Data deluge obscuring real cyber threats warns SAS

Australian businesses are drowning in a deluge of cyber security data, causing genuine threats to get lost in a sea of false positives, a top executive at multibillion-dollar business intelligence, analytics and data management firm SAS has warned.

In Melbourne last week to visit Australian clients, SAS cyber security vice-president Stewart Bradley said his company had joined the pantheon of vendors selling security services, as it believed greater use of analytics was required to analyse the unfathomable amount of threat data being generated.

“Organisations have largely tackled the security challenge through many different solutions that solve only small fractions of the problems they face,” Mr Bradley said.

“They have created a patchwork quilt of solutions … now they’re trying to get a better understanding of where their greatest risks are, and need a holistic view.”

Mr Bradley has spearheaded the growth of SAS’ cyber security division since it launched its first cyber security software suite in November last year.

SAS is one of the world’s largest private software firms and dedicates about a quarter of its $4.1 billion of revenue to research and development. It is poised to start offering its cyber security technology in Australia for the first time at the end of the year.

Its technology works by analysing how a machine should behave, thereby more accurately detecting significant security threats, even when the attack uses new security flaws or methods.

SAS will be targeting its Australian financial services clients, including the big banks, which already use SAS’ fraud detection software.

Converging threats

Mr Bradley said that in the past five years the threat to banks had transformed from one where individuals’ accounts were being fraudulently taken over, to mass compromises of user information and the sale of that on the dark web.

“The ecosystem of fraud and cyber has converged over the last five years. Now we’re seeing cyber events … where the ultimate monetisation of the breach is fraud,” he said.

“One of the biggest issues is that the environment is changing so rapidly from an attack perspective. All organisations are struggling to keep up … and the proliferation of bring-your-own-devices and the internet of things is eliminating the perimeter that was around organisations.”

Already the big four banks are said to be spending up to $100 million on cyber security measures each year and late last year Commonwealth Bank of Australia director Harrison Young said there was “approximately no chance that banks or even armies could keep hackers out of their systems”.

Mr Bradley said businesses would always be behind the cyber criminals, but by changing the approach to detecting cyber criminals to one that was less reliant on humans and more driven by computer analytics, it was possible to minimise their head start.

“We’ll always be in a situation where we’re trying to keep up with the cyber criminals. That’s the reality of the game we’re playing,” he said.

“Historically the protection of an organisation’s corporate assets has been focused on building a thicker and wider moat, but that’s no longer valid with the connectedness we have through the internet of things. It is shifting what organisations are doing from protection, to detection and response.”

Sector consolidation

The cyber security sector has become a hot spot for investors in recent times, leading to the creation of numerous players in the space.

Mr Bradley said that in 2015 more than 125 new cyber security vendors entered the market, and he tipped a consolidation of the sector.

“When the older players in the market are developing enterprise security platforms that allow integration across an organisation’s ecosystem, that’s what will drive vendor consolidation,” he said.

“Our role is to be the analytics fabric that can support the integrated security platforms to be able to make sense of the data that is being shared.”

By: Yolanda Redrup

Posted On: http://www.afr.com/technology/web/security/data-deluge-obscuring-real-cyber-threats-warns-sas-20161108-gskham

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au for further information and quote today.

Google Puts Repeatedly Dangerous Websites on Notice

Web giant tries to fill the protection gap created when malicious sites clean up their act just long enough to ditch the Safe Browsing warning.

Google has added a new classification to its Safe Browsing initiative to better protect users from malicious websites trying to game the system.

Google’s Safe Browsing warns users when they are about to visit a website known to violate the web giant’s policies on malware, unwanted software, phishing or social engineering. The warning appears until Google verifies that the site in question no longer poses a threat to users. But some sites are only cleaning up their act just long enough to shake the warning, and then returning to their harmful behavior.

That gap in user protection led Google to create a new label to warn users of sites that engage in this pattern.

“Starting today, Safe Browsing will begin to classify these types of sites as “Repeat Offenders,” Google explained in a company blog post Tuesday. “Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.”

Once classified as a “repeat offender,” sites will not be allowed to request a review for 30 days. During that time, users will continue to see messages warning them of the risk involved in visiting the site.

Google has added a new classification to its Safe Browsing initiative to better protect users from malicious websites trying to game the system.

Google’s Safe Browsing warns users when they are about to visit a website known to violate the web giant’s policies on malware, unwanted software, phishing or social engineering. The warning appears until Google verifies that the site in question no longer poses a threat to users. But some sites are only cleaning up their act just long enough to shake the warning, and then returning to their harmful behavior.

That gap in user protection led Google to create a new label to warn users of sites that engage in this pattern.

“Starting today, Safe Browsing will begin to classify these types of sites as “Repeat Offenders,” Google explained in a company blog post Tuesday. “Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.”

Once classified as a “repeat offender,” sites will not be allowed to request a review for 30 days. During that time, users will continue to see messages warning them of the risk involved in visiting the site.

By: Steven Musil

Posted on: https://www.cnet.com/au/news/google-puts-repeatedly-dangerous-websites-on-notice

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehos

Spam’s not just annoying, it can be dangerous: ESET

Although many would already be well aware that today’s spam can be far more dangerous that just a dodgy Viagra pill and could infect your computer, ESET has issued a new warning.

Spam, says the Internet security firm, is “not simply emails, but messages received on instant messaging services, social networks and SMS”, and they “often flood people’s inboxes en masse with information they wouldn’t ordinarily wish to see”.

Unless you’ve been living under a rock, you’ll clearly agree with ESET’s statement that spam is “considered by many as an inconvenience rather than anything serious, these annoying, unsolicited messages may harbour something far more damaging, like executable programs that allow your computer to be taken over – and Internet users may be inadvertently putting themselves at risk”.

Nick FitzGerald, senior research fellow at ESET Asia Pacific, said: “Once upon a time, most spam was easy to spot, largely because they offered recipients products and services they had no interest in obtaining.

“The level of sophistication today, however, has grown. Many messages appear legitimate, with authentic, relevant and interesting content, designed to bait clicks from the user.”

“The problem is,” says ESET, “when a user receives a spam message and follows a link — intentional or otherwise — spammers receive information that can make the user vulnerable to any number of dangers.”

We’re told that “this can range from receiving greater volumes of spam, being scammed by criminals who make money from the tiny proportion of users that actually respond, to being the unhappy recipient of any number of different types of malware, including ransomware”.

For many, this is only too well known, either from years of being cyber street smart, or from having been bitten by the dreaded ransomware bug.

FitzGerald added: “Cybercriminals have a lot to gain from these activities. It’s not just the objectives behind spamming that have evolved, but also their delivery methods. With the increasing adoption of connected devices in Asia-Pacific and the world — particularly in Singapore where smartphone penetration is the highest across the globe — we are seeing more spammers targeting social channels in addition to traditional spam emails.

“As we increasingly conduct our lives on-the-go, using multiple internet-enabled platforms at any one time, it also means spammers have all the more opportunities and avenues to send unwanted messages.”

Naturally, ESET points out that “defending yourself against security issues caused by spam does not have to be a difficult job. Proactive measures are vital in reducing exposure to such threats”.

ESET’s top tips on protecting yourself include:

  • Not publishing your email address on the Internet, if possible;
  • Only sharing your email address with trusted individuals;
  • Not replying to spam messages that have already made it to your inbox;
  • Being cautious when filing out Internet forms. Be especially wary of checkboxes that request opt-ins such as “Yes, I want to receive information about xx.”;
  • Be suspicious of links from people who don’t usually post links;
  • Not authorising anything on apps you’re not 100% sure about;
  • Keeping a clean machine. Update your computer or handheld device with the latest operating system, software, web browsers, and apps to provide the best defences against viruses, malware, and other online threats that may be caused by spam messages;
  • Being wary of the information given to apps (does an app that lets you edit photos really need to know every single thing about you?); and
  • Not forgetting the golden rule – if something looks too good to be true, it probably is!

Fitzgerald concluded: ”It’s important that we remain vigilant as consumers, and not forgo security for convenience. Apps, for example, often request permissions from us that we commonly authorise without much thought on the possible implications. Be wary of the information you receive and sign up to, and wherever possible, also give yourself added peace of mind and security with the appropriate anti-spam technology.”

Of course, ESET “legitimately spammed” the email inboxes of technology journalists to deliver its message and to secure a bit of free publicity, but I’m happy to acknowledge that’s precisely what ESET has done and to publish its message, which at least to me, is already very familiar.

Even so, one can never be warned enough about such matters – humans are the weakest link in the security chain, after all, and it only takes a moment of distraction to click on something that shouldn’t be clicked om, which could easily lead to ransomware and your computer effectively bricked!

So take heed of ESET’s advice, and be damned careful out there, for a mis-click could brick your PC and leave you with the short end of the stick – and nobody wants that!

By Alex Zaharov-Reutt
Posted on: http://www.itwire.com/your-it-news/home-it/73341-spam’s-not-just-annoying,-it-can-be-dangerous-eset.html

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au for further information and quote today.