Live Attack Intelligence strategies from Norse

Core concepts of current technologies include real time communication, interoperability, responsiveness, distribution, intelligence and smartness of devices. The Motives behind such innovations can be many but mainly the fulfillment of customer satisfaction. Companies invest, innovators invent and we all enjoy the high-tech, but winning competitors is the competition and it can lead to devastation. Comfort of technology and daily innovations can make life easy but with costs. Even if we are in the era of smart internet of things and we cannot avoid technology risks, we can minimize them if we think proactively. Hence, it should be a must to develop our security awareness  in timely manner.

I believe, proactive intelligent security solution is great approach.  Norse provides five types of live attack intelligence strategies that help defending advanced attacks in teal time base. “Norse Live attack intelligence can dramatically reduce eCommerce fraud and increase overall security posture. Live attack intelligence can also increase the efficacy of traditional security systems, enabling companies to leverage their existing security investments for greater efficiency and ROI. Because the threat intelligence is live and requires no signatures, data is never out of date and constantly adapts to the Internet’s changing threat landscape”, Norse.

These are the five live attack intelligence strategies that can be integrated in:

1.       Authentication Webpage

2.       Web servers

3.       Perimeter security

4.       Web payment pages

5.       Security Information and Event Management (SIEM) systems.

The first one is Rest based API, with only 20 lines of code. It detects IP address before user login into a system, it confirms whether users are accessing right webpages or not. It has a capability of blocking non genuine sites user redirected to. Great to prevent phishing attacks that is becoming so common . 

These are great examples of proactive attack prevention strategies. Such security innovation should be motivated.  For detail information, please refer the white page link bellow. 

http://www.norse-corp.com/wp-content/uploads/2015/04/Norse-WP-How_Adv_Attacks_Get_Past.pdf

Could the “Black Energy Malware” attack on Ukraine facility last month be a sign for World Economic Forum cyber risk assessment?

World Economic Forum global risk 2015 10^th edition categorize cyber-attacks among the most likely high-impact risks. It is listed as the number 10 risk the planet will face. In this report, the risk of cyber threat is expressed in connection to the deployment of Weapons of Mass Destruction (WMDS). According to the report(2. page 13 ), "In the coming decades, technological advancements, greater access to scientific knowledge and the increased vulnerability of classified information to cyber threats enhance the risk of WMDs proliferation, particularly in fragile areas. This highlights the need for greater international collaboration to control the proliferation of WMDs. the report also mentioned that interstate conflict is no longer physical but uses economic means and cyber warfare to attack people’s privacy as well as intangible assets."

"A power cut in western Ukraine last month was caused by a type of hacking known as "spear-phishing", says the US Department of Homeland Security (DHS)", taken from BBC report on January 12. 2016. 

A power cut incident that causes a black out to 80, 000 customers worth mentioning. According to the DHS, "Black Energy Malware" used to attack the facility is an attachment to corrupted Microsoft word. 

The scariest part is the fact that there is no place where Microsoft Word never reach.

My question is, where are we heading with the technology?

References

1.       http://www.bbc.com/news/technology-35297464

2.       http://www3.weforum.org/docs/WEF_Global_Risks_2015_Report15.pdf

Privacy and Controversial Technology

Privacy was sickened when internet was born, died when social media grow and buried when electronic devices get smart. Can we regain our privacy? … for sure we can minimize invasion of our privacy

According to his “why privacy matters” TED talk, Glenn Greenwald conducted an experiment to check whether people care about their privacy or not. He found out that some people responded to him that they don’t care about their privacy because they are not bad people or that they do not involve in nothing wrong to hide from others.  Then he asked them to email him their email login information (password). He said, no one was willing to send out the password. From this, it is possible to see the fact that the majority of us care about our privacy.

I care about my privacy not because I am a bad person or I am involving in wrong action, but because I don’t know who is breaching my privacy for what reason. I am fine with some entities such as government who do so for the sake of protection of the public; I like to get some discounted sales information to save money if it is by my consent. What I don’t want is the fact that Mr. Unknown hook into my system for no reason but to steal my identity information. 

How many of us can guess the number of third parties who track us every time we visit a website URL? Firefox has come up with a great add-ons called Lightbeam (called Collusion in its experimental version), “Lightbeam is an add-on for Firefox that displays third party tracking cookies placed on the user's computer.” It is a light weight easy to install software. After watching a TED talk by Gary Kovacs (Tracking our online trackers), I installed this tool and I found out the following results. Visiting 8 websites with their extension and libraries raised my vested website number into 30, but there were 275 third party websites connected to me without my knowledge and consents. 

The best part about this add-ons is the option it gives to turn on the tracking protection setting to block the trackers.

Thank you for reading my blog and I will come back next week

Farris

References

·         https://www.ted.com/talks/gary_kovacs_tracking_the_trackers

·         https://www.ted.com/talks/glenn_greenwald_why_privacy_matters