TEL AVIV, Israel – A senior official in the White House announced Monday at the 7th International Cyber Week at Tel Aviv University that the United States and Israel had formed a bilateral cyber working group that would “stop adversaries before they can get into our networks and hold bad actors accountable.”

The announcement was made by Thomas Bossert, Assistant to the President for Homeland Security and Counterterrorism. The United States will be represented by Rob Joyce, Cyber Security Coordinator to President Trump, and Evyatar Mataya, Head of the Israeli Cyber Bureau. The details will be worked out this week during a series of meetings in Tel Aviv, the site the 7th annual Cyber Week, an Israeli inspired conference of world cyber leaders. MITechNews.Com Editor Mike Brennan is providing coverage of the conference as a guest of Israeli Foreign Ministry.

Bossert said the goal of the bilateral cyber working group is to work closely with Israeli government and cyber security businesses that are noted for their agility and innovation and take that knowledge back to America. The broad strokes include working together to identify cyber issues, advanced cyber security research and development, workforce development and other possible international cooperation. The end product will be to identify best practices. He added: “A safer more secure Internet is within our reach.”

A heady goal indeed. World governments and businesses are struggling to keep hackers of all shades – from cyber criminals to nation states – from penetrating their computer networks for nefarious purposes, ranging from harvesting intellectual property and financial information to bringing down vital infrastructure, such as power grids, water treatment facilities, transportation systems and much more. But it has been the hackers who have been more agile and able to infiltrate computer networks around the globe, while governments, business and even individuals try to prevent them from doing so.

Israel has had a long history – in Internet terms – in developing cyber security mitigation and remediation tools and strategies. As early as 2003, the Israeli government identified vulnerabilities in connecting its power grid to the Internet and figured out ways to keep it safe from hackers, Professor Issac Ben Israel – Head of the Blavatnik Interdisciplinary Cyber Studies Center, said in a press briefing on Sunday. Ben Israel said since Israel was a first mover, it has held a strategic and knowledge advantage over its adversaries.

On Monday Mataya, Head of the Israeli Cyber Bureau, in another press briefing, said the fact that Israel is a very small country (the size of New Jersey) with a population of about 8.5 million people and constantly under cyber attack or threat of attack from not only its nearby Arab neighbors, but also nation states elsewhere in the world, has been forced to develop cyber security defenses quickly and has done so in collaboration with private Israeli industry – one of the reasons why Israel is home to hundreds of cyber security companies, including well-known Check Point, a 24-year-old company that produces products that protect computer networks and generates some $1.7 billion a year in revenue.

It’s this type of public-private cooperation that the United States seeks to better understand to help make its cyber defenses more responsive to the ever changing threats posed by bad actors around the world, and even inside the United States, Bossert said. A second aim of the bilateral cooperation pact is to better attribute where attacks are coming from so that punitive measures can be levied against the perpetrators, he said.

Coverage from Cyber Week and the private press tour of Israel’s cyber security infrastructure will continue this week. Day two of Cyber Week is Tuesday followed by a tour of Beer Sheba, Isreal’s equivalent of California’s Silicon Valley on Wednesday. Be sure to click on www.mitechnews.com for full coverage from Cyber Week.

MITechNews.Com Editor & Publisher Mike Brennan will be in Israel through Friday to provide complete coverage of Cyber Week 2017.

The post US-Israel Form Bilateral Cyber Working Group To Thwart Hackers More Quickly appeared first on MITechNews.

The post Brennan Tells WJR Internet Advisor Listeners About Cyber Week In Israel appeared first on MITechNews.

In-brief: In the hours before the Petya malware began circulating, two high level Trump Administration officials called for a tougher stand against online actors who sow chaos. The question now is how the Administration will react.

TEL-AVIV, Israel– With the Petya “wiper” virus spreading globally, leaving crippled computers and organizational chaos in its wake, eyes are turning to the six month-old administration of President Donald Trump for clues about how the U.S and its allies will respond to one of the most destructive malware attacks to date.

In official statements, at least, the Administration takes a hard stand on ransomware, wipers and other forms of cyber crime and online adventurism. But experts say that retaliating against a nation-state like Russia will not be easy, even if attribution for the Petya attack can be tied to them.

The case for a muscular Trump Administration response to Petya is strong, at least judging the words of its chief cyber security experts. Speaking at a conference at Tel Aviv University on Monday, just hours before the Petya outbreak would begin in Ukraine, the Trump Administration’s two leading advisors on cyber security policy each took a tough stand on acts of cyber criminality and called for a policy that imposes tough sanctions on nations and other actors who refuse to abide by international norms in cyber space.

Asked about his top concern, White House Cybersecurity Coordinator Rob Joyce seemed to anticipate the outbreak, identifying destructive malware attacks like the Shamoon attack on Saudi Arabia’s national oil company, ARAMCO. “Destructive malware like the Shamoon virus that just deletes data – that’s just beyond the pale,” Joyce told an audience at Tel Aviv University on Monday. Specifically, Joyce said he was worried that the world’s inaction in response to Shamoon reflected an unwillingness to take on bad actors in a forceful way. “The real issue is that we’re watching that happen in Saudi Arabia and we’re kind of letting that go. There has not been a huge international outcry about that behavior,” Joyce said.

The question, he said, is “what are the responsible actions we can take to make sure that …that is not going to come at us – our businesses, networks, governments.”

To read the rest of this story from Security Ledger, click on https://securityledger.com/2017/07/petya-malware-may-be-an-early-test-of-trumps-muscular-cyber-doctrine/

The post Petya Malware May Be An Early Test Of Muscular Trump Cyber Doctrine appeared first on MITechNews.

ROYAL OAK – M2 TechCast co-host Mike Brennan calls in from Israel where he was on a press tour covering Cyber Week 2017 at Tel Aviv University. Most of the emphasis at the conference and during the press briefings that followed was on cybersecurity. While experts differ on how many Israeli cybersecurity companies are based in Israel – from 300 to 700 – Israeli Prime Minister Benjamin Netanyahu on the first day of the conference said Israel is open for cybersecurity business and invited governments, businesses, and other institutions to partner with Israel to keep the bad guys at bay.

To listen to this podcast, click on https://soundcloud.com/podcastdetroit/m2techcast-episode-87-mike-brennan-from-cyberweek

The post M2 TechCast Co-Host Brennan Reports From Cyber Week In Israel appeared first on MITechNews.

ROYAL OAK – Red Level Microsoft Solutions Manager Justin Coffey explains the upside and downside of anywhere access. Business professionals are working remotely from the road or home, which then makes the business network vulnerable to cyberattack.

The ways to do remote work safely includes:

OneDrive for Business: Access to your files in the cloud synced to your local device (e.g. laptop, tablet, mobile phone)

Skype for Business: Voice and video calling, cloud PBX, IM and desktop screen sharing, PSTN voice and conferencing, online meetings

Exchange Online: Synced mailbox (email, contacts, calendars, tasks) across all devices and web browser

Office 365 Advanced Threat Protection: Safe Links & Safe Attachments for email and document protection from malware/phishing attempts

To hear this podcast, click on https://soundcloud.com/podcastdetroit/m2techcast-episode-86-red-level-justin-coffey

The post Red Level’s Coffey: The Upside And Downside Of Anywhere Access appeared first on MITechNews.

HADERA, Israel – A collection of small stone houses that once sheltered seasonal orange pickers now serves as a real-world training ground for cyber defenders to learn what it takes to keep a growing army of hackers out of networks operated by multinational corporations, government and security organizations worldwide.

CyberGym, created in 2013, is not a simulation center like the Michigan Cyber Range run by Merit Networks in Ann Arbor, MI. Rather the Israeli facility works closely with other CyberGym centers in Europe and Asia – and soon the United States – in the real-world where “everything that happens, it really happens in real time,” CEO Ofir Hason told a group of about 20 journalists on June 25 who were in Israel to cover Cyber Week. CyberGym is a joint venture of Israel Electric Corporation and CyberControl, an Israeli cybersecurity company.

CyberGym charges its clients from $100,000 to $300,000 a week for custom training that replicates the principles of the company’s unique technological environment. Training can last from one week to several. CyberGym’s brochure describes its offerings as a “unique hands-on training concept and a holistic approach to cyber warfare.” Training is not only provided to techies, but also to their non-technical counterparts.

In one part of the CyberGym Training Arena, the Blue Team – aka the paying clients – face real cyber-attacks from the in-house Red Team, composed of cyber experts from the Israel Defense Forces’ elite 8200 cyber intelligence unit, as well as US National Security Agency hackers, plus veterans of other cyber defense organizations. A White Team, composed of the same cyber battle-hardened pros, serves as both supervisors and umpires. Some 40 people work at the Israeli center.

When the training sessions conclude, CyberGym conducts a thorough analysis of what happened and a review of how cyber defenders dealt with the attacks. The end result, CyberGym hopes, will be its trainees can determine how the breach occurred, better understand their responsibilities and roles during an attack, plus gain valuable insight into the mind of black hat hackers, nation state actors and organized crime all bent on stealing data and causing digital mayhem.

“The goal is to punch the companies in the face before they have to face a real fight,” Hason said. “In general they do not like what happens because companies realize how vulnerable they are.”

CyberGym’s training centers include the same infrastructure hardware that typically will be under attack – from Servers, to Programmable Logic Controllers (PLCs), to Supervisory Control and Data Acquisition (SCADA) devices and even Automated Teller Machines. Hason uses an ATM machine as an example of the kind of target favored by criminal hackers.

“There are 50,000 (machines) like this installed in Asia,” he said, as he slides the electronic internal components out for the journalists to inspect. Inside is a computer running Windows NT 4.0 (from 1996), which hasn’t had its software updated in many years. As a result, Hason said these money-dispensing machines are almost ridiculously easy to hack.

“We warned them and asked why they did not update them,” he said. “They replied that they worked; updates cost too much money.”

Back at the Michigan Cyber Range, Joe Adams, Merit Networks Vice President of Research and Cybersecurity, said he visited CyberGym a few years ago and was impressed by the cyber-physical aspects, “which involves very visual infrastructure and real PLCs and SCADA equipment, such as pumps.” 

But Adams said Merit and the Michigan Cyber Range differ from CyberGym because Cyber Range focuses on scalability: “We can offer multiple exercises at one time and allow participants access to the exercise environment for longer durations. We are also network accessible, which means that our range, exercises and classes can be connected to from anywhere remotely.”

Adams added: “I like what they are going. However implementing features similar to CyberGym’s comes with the expense of scaling and accessibility, which are two cornerstones of the Michigan Cyber Range.”

The post Israel’s CyberGym – Real World, Real Time Cyber Defense Training appeared first on MITechNews.

SAN FRANCISCO – A new strain of a malware called CopyCat has infected more than 14 million Android devices around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue, researchers at Check Point said Thursday.

While the majority of victims are in Asia, more than 280,000 Android devices in the US were hit by the massive hack. Google had been tracking the malware for the last two years and has updated Play Protect to block CopyCat, but millions of victims are getting hit through third-party app downloads and phishing attacks.

There was no evidence that CopyCat was distributed on Google Play, according to Check Point.

“Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play,” Google said in a statement.

To read the rest of this story, click on https://www.cnet.com/news/android-hack-copycat-malware-device-outdated-14-million/?ftag=CAD2e9d5b9&bhid=20102274281679224800074149012732

The post CopyCat Malware Infected 14 Million Outdated Android Sevices appeared first on MITechNews.

NEW YORK – A United Nations survey released Wednesday shows major gaps in the security among the world’s most powerful countries, with the United States coming in second on the “most committed” list.

The Global Cybersecurity Index (PDF) takes a look at defense capabilities in 134 countries, focusing on five factors: technical, organizational, legal, cooperation and growth potential. The index ranked countries in several ways, including those “most committed” to cybersecurity.

Singapore took the top rating for “most committed,” edging out the United States. While the US beat Singapore on legal, organizational and growth potential factors, Singapore scored higher for cooperation.

Other nations rounding out the top 10 in cybersecurity commitment are Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France, Canada and Russia, respectively. Georgia and France tied for No. 8.

The survey found that despite the massive gap in wealth, poorer nations like Malaysia and Oman were stronger in cybersecurity than countries such as France and Canada.

“The data collection shows that developing countries lack well-trained cybersecurity experts as well as a thorough appreciation and the necessary education on cybersecurity issues for law enforcement, and continued challenges in the judiciary and legislative branches,” the survey said.

Half of the countries that responded to the survey do not have a cybersecurity strategy. More than half don’t have training for their police. The UN called the creation of a cybersecurity strategy a “crucial first step” for any nation. 

There’s also a major gap in cybersecurity among the five permanent members of the United Nations’ Security Council. The US was ranked No. 2. France was No. 8. Russia ranked No. 10. The UK was No. 12. China placed No. 32. 

The survey noted that there’s no global standard for cybersecurity, which it considers problematic.

“Cybersecurity is an ecosystem where laws, organizations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said.

To read the full report, click on https://www.cnet.com/news/united-nations-cybersecurity-global-index-united-states-singapore/?ftag=CAD2e9d5b9&bhid=20102274281679224800074149012732

The post UN Survey Shows Major Gaps In Cyber Security Among Most Powerful Countries appeared first on MITechNews.

MANKATO, MN. – This article explores what the former head of Shin-Bet, Israel’s internal security service (equivalent to Britain’s MI5 or the FBI in the US), thinks of the current state of cybersecurity in the world today, and what can we learn from his warnings?

In June 2017, I (Chris Veltsos, a Cybersecurity professor at Minnesota State University) was invited by the Israeli Ministry of Foreign Affairs to attend the CyberWeek conference in Tel Aviv, as part of a delegation of journalists from around the globe. Among the key people we met and interviewed was Yuval Diskin, who headed Shin Bet (aka Shabak) from 2005 to 2011. Yuval is currently the Chairman of CyMotive, a company focusing on cybersecurity in the automotive industry. CyMotive was born out of a partnership with Volkswagen, which issued a press release in September 2016, touting the important role this new company would play for Volkswagen and the automotive industry:

The age of the connected car enables customers to use a variety of features inside modern vehicles. However, with increasing connectivity comes an increasing risk. Aspects such as intelligent and autonomous driving increase the number of interfaces in the vehicle and thus the risk of malicious attack.

Mr. Diskin quickly set the tone when it comes to the state of cybersecurity today, stating “attackers are very dynamic; defenders are very static, passive.” He went on to say that “interconnectivity is one of the biggest challenges” and that to prevent or detect attacks, you must extend your scope beyond the perimeter. The current approach deals with layers of defenses and incident response preparations, but both of those approaches require the organization to wait until an attacker has successfully compromised systems in order to react.

approach? Leverage behavioral science to identify attackers, even before they’ve found you and successfully penetrated your defenses. “Behind every cyber attack, there is a human being…” he said, then explaining that the goal is to connect the dots to identify the humans behind the attacks. He coins his approach as “intelligence driven offensive defense” and warns that many organizations and leaders prefer “naive” solutions to their cybersecurity problems, alluding to the patchwork of controls that many organizations have deployed today, with 36% of banks reportedly using between 51 and 100 security tools.

“There is a real reason to be frightened by the potential of a cyber attack” he said, alluding that current activity is equivalent to child’s play (i.e. how a child explores his ability to impact the world around him, and test boundaries). So what are organizations to do? Instead of looking for new (cybersecurity) solutions he said, organizations should ensure that their cyber processes are consistent and maturing, and that the controls are effective.

So what are you waiting for? Go test your controls, before someone else does.

The post Former Head Of Shin Bet On Current State Of Cybersecurity appeared first on MITechNews.

MANKATO, MN. – How does a small country — with about the same population count as Switzerland — position itself to compete in the fast-pace cybersecurity global marketplace? In this article, we’ll explore the factors that have enabled Israel to position itself as a key future player in cybersecurity. In a follow-up article, we’ll look at how Israel has leveraged that potential into action, creating a marketplace for venture capital and innovation, resulting in hundreds of security startups.

Demographics

What is immediately noticeable when arriving in Israel is the number of young people around you. Unlike many of the largest countries and economies, Israel has a young, vibrant population, with over 43% of people aged 24 or under (CIA World Factbook). The median age is 29.7, compared to 37.9 for the US, 42 for Canada, and 42.7 for the entire European Union.

Having a young population not only gives it a current and future stable workforce supply, it also means that a larger percentage of the population is going to be tech-savvy, having grown up in a world in which the Internet always existed, and being very comfortable with using and understanding technology, and the Web of Trust (WoT) that binds us all.

However, by itself, having a young population doesn’t mean that a country is poised to be a global player on the cybersecurity stage. So next, we’ll explore the role the government has played in shaping this nation to be a key player in cybersecurity.

Cyber — A Government Focus & Priority

While a growing number of governments around the world are proclaiming their desire to boost their cybersecurity workforce, nowhere is it more evident than in Israel. Attend any cybersecurity conference in Israel and you’ll inevitably run into dozens of key government leaders, from multiple sectors including the economy, import/export, the military, but also education and academia. Don’t be surprised if the head of the country pops in to make a short speech about the importance of the cyber domain to Israel’s future, as Prime Minister Netanyahu did on June 26th at the start of the CyberWeek conference at Tel Aviv University:

Cyber security is serious business. It’s serious business for two reasons: the first reason is that it’s a serious and growing threat. And it’s a growing threat everywhere because everything, every single thing is being digitized. And the distinction between hi-tech and low-tech is rapidly disappearing. And as that happens in one country after another, in one industry after another, in one critical infrastructure after another, and as we enter the world of the internet of things the need for cyber security is growing exponentially.

Our decision in this case was to create a national cyber defense authority and we are organizing them around the cyber net so that everybody has secure information between the government and the various organizations and the business organizations. We can communicate in a secure way and the parties inside the net can communicate with each other. Not only to respond to attacks but to prevent them, to prevent them by early warning, to prevent them also by guidance, by teaching a systemic doctrine to the extent that you can be systemic in this business.

— PM Netanyahu at the CyberWeek conference (June 26, 2017)

A Military Affair

The government’s role in leading the effort to position Israel as a leader in this space is undeniable. However, growing a cybersecurity workforce comes much easier to Israel than to the rest of the world, due to Israel’s need to protect itself from what they call “not so friendly neighbors.”

In many developed countries, the workforce supply in the cybersecurity domain is stretched thin, often with minimal or negative unemployment rates in the field, leading to many companies poaching the best security folks from their competitors, and leaving the government sector with a near-empty pool of applicants as government salaries are much lower, often on the order of 20%, 30%, even 40% lower, and the barriers to entry much higher (i.e. advanced degrees, clean record, drug tests, etc). A 2016 Indeed article compared the salary, adjusted for cost of living differences, of an information security specialist with three years of experience in Minneapolis ($127,757) with that of someone in Arlington VA ($74,254). The numbers speak for themselves.

In Israel the cyber workforce situation is much different; the Israel Defense Forces (IDF) provide the country with a fresh, auto-renewing supply of talented youths that have often signed up for extra tours of duty in some of the elite units of the IDF (e.g. the famous unit 8200, where many of today’s cybersecurity entrepreneurs once served). According to Wikipedia, the number of people reaching military age annually (estimates for 2016) is 60,000 males and another 60,000 females. While that number is by no means large, the experience instills in the conscripts many key values that lasts for decades after they’ve left their defense units and integrated the workplace.

One of the most privileged spots in the IDF is unit 8200 which is often referred to as Israel’s equivalent to the NSA. Unit 8200 is an intelligence unit, responsible for collecting signal intelligence (SIGINT) and code decryption. Unit 8200 is just one of several sought after units in the Israeli Intelligence Corps, which is “responsible for collecting, disseminating, and publishing intelligence information for the General Staff and the political branch” and also to engage “in counter-intelligence and information security work, and presents general assessments.” Several alumni of unit 8200 “have gone on to found leading Israeli IT companies, among them CheckPoint, Imperva, Incapsula, CloudEndure, Cybereason, ICQ, LightCyber, NSO Group, Palo Alto Networks, indeni, NICE, AudioCodes, Gilat, Leadspace, EZchip, Onavo, Singular and CyberArk.”

However, unit 8200 is just one of the many valuable units where young men and women can serve, and in the process gain valuable training and experience that can be of use in the business world.

Other Factors

Of course, there are other factors at play that have helped Israel position itself as a leader in this domain, beyond the young population, beyond the deliberate focus and support of the Israeli government, and beyond the fairly unique military apparatus which provides valuable training and experience.

These other factors include cultural aspects of resilience and innovation, access to academia for subject matter expertise, economic support for investments and growth in this space, and a startup mentality highly tolerant of failures — and more importantly lessons learned — to name a few.

In Israel, all of the factors mentioned above have contributed to creating a capacity for innovation and excellence in the cybersecurity domain. Just as importantly, the political and military leadership of the country are fully cognizant of that capacity and have decided to make it a national priority. As Dr. Eviatar Matania, Head of the Israel National Cyber Directorate, put it, “cyber is like the industrial revolution… We are just at the beginning of the cyber revolution… But we are going to be a cyber nation… as cybersecurity is a necessity to prosper.”

And as they say, the rest is history.

Our second article, “The Land of the Cyber Startups,”  delves into the determined ways that Israel has been encouraging the growth of its cybersecurity sector.

The Dr. InfoSec Blog is curated by Christophe Veltsos, PhD, CISSP, CISA, CIPP.

Chris, aka Dr.InfoSec, is passionate about helping organizations take stock of their cyber risks and manage those risks across the intricate landscape of technology, business, and people.

Whether performing information security risk assessments, working alongside CIOs & CISOs to set and communicate strategic security priorities, or advising board members on effective governance of cyber risks, Chris enjoys working with business leaders to improve their organization’s cyber risk posture.

To Read His Blog, Click on http://blog.drinfosec.com/2017/07/why-your-next-cybersecurity-toolservice.html

The post Why Your Next Cybersecurity Tool/Service Might Just Come from Israel — PART 1: Why Israel? appeared first on MITechNews.

SAN FRANCISCO – More than 14 million records of Verizon subscribers who called the phone giant’s customer services in the past six months were found on an unprotected Amazon storage server controlled by an employee of Nice Systems, a Ra’anana, Israel-based tech company. Verizon has a base of 113.9 million total customers.

The data was downloadable by anyone who knew where to look. Verizon said it’s investigating the matter.

Chris Vickery, director of cyberrisk research at security firm UpGuard, who found the data, privately told Verizon of the exposure shortly after it was discovered in late June.

Each record included a customer’s name, cell phone number and account PIN — which, if obtained, would grant access to a subscriber’s account, according to a Verizon customer service representative, who spoke on the condition of anonymity because the rep wasn’t authorized to speak to the press.

Several security experts briefed on the data leak warned of phone hijacking and account takeovers, which could allow hackers to break into a Verizon subscriber’s email and social media accounts, even those protected by two-factor authentication.

Perhaps its time to update your account PIN?

The post Snafu Leaves 14 Million Verizon Subscribers Personal Information Unprotected appeared first on MITechNews.

SAN FRANCISCO – Security firm McAfee discovered the latest attack, called LeakerLocker, which affects Android phones through apps downloaded from the Google Play store.

Most ransomware locks up your files or hard drive, but LeakerLocker takes your private data and browsing history and threatens to share it with the friends and family on your contact list if you don’t pay $50.

McAfee identified two apps in the Google Play store that carry LeakerLocker: Wallpapers Blur HD and Booster & Cleaner Pro.

Google didn’t immediately respond to a request for comment.

Read more about the attack at ZDNet.

The post LeakerLocker Ransomware Attacks Android Phones From Apps Downloaded From Play Store appeared first on MITechNews.

The post Don’t Be Forced Out Of Business By Cybercrime appeared first on MITechNews.

WASHINGTON DC – The Department of Justice and Europol announced Thursday that they have shut down AlphaBay and Hansa, two massive marketplaces on the dark web that served hundreds of thousands of customers trying to get their hands on illegal goods online.

While you or I can easily buy groceries, electronics and clothes online, when it comes to finding drugs, weapons and stolen identities, things can get a little more complicated. Merchants of contraband hide out on the dark web, a hidden part of the internet that you can only access through special browsers like Tor. There, buyers and sellers are anonymous, and so is the currency, with most transactions happening through bitcoin.

AlphaBay alone had 200,000 customers and more than 40,000 sellers peddling illegal goods, making it the largest takedown for a dark web marketplace ever. The website had 100,000 listings for sale when the governments took it down. In comparison, Silk Road, one of the most notorious dark web markets, had 14,000 listings when the FBI shut down the site four years ago. Hansa was the third largest dark web market when it shut down.

To read the rest of this story from CNET, click on https://www.cnet.com/news/alphabay-hansa-shutdown-closed-dark-web-market-silk-road/?ftag=CAD2e9d5b9&bhid=20102274281679224800074149012732

The post Feds Shut Down Two Of The Dark Webs’ Biggest Purveyors Of Illegal Goods appeared first on MITechNews.

LAS VEGAS – The Unicorn Team researchers from 360 Technology, China’s leading security company, discovered they could hack phones when they switched from modern LTE wireless networks to older, slower 2G technology. Of course, our phones do this all the time when the signal’s weak, although you may not notice when it’s happening.

Still, if hackers take advantage of the opening, they’re able to send text messages and phone calls from a victim’s phone number, the team said during a presentation at the Black Hat security conference in Las Vegas Thursday.

The hack works because of the way your phone rushes to keep a connection running when it switches between network technologies, said Lin Huang, one of the researchers on the team.

Typically, when a phone wants to connect to a wireless network, it needs to send an authentication codes that identify it as the correct phone using your number, the researchers said.

But, when a phone switches between slower and faster technologies, it skips that authentication step, Huang’s team found, in order to keep your connection as stable as possible.

Perhaps the worst thing Huang and his team found out is that if a hacker successfully takes over your phone number, you may never see it.

The “Ghost Telephonist” attack, which Unicorn Team named, can cause several headaches for victims, the researchers found. After taking over your phone number, hackers could use it on their own devices to gain access to many of your online accounts.

You can find accounts on social media by typing in a phone number, for example. The Unicorn Team took it a step further, and requested to reset a password by phone on Facebook. Facebook automatically sent a text message to the phone number — which Unicorn Team had hijacked — and used it to take over the social network account.

The team has informed network standards bodies about the vulnerability and said involved providers have fixed the issue or are in the process of doing it. They recommend that companies fix their authentication process or switch over to more secure technologies, which do exist.

Setting your phone on airplane mode also blocks out the Ghost Telephonist, Huang said, but then of course you’re disconnected.

“If you are in airplane mode, that means your phone already told the network, ‘I’m offline,'” she said.  

The post Report: Hackers Can Take Over Your Phone To Send Text Messages, Make Phone Calls appeared first on MITechNews.

LAS VEGAS – Hackers behind some of the most notorious ransomware around are taking some hints from legit Wall Street companies. Malware strains like Locky and Cerber helped make ransomware a $25 million industry in 2016 and its operators are starting to operate like conventional corporations with “customer” service staff and outsourced resources, researchers explained Wednesday at Black Hat.

Ransomware has devastated hospitals, universities, banks, and essentially any computer network with weak security over the last 10 years, but attacks have become even more prevalent as infection rates and payments grow. The malware encrypts files on a victim’s computer and demands payments — one that reached $1 million — if the victim ever wants to get data back.   

Researchers at Google, Chainalysis, New York University and University of California San Diego followed the money trail and got a look at the evolving ecosystem of ransomware. During the presentation at the Las Vegas conference, the team showed a new professional side to ransomware.

To read the rest of this story, click on https://www.cnet.com/news/ransomware-goes-pro-customer-service-google-25-million-black-hat/?ftag=CAD2e9d5b9&bhid=2010227428167922480007414901273

The post Ransomware Hackers Now Offer Customers Service, Outsourced Resources appeared first on MITechNews.

GRAND LEDGE – The mainstream media is full of stories this week about a Wisconsin vending machine company that plans to embed a rice-size microchip in the hands of employees on a voluntary basis on August 1, 2017.

According to NBC News:

 “With the wave of their hands, employees will be able to open doors that require identification cards, log into their computers, operate copy machines or pay for snacks out of the company’s vending machines, the company said.

The chips operate on electromagnetic fields and must be no more than 6 inches from a device that can read them, known as radio-frequency identification.

Three Square Market is partnering with Swedish-based BioHax International to install the technology, which was approved by the U.S. Food and Drug Administration in 2004 for the marketing of the VeriChip to medical patients. …”

Reactions to this news are all over the map, with headlines ranging from positive stories about the dawning of a great new era to Big Brother privacy concerns to fears that Biblical prophecies are about to come true.

Yesterday’s Predictions are Today’s Reality: How Did We Get to this Point?

Back in 2010 – ABC News ran this report which predicted that we would see implants by 2017, although their example was for medical purposes.

To read the rest of Dan Lohrmann’s column, click on http://www.govtech.com/blogs/lohrmann-on-cybersecurity/where-next-for-microchip-implants.html

The post What’s Next For Microchip Implants? appeared first on MITechNews.

DETROIT – Michigan has nearly 7,000 cybersecurity-related job postings, a new study shows, while 39 institutions offer programs, degrees, or training related to cybersecurity in the Advance Michigan area, including Clinton, Eaton, Genesee, Ingham, Lapeer, Livingston, Macomb, Monroe, Oakland, St. Clair, Shiawassee, Washtenaw, and Wayne counties.

The study also shows that students can choose among more than 90 degree programs and 80 certification programs in this region. Standards to guide these programs will be critical in the future, as experts in the field believe specialized two-year degrees or certifications are often sufficient, when compared to the now required four-year degree or higher. 

The information comes from the Cybersecurity Skills Gap Analysis, done by the Workforce Intelligence Network for Southeast Michigan on behalf of the Advance Michigan Defense Collaborative.

The study also identified nearly 350,000 cybersecurity-related job postings nationally from July 2015 to June 2016. The study was conducted to better understand future workforce demands in the cybersecurity space. With employer demand for cybersecurity-related occupations increasing, identifying standards for this industry is essential for providing guidance for emerging skills needs and training.  

WIN’s Cybersecurity Skills Gap Analysis report identified four categories of occupations among the cybersecurity workforce: frontline cybersecurity workers, cyber-sensitive service workers, physical security and access workers, and indirect cyber-related workers. Report researchers analyzed job postings to identify a broad set of occupations associated with all aspects of cybersecurity, including the development of software, testing, hardening, connectivity, business-related cyber roles, physical security, and general cybersecurity knowledge.

California reported the highest level of postings with more than 45,000 online job advertisements, followed by Virginia, Texas, and New York, with over 20,000 postings in each state. Nearly 90 percent of postings required a bachelor’s degree or higher, and over 76 percent were for occupations in the frontline cybersecurity workers category, which consists of those working directly with the technical design and implementation of cybersecurity strategies. Despite the high demand, there were only 778,402 cybersecurity workers in the national workforce in 2016 and 13,520 cybersecurity workers in Michigan, which ranked 35th in the nation. 

 “It is essential that we understand employer demand in cybersecurity and identify standards for the occupations that are part of this industry,” said Lisa Katz, executive director of WIN. “We want to ensure access to necessary educational and training resources, as well as the future vitality of the cybersecurity field, which is critical to virtually every industry, from automated vehicles to banking and health care.”

The full Cybersecurity Skills Gap Analysis and more key findings from this report can be viewed at: www.WINintelligence.org/cybersecurity-report. 

For more research and data from WIN, or a custom analysis, please visit: www.WINintelligence.org. 

The post Survey: Michigan Has Nearly 7,000 Cybersecurity-Related Job Postings appeared first on MITechNews.

WASHINGTON DC – Congress wants to fix the notorious security problems associated with the Internet of Things – for the federal government.

This week Sens. Mark Warner, Cory Gardner, Ron Wyden and Steve Daines introduced the “Internet of Things Cybersecurity Improvement Act,” (PDF) a bill that would force tech companies to ramp up security if they want to sell connected devices to the federal government.

Security on internet-connected devices hasn’t kept pace with a market that is expected to grow to 20.4 billion IoT devices globally by 2020. Gadget designers to tend to make IoT devices as simple as possible, which can often mean sacrificing security. 

The trade-off has meant that thousands of IoT devices — everything from connected security cameras to sex toys to baby monitors — can easily be hacked. The senators’ proposed bill aims to ensure vulnerable devices aren’t used by the federal government.

To read the rest of the story, click on https://www.cnet.com/news/congress-senate-iot-device-makers-your-security-sucks/?ftag=CAD2e9d5b9&bhid=20102274281679224800074149012732

The post Congress Wants To Fix IoT Security Problems For The Federal Government Only appeared first on MITechNews.

The post Is A Fear Of New Technology Holding Your Business Back? appeared first on MITechNews.