot w cybersecurity solutions providers, of new ompany argues, claim that their algothe company rithmss can separate clean from malicious inputss by just “doing the math”. Yet, mathematics cannot solve everything and this has enowned names including Alan Turbeen demonstrated by renowned ing and Fred Cohen. Thee latter demonstrated that it is imposrtain whether a program will act in a sible to be absolutely certain malicious way if you can only analyze it for a finite amount of e, the case with any human activity. time, which is, of course,
II
he third limitation of machine The ng for cybersecurity purposes is learning that cybercriminals are not dumb. They are in fact quite smart and times smarter than their opsometimes ts. They can also use machine ponents. learning for their own ends, effecon against its developers. As t i v e l y turning a solution uthors note steganography: n example, the ESET authors burying malicious code in a harmless file, such as ethod allows the malware an image. This attack method den deep in the pixel setto pass undetected, hidden ting of the image file. Alternatively, they can split the malware amongg several files that appear to be clean but are in fact infected.
III
The fourth and final on of machine limitation ng is false posilearning s. Sometimes tives. se positives can false ve worse consehave nces than letquences ugh the cracks ting malware slip through m. For examof a cybersecurity system. ple, ESET says, if a car factory’s cyabels a clean bersecurity system mislabels d deletes it, program as malware and m is an eswhile in fact the program oduction sential element of the production software, this would result in production delays and millions in compensation.
IV
So, how can these lim limitations be overcome? By supporting supportin machine learning with: with human involvement, whitelisting lockdown, minimal minim functionality, and a well-tu well-tuned security solution. For environ environments that round-theneed a round-the-clock monitoring, introducing a human parcyber ticipant in the cybersecurity process would be sufficie cient to ensure immediate reaction to anything flagged by the software aas suspicious, reducing the risk of false positives. Whitelisting lockdo lockdown refers to com environments where computers only app run a limited range of applications and these can be whitelisted, wh while anything blackliste This soluelse is practically blacklisted. tion does limit the available space for attacks but it also reduces the functionality fu of the system. app Finally, the most radical approach would be to opt for minimal functionalit functionality. This would considerably reduce the amount o of space available for hackers to try and penetra penetrate, but it will also leave a lot of clean input out. The optimal solution, then, is to develop a well-balanced solution that takes into account the environm and uses characteristics of the specific environment human administrators to supervise the machines. In fact, ESET compares the building an effective cybersecurity solution to protecting a home by using sevfenc to an alarm eral different layers of defense, from a fence th paper’s ausystem. It’s the same with cybersecurity, the so thors argue. There is no one-size-fits-all solution, especially one that entirely relies on algorithms. https://www.welivesecurity.com/wp-content/u https://www.welivesecurity.com/wp-content/uploads/2017/08/ N NextGen_ML.pdf
Issue: 002; November 2017
29
Western Cybersecurity Companies With Wi th h iincreased nc cyber threats and demand for prevention and solution, we’ve compiled a list of top 50 cybersecurity firms, aimed to serve as a we’v we ’ve ’v e co preliminary resource guide. The top of 50 top western cybersecurity prel p pr rel eliim el e imin imin i companies comp co mp pan are rated by Cybersecurity Ventures (https:// cybersecurityventures.com) and the top 50 China cybersecurity cybe cy be ers rsec ec companies comp co mp pan are rated by Anqiu.com (http://www.aqniu.com) from China. We hope hop ope e the brief introduction of the focused solutions from the listed companies comp co mp pan can help with prevention and protection toward potential threats and breaches. thre th rea re ats a ats at #
Company
Cybersecurity Sector
Corporate HQ
1
Herjavec Group
Informa on Security Services
Toronto, Canada
At Herjavec Group, informa on security is what we do. Suppor ng your IT Security Lifecycle drives our business and your infrastructure’s protec on is our only priority. We are an expert team of highly dedicated security specialists, supported by strategic and emerging technology partners, who are laser focused on informa on security for our enterprise customers. Herjavec Group quickly became one of North America’s fastest-growing technology companies. We deliver managed security services globally supported by state-of-the-art, PCI compliant Security Opera ons Centres (SOC), operated 24/7/365 by cer fied security professionals.
2
IBM Security
Enterprise IT Security Solu ons
Waltham MA
IBM integrated security intelligence protects businesses around the world. New technological capabili es come with new vulnerabili es. How do you keep up with a acks when there is a shortage of IT security skills and rising costs to secure your data? How fast can you address an a ack when your solu ons aren’t integrated? IBM offers a deep enterprise security por olio customized to your company’s needs. Unmatched in ability to help you disrupt new threats, deploy security innova ons and reduce the cost and complexity of IT security, IBM can safeguard your most cri cal data from compromise.
3
Raytheon Cyber
Cyber Security Services
Waltham MA
Raytheon Cyber provides a comprehensive range of services including Cyber Analy cs, Cyber Hardening, Cyber Range, Cyber Security Opera ons Centers (CSOC), Managed Security Services, Proac ve and Dynamic Defense, Threat Research and Assessment, and the UK Cyber Innova on Centre.
4
EY
Cybersecurity Consul ng & Advisory
London, UK
At EY, we have an integrated perspec ve on all aspects of organiza onal risk, and cybersecurity is a key area of focus where EY is an acknowledged leader in the current landscape of mobile technology, social media and cloud compu ng. EY provides services in 6 core pillars with over 160 unique cyber offerings - including Cyber Digital & Analy cs, Cyber Defense & Response, Cyber Strategy & Architecture, Cyber Opera ons (Cyber-as-aService), Cyber Governance & Compliance and Cyber Technology & Innova on.
5
Mimecast
Email Security
Watertown MA
Mimecast delivers cloud-based email management for Microso Exchange, including archiving, con nuity and security. By unifying disparate and fragmented email environments into one holis c solu on that is always available from the cloud, Mimecast minimizes risk and reduces cost and complexity, while providing total end-to-end control of email.
6
KnowBe4
Security Awareness Training
Clearwater FL
KnowBe4 has become the world’s most popular integrated Security Awareness Training and Simulated Phishing pla orm. Thousands of enterprise accounts are using it, 25% of which are banks and credit unions. Based on Kevin Mitnick’s 30+ year unique first-hand hacking experience, you now have a tool to be er manage the urgent IT security problems of social engineering, spear phishing and ransomware a acks. With this world-class, user-friendly and effec ve Internet Security Awareness Training, KnowBe4 provides self-service enrollment, and both pre-and post-training phishing security tests that show the percentage of end-users that are Phish-prone.
7
Cisco
Threat Protec on & Network Security
San Jose CA
Cisco security innova ons provide highly secure firewall, web, and email services while helping to enable mobility and teleworking. Cisco security products include: Access Control and Policy; Advanced Malware Protec on; Email Security; Firewalls; Network Security; Next Genera on Intrusion Preven on System (NGIPS); Security Management; VPN and Endpoint Security Clients; Web Security
30
Info
Issue: 002; November 2017
Cybersecurity Sector
Corporate HQ
Sophos
An -Virus & Malware Protec on
Abingdon, UK
Sophos helps organiza ons keep their data safe and stop the growing number of complex threats. We provide a full range of endpoint, encryp on, email, web and NAC products, helping our customers protect their businesses and meet compliance needs.
9
Sera-Brynn
Cyber Risk Management
Suffolk VA
Sera-Brynn® is a globally recognized cybersecurity audit and advisory firm dedicated to helping its clients secure their compu ng environments and meet applicable mandatory industry and government compliance requirements in the most economic and efficient manner possible. Sera-Brynn® is the only PCI QSA in North America partnered with a mul -billion dollar financial ins tu on, which gives us a unique perspec ve into the economic aspects of mee ng cybersecurity compliance requirements
10
Lockheed MarƟn
Cybersecurity Solu ons & Services
Bethesda MD
At Lockheed Mar n, cyber security begins with the customer’s mission and requirements and ends with a security solu on that is integrated, proac ve, and resilient.
11
Clearwater Compliance
Risk Management and Compliance
Nashville TN
Clearwater Compliance, LLC, focuses on helping healthcare organiza ons and their service providers improve pa ent safety and the quality of care by assis ng them to establish, operaonalize and mature their informa on risk management programs. Led by veteran, C-suite healthcare execu ves, Clearwater provides comprehensive, by-the-regs so ware and tools, educa onal events, and expert professional/advisory services for healthcare organiza ons ranging from major healthcare systems, hospitals, health plans and Fortune 100 companies, to medical prac ces and healthcare startups. Since 2003, the company has served over 400 organiza ons.
12
Forcepoint
Insider, Cloud & Network Security
Aus n TX
Forcepoint is transforming cybersecurity by focusing on what ma ers most: understanding people’s intent as they interact with cri cal data and intellectual property wherever it resides. Our uncompromising systems enable companies to empower employees with unobstructed access to confiden al data while protec ng intellectual property and simplifying compliance.
13
ThycoƟc
Privileged Account Management
Washington DC
14
BAE Systems
Cybersecurity Risk Management
Surrey, UK
Our consul ng services help clients to prepare for cyber a acks by understanding and managing cyber exposure, enabling them to make informed investment decisions and to put pragma c, cost-effec ve protec on in place.
15
CyberArk
Cyber Threat Protec on
Petach-Tikva, Israel
CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to a ack the heart of the enterprise. Dedicated to stopping a acks before they stop business, CyberArk is trusted by the world’s leading companies – including more than 35% of the Fortune 100 companies – to protect their highest-value informa on assets, infrastructure and applica ons.
16
Digital Defense
Managed Security Risk Assessment
San Antonio TX
Founded in 1999, Digital Defense, Inc., is a premier provider of managed security risk assessment solu ons protec ng billions in assets for small businesses to Fortune companies in over 65 countries. Our dedicated team of experts helps organiza ons establish an effec ve culture of security and embrace the best prac ces of informa on security.
17
Rapid7
Security Data & Analy cs Solu on
Boston MA
Rapid7’s IT security solu ons deliver visibility and insight that help to make informed decisions, create credible ac on plans, monitor progress, and simplify compliance and risk management. Over 2,500 enterprises use Rapid7’s simple, innova ve solu ons and its free products are downloaded over one million mes per year and enhanced by more than 200,000 open source security community members
18
Palo Alto Networks
Threat Detec on & Preven on
Santa Clara CA
Palo Alto Networks, Inc. has pioneered the next genera on of network security with our innova ve pla orm that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applica ons. At the core of this pla orm is our nextgenera on firewall, which delivers visibility and control over applica ons, users, and content within the firewall using a highly op mized hardware and so ware architecture.
19
DFLabs
Automated Incident & Breach Response
Lombardy, Italy
DFLabs is a Technology and Services company specialized in Cyber Security Incident and Data Breach Response. Our mission is: elimina ng the complexity of Cyber Security Incident and DataBreach, reducing reac on me and risk exposure. In other words Cyber Incidents Under Control. IncMan has been created for SOC and CSIRT orchestra on, and It is currently being used by many Fortune 100/1000, and Financial Services Ins tu ons worldwide. For More Info Go Here or visit us on the web at www.dflabs.com
#
Company
8
Issue: 002; November 2017
Info
Thyco c deploys smart, reliable, IT security solu ons that empower companies to control and monitor privileged account creden als and iden ty access for administrators and end-users. An Inc. 5000 company, Thyco c is recognized as the fastest growing privileged management vendor in IT security and one of the top 30 fastest growing companies headquartered in Washington, DC. www.thyco c.com
31
Global Cyberspace Security
Cybersecurity Sector
Corporate HQ
FireEye
Advanced Threat Protec on
Milpitas CA
FireEye has invented a purpose-built, virtual machine-based security pla orm that provides real- me threat protec on to enterprises and governments worldwide against the next genera on of cyber a acks. The FireEye Threat Preven on Pla orm provides real- me, dynamic threat protec on without the use of signatures to protect an organiza on across the primary threat vectors and across the different stages of an a ack life cycle. The core of the FireEye pla orm is a virtual execu on engine, complemented by dynamic threat intelligence, to iden fy and block cyber a acks in real me. FireEyehas over 2,700 customers across 67 countries, including over 157 of the Fortune 500.
21
Symantec
Endpoint, Cloud & Mobile Security
Mountain View CA
Founded in 1982, Symantec has evolved to become the global leader in cyber security, with more than 11,000 employees in more than 35 countries. Opera ng one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next genera on of a acks. We help companies, governments and individuals secure their most important data wherever it lives.
22
Booz Allen
Cybersecurity Solu ons & Services
New York City NY
In a world where everyone is connected, our future is ed to the access, availability and synthesis of informa on. That’s why Booz Allen has pioneered a mul disciplinary approach to cybersecurity – one that leverages game-changing technologies and standards to maximize security in the digital environment.
23
Code Dx
So ware Vulnerability Management
Northport NY
Find, priori ze, and manage so ware vulnerabili es – fast and affordably Code Dx is a so ware vulnerability management system that brings together sta c and dynamic code analysis so you can quickly find and manage vulnerabili es in the code you write, in the languages you use, at a price you can afford. By correla ng and consolida ng the results of hybrid applica on tes ng techniques Code Dx helps find the most severe and exploitable vulnerabili es first. Code Dx accelerates the vulnerability discovery and remedia on process.
24
Nexusguard
Cloud Enabled DDoS Mi ga on
Hong Kong
As a long me leader in DDoS defense, Nexusguard is at the forefront of the fight against malicious Internet a acks, protec ng organiza ons worldwide from threats to their websites, services, and reputa ons. Con nually evolving to face new threats as they emerge, we have the tools, insight, and know-how to protect our clients’ vital business systems no ma er what comes their way.
25
Telos CorporaƟon
Risk Management & Compliance
Ashburn VA
For more than 25 years, Telos Corpora on has pursued a single goal: to empower and protect the enterprise with con nuous security assurance for people, systems, and informaon. Telos gives you constant confidence in your cyber security posture. So you can manage risk while achieving your goals. Protect your most vital informa on assets. And assure your customers that it’s safe doing business with you.
26
Check Point SoŌware
Unified Threat Management
27
RSA
Intelligence Driven Security
Bedford MA
RSA® Business-Driven Security™ solu ons uniquely link business context with security incidents to help organiza ons manage risk and protect what ma ers most. RSA protects millions of users worldwide and works with more than 90 percent of the Fortune 500.
28
Proofpoint
Security-as-aService
Sunnyvale CA
Your people do business well beyond the bounds of tradi onal network perimeters and connected endpoints. Email, social media, and mobile devices are the new tools of the trade–and for cyber criminals, the new tools of a ack. Proofpoint protects your people, data and brand against advanced threats and compliance risks. Built on the cloud and the world’s most advanced intelligence pla orm, our solu ons help you effec vely detect and block targeted a acks and respond quickly to suspected compromises.
29
BT
Security & Risk Management Solu ons
London, UK
We’re a leading global business communica ons provider. With more than 17,000 people worldwide, we supply ICT services to 5,500 mul na onal companies across 180 countries worldwide. We combine our global strengths in networking, cloud-based unified collaboraon, hybrid cloud services and security with our deep exper se and global delivery model to be a trusted partner for our customers. We provide them with the services they need to enable the digital transforma on of their businesses.
30
DeloiƩe
Global Risk Management Services
New York City NY
#
Company
20
32
Info
Since 1993, Check Point has been dedicated to providing customers with uncompromised protec on against all types of threats, reducing security complexity and lowering total cost of ownership. We are commi ed to staying focused on customer needs and developing soluons that redefine the security landscape today and in the future.
“Deloi e” is the brand under which tens of thousands of dedicated professionals in independent firms throughout the world collaborate to provide audit & assurance, consul ng, financial advisory, risk advisory, tax and related services to select clients. These firms are members of Deloi e Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). Each DTTL member firm provides services in par cular geographic areas and is subject to the laws and professional regula ons of the par cular country or countries in which it operates
Issue: 002; November 2017
Cybersecurity Sector
Corporate HQ
Trend Micro
Server, Cloud, and Content Security
Tokyo, Japan
Since its incep on in 1988, Eva Chen has spearheaded Trend Micro’s emergence as one of the world’s most innova ve Internet content security companies. Before becoming CEO, Eva served as execu ve vice president from 1988-1996 and CTO from 1996-2004. Under her direc on, Trend Micro has produced a chronology of industry firsts, from unique products to security management approaches. As a result of her innova ve leadership, she was appointed CEO in late 2004.
32
PwC
Cybersecurity Consul ng & Advisory
London, UK
With offices in 158 countries and more than 236,000 people, we are among the leading professional services networks in the world. We help organisa ons and individuals create the value they’re looking for, by delivering quality in assurance, tax and advisory services. Some facts about PwC: In FY17, PwC firms provided services to 419 companies in the Fortune Global 500 and more than 100,000 entrepreneurial and private businesses
33
ZiŌen
Unified Security & Management
Aus n TX
End-user mobility and the cloud have forever changed systems management and security. Client devices operate off-net and offline. Server workloads are virtual and operate in the cloud. But siloed endpoint tools provide only par al, point-in- me data that leaves gaps for IT opera ons and security teams to piece together while trying to address today’s opera onal and security challenges – exposing organiza ons to unacceptable risks and unnecessary costs. Zi en brings it all together with all-the- me visibility and control – enabling IT opera ons and security teams to quickly act to repair user-impac ng issues, minimize endpoint risks, and eliminate threats on any asset, anywhere.
34
Kaspersky Lab
Malware & An -Virus Solu ons
Moscow, Russia
Kaspersky Lab is a global cybersecurity company celebra ng its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security exper se is constantly transforming into security solu ons and services to protect businesses, cri cal infrastructure, governments and consumers around the globe. The company’s comprehensive security por olio includes leading endpoint protec on and a number of specialized security solu ons and services to fight sophis cated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what ma ers most to them. Today the database is one of the most comprehensive and complete collecons in cybersecurity, protec ng systems from more than 100 million malicious programs.
35
SecureWorks
Managed Security Services
Atlanta GA
We have provided trusted managed security services to organiza ons of all sizes since 1999. We maintain a global presence to counter a global threat, opera ng four Counter Threat Opera ons Centers processing up to 240 billion cyber events daily Intelligence developed by the Secureworks Counter Threat Unit™ (CTU) research team enables us to provide you with unparalleled protec on against today’s threats
36
Carbon Black
Endpoint & Server Security Pla orm
Waltham MA
Thirty of the Fortune 100 rely on Carbon Black. Our diverse customer base includes Silicon Valley leaders in internet search, social media, transporta on, government, finance, and higher educa on. Collec vely, 3,000+ organiza ons trust us to protect more than 9 million endpoints around the world. With an eye on empowering every security team and protec ng every endpoint, we stand true to our founding vision: To create a world safe from cybera acks.
37
Checkmarx
So ware Development Security
Tel-Aviv, Israel
Checkmarx was founded in 2006 with the vision of providing comprehensive solu ons for automated security code review. The company pioneered the concept of a query languagebased solu on for iden fying technical and logical code vulnerabili es. Checkmarx staff is commi ed to both customers and technology innova on. Our research and development goes side by side with our business opera ons, to provide the best possible products and services to our customers.
38
Tenable Network Security
Vulnerability Scanning
Columbia MD
Tenable™, Inc. is the Cyber Exposure company. Over 23,000 organiza ons of all sizes around the globe rely on Tenable to manage and measure their modern a ack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its pla orm from the ground up to deeply understand assets, networks and vulnerabili es, extending this knowledge and exper se into Tenable.io™ to deliver the world’s first pla orm to provide live visibility into any asset on any compu ng pla orm. Tenable customers include more than 50 percent of the Fortune 500, large government agencies and mid-sized organiza ons across the private and public sectors.
39
Threat Stack
Cloud Infrastructure Security
Boston MA
#
Company
31
Issue: 002; November 2017
Info
Our mission as a leading cloud security company is to provide the highest quality insights to help our customers operate securely in the cloud. Threat Stack takes a comprehensive approach to intrusion detec on, by combining con nuous security monitoring and risk assessment purpose-built for today’s infrastructure – so you can feel confident that you’re protected from intrusion, insider threats, & data loss.
33
Global Cyberspace Security
#
Company
Cybersecurity Sector
Corporate HQ
40
i-Sprint InnovaƟons
Iden ty & Access Management
Chai Chee, Singapore
i-Sprint Innova ons (i-Sprint) established in the year 2000, is a premier iden ty, creden al and access management solu ons provider that enables individuals, organiza ons, and socie es to build trust and iden ty assurance for powering produc vity gain through digital iden ty and iden ty of things (IDoT). i-Sprint as a world class Solu on Provider in Iden ty, Creden al and Access Management Solu on enables individuals, organiza ons and socie es to build trust and iden ty assurance for powering huge produc vity gain through digital iden ty and iden ty of things.
41
Intel Security Group
An -Virus, Malware & Threat Protec on
Santa Clara CA
McAfee has a clear mission and roadmap for the future–to drive limitless innova on, securely. We believe that no one person, product, or organiza on can fight cybercrime alone. It’s why we rebuilt McAfee around the idea of working together. People working together. Products working together. Organiza ons and industries working together. Our goal is to spread this collabora ve a tude to our customers, partners, even compe tors. All uni ng to overcome the greatest challenge of the digital age–cybercrime–and making the connected world more secure.
42
AlienVault
Threat Detec on & Response
San Mateo CA
We founded AlienVault to help organiza ons of all shapes and sizes achieve world-class security without the headaches and huge expense of other solu ons. And we are passionate about our mission. To give our customers the very best threat detec on and response, our unified pla orm – AlienVault Unified Security Management (USM) – combines 5 key security capabili es with expert threat intelligence that is updated every 30 minutes with data from the Open Threat Exchange (OTX) that has been analyzed and classified by our AlienVault Labs team.
43
ForƟnet
Enterprise Security Solu ons
Sunnyvale CA
From the start, the For net vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure. We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a coopera ve fabric. Our unique security fabric combines Security Processors, an intui ve opera ng system, and applied threat intelligence to give you proven security, excep onal performance, and be er visibility and control--while providing easier administra on.
44
Imperva
Data & Applica ons Security
Redwood Shores CA
Imperva is a leading provider of data and applica on security solu ons that protect businesscri cal informa on in the cloud and on-premises. Founded in 2002, we have enjoyed a steady history of growth and success, genera ng $264 million in 2016, with over 5,200 customers and more than 500 partners in 100+ countries worldwide.
45
AT&T Network Security
Managed Security & Consul ng
Bedminster NJ
At AT&T, we’re bringing it all together. We deliver advanced mobile services, next-genera on TV, high-speed internet and smart solu ons for people and businesses. That’s why we’re inves ng to be a global leader in the Technology, Media and Telecommunica ons industry.
46
Northrop Grumman
Cyber & Homeland Security Services
McLean VA
Northrop Grumman is a leading global security company providing innova ve systems, products and solu ons to government and commercial customers worldwide, offering an extraordinary por olio of capabili es and technologies for applica ons from undersea to outer space and into cyberspace.
47
BlackBerry
Mobile & Data Security
Waterloo, Canada
BlackBerry is a leading cybersecurity so ware and services company dedicated to securing the Enterprise of Things. Based in Waterloo, Ontario, the company was founded in 1984 and operates in North America, Europe, Asia, Australia, Middle East, La n America and Africa.
48
SAS InsƟtute
Fraud & Security Analy cs
Cary NC
SAS – both the so ware and the company – thrived throughout the next few decades. Development of the so ware a ained new heights in the industry because it could run across all pla orms, using the mul vendor architecture for which it is known today. While the scope of the company has spread across the globe, the encouraging and innova ve corporate culture has remained the same.
49
HackerOne
Bug Bounty Pla orm
San Francisco CA
Created by security leaders from Facebook, Microso and Google, HackerOne is the first vulnerability coordina on and bug bounty pla orm. We empower companies to protect consumer data, trust and loyalty by working with the global research community to surface your most relevant security issues. HackerOne is a venture-backed company with headquarters in San Francisco.
50
Inspired eLearning
Security Awareness Training
San Antonio TX
Our award-winning Security Awareness, Compliance, and HR training solu ons help organiza ons build a culture of accountability and awareness that mi gates risk. Our courses are more than just a requirement: they’re dynamic programs that engage par cipants with high-quality content, driving your workforce towards sustainable, measurable improvements.
34
Info
Issue: 002; November 2017
China Cybersecurity Companies 公司名称
电话
市场部联系人
网址
主要业务领域
1
华为
0086-1081034499
任娟
www.huawei.com/cn/
防火墙&NGFW、入侵检测(IDS)/入侵防御(IPS)、 统一威胁管理(UTM)、抗DDoS设备、上网行为 管理、VPN、Web应用防火墙(WAF)、云抗D、 云WAF、移动终端安全、威胁情报、大数据安 全、APT。
2
启明星辰
010-82779088
徐梓洋
h p://www.venustech. com.cn/
"防火墙&NGFW、网络隔离(网闸)、入侵 检测(IDS)/入侵防御(IPS)、统一威胁管理(UTM) 、数据库安全、数据防泄密DLP、VPN、漏洞扫 描、SOC&NGSOC、评估加固&安全运维。"
3
深信服
0755-86627888
陈娟娟
h p://www.sangfor.com. cn/
"防火墙&NGFW、统一威胁管理(UTM)、上 网行为管理、VPN、移动终端安全。"
4
绿盟科技
010-68438880
徐钏
h p://www.nsfocus.com. cn/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、统一威胁管理(UTM)、主机防护及自 适应、抗DDoS设备、数据库安全、漏洞扫 描、Web应用扫描与监控、Web应用防火墙 (WAF)、安全咨询服务、评估加固&安全运维。"
5
360企业安全
4008-136-360
赫添
h p://b.360.cn/
"防火墙&NGFW、网络隔离(网闸)、统一 威胁管理(UTM)、终端防护&防病毒、终端检测 响应(EDR)、VPN、代码审计、Web应用防火墙 (WAF)、移动APP安全、移动终端安全、威胁情 报、大数据安全、APT、SOC&NGSOC、渗透测 试服务。"
6
亚信安全
(010) 5825 6889
胡婷
h p://www.asiainfo-sec. com/
"统一威胁管理(UTM)、主机防护及自适应、 终端防护&防病毒、终端检测响应EDR、防垃圾 邮件、云基础架构安全、移动终端安全、APT、 反钓鱼、SOC&NGSOC。"
7
天融信
010-82776666
邹佳丽
h p://www.topsec.com. cn/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、数据防泄密(DLP)、VPN、云基础架构安 全、大数据安全。"
8
卫士通
028-62386000
h p://www.westone.com. cn/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、VPN、磁盘加密、文档安全、加密机。"
Issue: 002; November 2017
35
Global Cyberspace Security
公司名称
电话
市场部联系人
网址
9
新华三
010-83030601
朱佳音
h p://www.h3c.com/cn/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、统一威胁管理(UTM)、VPN。"
10
安恒信息
0571-28860999 0571-28860099
李小尘
h p://www1.dbappsecurity.com.cn/index.aspx
数据库安全、Web应用扫描与监控、Web应 用防火墙(WAF)、堡垒机/运维安全、大数据安 全、等保工具。
11
美亚柏科
0592-5300188
王劲坦
h ps://300188.cn/
"大数据安全、安全取证、舆情监控、安全培 训教育、安全集成服务。"
12
山石网科
010-62997288
冯书萍
h ps://www.hillstonenet. com.cn/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、统一威胁管理(UTM)、Web应用防火墙 (WAF)、云基础架构安全。"
13
梆梆安全
4008-881-881
郑弛
h ps://www.bangcle. com/
"移动app安全、移动网络安全、移动安全测 评、移动安全SOC。"
14
安天
010-82893723
李娜
h p://www.an y.cn/
"主机防护、终端防护&防病毒、移动app安 全、威胁情报、APT。"
15
恒安嘉新
010-62384566
李靖
h p://eversec.com.cn/
16
蓝盾股份
"020-85526663
谢益彬
h p://www.bluedon.com/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、安全集成服务。"
(广州总部)
主要业务领域
移动网络安全。
010-82825516 (北京分部)"
17
北信源
01062140485/86/87
王赛
h p://www.vrv.com.cn/
"网络准入(NAC)、终端防护&防病毒、数据 防泄密(DLP)、移动终端安全。"
18
迪普科技
0571-28280933
于经理
h p://www.dptech.com/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、统一威胁管理(UTM)、抗DDoS设备。"
(市场)
19
通付盾
010-62358221
张馨
h ps://www.tongfudun. com/
云身份管理、移动app安全、反欺诈。
20
飞天诚信
010-62304466
薛璐
h p://www. safe.com. cn/
身份管理。
21
立思辰
010-8273 6600
宁冉
h p://www.lanxum.com/
加密机、工控安全。
22
北京CA
(010)58045600
h p://www.bjca.org.cn/
CA数字证书。
23
明朝万达
010-82743939
h p://www.wonderso . cn/
文档安全、磁盘加密、移动终端安全。
24
爱加密
010-82825622
崔春霞
h p://www.ijiami.cn/
移动app安全。
(市场)
25
任子行
0755-86168366
李思月
h p://www.1218.com.cn/
26
知道创宇
"400-060-9587 010-57076191"
陈雪
h ps://www.knownsec. com/#/
27
东软
(86 24) 8366 7788
闫洁
h p://www.neuso .com/ cn/
"防火墙&NGFW、入侵检测(IDS)/入侵防御 (IPS)、Web应用防火墙(WAF) 、SOC&NGSOC。"
28
中新网安
0551-65178555
徐航
h p://www.cnzxso .com/
"防火墙&NGFW、抗DDoS设备、Web应用 防火墙(WAF)、云抗D、APT。"
29
信安世纪
010-68025518
陈晓萍
h p://www.infosec.com. cn/
"VPN、堡垒机/运维安全、CA数字证书、身 份管理。"
36
上网行为管理、舆情监控。 "Web应用扫描与监控、云抗D、云WAF、大 数据安全。"
Issue: 002; November 2017
公司名称
电话
市场部联系人
网址
主要业务领域
30
永信至诚
010-59403168
许学伟
h p://www.integritytech. com.cn/
攻防训练平台、安全培训教育。
31
泰岳安全
010-58847555
h p://www.ultrapower. com.cn/portal/ultraWeb. ac on
"堡垒机/运维安全、SOC&NGSOC、安全集 成服务。"
32
格尔软件
33
众人科技
"8621-33933330 8610-64669133"
吕茂强
h p://www.people2000. net/
"身份管理、云身份管理、移动业务安全、大 数据安全、安全集成服务。"
34
圣博润
8610-82138088
杜英
h p://www.sbr-info.com/
终端防护&防病毒、堡垒机/运维安全、 等保工具。
35
上海观安
021-51206032
h ps://web.idss-cn.com/
大数据安全,安全大数据。
36
中兴通讯
0755-26770000
h p://www.zte.com.cn/ china/
安全集成服务。
37
锐捷网络
0591-280538886729
h p://www.ruijie.com.cn/
38
优炫软件
010-82886998
39
交大捷普
40
CA数字证书。
NGFW、上网行为管理、大数据安全分析平 台、WAF、网站安全。
h p://www.uxsino.com/
文档安全、数据库安全。
029-88333000
h p://www.jump.net.cn/
防火墙&NGFW、数据库安全、Web应用防 火墙(WAF)、SOC&NGSOC、评估加固&安全 运维。
上讯信息
021-51905999
h p://www.suninfo.com/
网络准入(NAC)、堡垒机/运维安全、数据库 安全、磁盘加密、移动终端安全、安全集成 服务。
41
科来
010-82601814-823
金一
h p://www.colaso .com. cn/
APT、安全取证、安全培训教育。
42
安赛科技
400-8888-405
卢云燕
h ps://www.aisec.com/ cn/
43
安博通
010-59576478
邓思
h p://abtweb1.w209.mctest.com/
防火墙&NGFW、SOC&NGSOC。
44
白虹软件
"021-50271531 010-53318218"
h p://www.baihongso . com/
安全取证。
45
安全狗
0592-3764402
庞怀东
h p://www.safedog.cn/
主机防护及自适应、Web应用防火墙(WAF)。
46
安华金和
010-57569528
李墨
h p://www.dbsec.cn/
47
鼎普
010-57328000
48
华途
010-56913600
陈经理
h p://www.huatuso . com/
主要业务领域:文档安全。
49
国舜股份
010-82838085
司洋
h p://www.unisguard. com/
网页防篡改、评估加固&安全运维。
50
美创
0571-28236100
颜经理
h p://www.mchz.com.cn/ meichuang/
Issue: 002; November 2017
逯经理
h p://www. pfocus.com/
"Web应用扫描与监控、Web应用防火墙 (WAF)。"
数据库安全。 内网安全、安全集成。
数据库安全、业务系统容灾。
37
Cybertech Tel Aviv 2018 Cybertech 2018, the 5th international event for the cyber industry, will take place in Tel Aviv, Israel, on January 29-31, 2018. This annual global event is the foremost platform for bringing together multinational companies, innovative startups, private and corporate investors, venture capital first, senior government officials, entrepreneurs, cyber technology clients and other experts from around the world. Offering attendees an unparalleled opportunity to get acquainted with the latest cyber innovations and solutions from around the world, serving as an incredible B2B platform. Cybertech places special emphasis on networking, strengthening existing relationships and forming new ones.
In 2017 alone, Cybertech Tel Aviv gathered over 13,500 delegates, 139 Israeli and international speakers, and 204 companies and startups. Cybertech Tel Aviv 2018 will feature variety of cyberdedicated professional presentations, events and panels with experts from around the world regarding diverse topics such as international cyber cooperation, cyber security for the healthcare industry, securing air and sea ports, in addition to a hacker zone, startup competition and more. In addition to the unique opportunity to discover the latest innovations in the local and global cyber community, Cybertech presents problem-solving strategies and solutions to challenges for a wide range of sectors including finance, defense, transportation, utilities, R&D, energy, manufacturing, service sectors, health, media, government, and more.
Cybertech Tel Aviv attracts high-level speakers from around the world. Previous speakers have included Israeli Prime Minister Benjamin Netanyahu, Michigan Governor Rick Snyder, and Cisco CEO Chuck Robbins. This yearâ&#x20AC;&#x2122;s speakers include the GM Security of Micro Focus, Head of Security of PwC, ethical hacker Saket Modi, and CISO of the National Payment Corporation of India, and others from companies like Mobileye, IBM, and Dell-EMC.
Hundreds of foreign delegations, representatives of multinational corporations and foreign investors will travel to Israel to gain exposure to the latest innovations in cyber technologies, and take part in the conference and mega exhibition, from countries such as Vietnam, Netherlands, UK, India, USA and many more. The event will allow businesses, startups, investors, government officials, military personnel, ambassadors and exhibition visitors to focus on networking, strengthening existing alliances, and forming new ones.
Cybertech offers exciting participation opportunities for a variety of companies and organizations - from the smallest startups to global conglomerates, and for media, government, non-profits, chambers of commerce and much more.
Cybertech Tel Aviv is the flagship event of Cybertech Global Events, producers of Cybertech conferences and exhibitions - both megaevents and boutique sessions - in locations such as Rome, Fairfax, Beverly Hills, Panama City, Tokyo, and Singapore.
Please contact Eliana Schwartz at eliana.schwartz@cybertechconference.com, or visit us at cybertechisrael.com to explore opportunities for exhibiting, sponsoring, startups, media partnerships and more.
38
Issue: 002; November 2017
29-31.1.2018 CYBERTECH EXHIBITION
30-31.1.2018 CYBERTECH CONFERENCE
For more details: E: cyber@cybertechconference.com | W: www.cybertechisrael.com | T: +972-74-7031211
Issue: 002; November 2017
39