Day: February 4, 2018

The world faces more and more data breaches caused by lost or stolen credentials. How to manage network user accounts in order to protect corporate data?

Many companies do not track how their employees use shared privileged credentials and do not engage in privileged user monitoring. Instead, these organizations set tough frames for personal accountability within their facilities. According to a study by Gartner, improper privileged access management will be the major cause of about 60% of data breach incidents by 2018 compared to 40% in 2015.

To access a user directory service account with administrator privileges, hackers may apply spear phishing, the Pass the hash method, or other methods.

In an organization, there are different types of privileged accounts, categorized by the task they perform:

• administrative accounts (have access to all standard privileged processes);
• system accounts (are integrated into applications or systems, e.g. Windows or Linux);
• operational accounts (include shared accounts for software administration or installation and service accounts for remote access to systems).

Companies should be aware of possible outsider and insider attacks on these accounts and strive to improve control measures for users with privileged access permissions. In this article, we will cover the best practices of the privileged access management(PAM).

Tip #1: Make a List of All Privileged Access Accounts

To ensure accountability for all privileged accounts in your organization, you should inventory them, especially if you used dynamic environments. To accurately list such accounts, you may use the autodiscovery feature provided by various PAM solutions. Furthermore, your list should contain detailed information about owners of privileged accounts and their roles. This technique will allow you to monitor who is responsible for a particular account and prevent an unauthorized access for employees that no longer work in your company.

Tip #2: Don’t Share Passwords for Shared Accounts

While this practice seems to be quite obvious, some administrators insist that sharing shared-account passwords among approved users can’t lead to negative consequences. However, this approach makes proper personal accountability impossible and violates regulatory compliance requirements. Furthermore, it increases a probability of revealing these passwords to others. Therefore, you should ensure that shared-account passwords are accessible only to account owners. To avoid revealing shared-account passwords, you should consider implementing the single sign-on (SSO) authentication. In case you need to reveal a password, you have to change it after use.

Tip #3: Use as Few Privileged Accounts as Possible

To reduce risks of data thefts, you should minimize the number of account with a privileged access or even eliminate all accounts with permanent and full privileges if possible. The same practice is applicable when it comes to shared privileged accounts that are hard to account for. It is impossible to define a concise appropriate number of accounts with privileged access, but they should be as few as possible in case you want to get a better control them.

Tip #4: Minimize the Number of Rights for Each Privileged Account

To better protect your data from disclosure and ensure the proper superuser privilege management, you should set minimum rights needed for specific users so as they could perform their obligations. Establish a well-controlled use of privileged accounts. Every such account should have minimum privileges that are necessary to accomplish specific tasks. It means that if a specific account is assigned for application administration, then it shouldn’t have system permissions beyond the scope of configuring or restarting said app. Therefore, you shouldn’t enable this account on those systems that have doesn’t have the app in question running.

Tip #5: Manage Passwords Properly

To reduce risks of compromising privileged accounts, you should manage passwords wisely. They should be complex, unique, regularly changed, and never shared. It will ensure a better protection for sensitive data and keep out ordinary user accounts from the ones with privileged access. Make sure these passwords are individual to all privileged users and unique for each account or app. Furthermore, never store passwords unencrypted so that no one can compromise them.

Tip #6: Separate Privileges for Specific Tasks

You should split up privileges necessary to accomplish specific tasks among various administrators. It will allow you to ensure that those admins won’t have conflicting privileges. Since superuser administrative privileges provide users with full access to data and operations, divided privileges will reduce a risk if users with privileged access ever to perform malicious actions.

Tip #7: Practice Privilege Elevation Instead of Assigning Superuser Privileges

Administrators usually utilize personal accounts without privileged permissions to accomplish their ordinary tasks, such as surfing the Internet, working with their emails, using corporate applications, etc. Instead of granting administrators with a full access, use privileged elevation to allow them to perform corresponding actions when needed. Such temporary privileged access will significantly reduce data theft threats.

Tip #8: Use One-Time Passwords

The advantage of a one-time password (OTP) over a static one is that the password can not be reused. Thus, an attacker who intercepts data from a successful authentication session can’t use the copied password to get access to the protected information system. However, using OTPs, you can’t protect your system from attacks based on an active interference in the communication channel used for authentication, e.g. “man in the middle” attacks. Although, it will increase security within user authentication.

Tip #9: Use Two-Factor Authentication

The double-layered protection will ensure secure authentication and make it more difficult for third parties to intercept your data. Unlike a traditional logging process only with a username or password (knowledge factors), two-factor authentication also includes possession factors (physical tokens, SMS, biometrics, etc.) to let users access to an account. Two-factor authentication forms an additional barrier for hackers striving to get administrative privileges in order to access corporate applications and data. Without physical access to person’s phone or security token, hackers will be unable to authenticate.

Tip #10: Record Privileged User Sessions

In fact, proper privileged access management is not enough for ensuring a high security level for your corporate systems. To timely detect suspicious activities and efficiently investigate malicious operations, you should record privileged user sessions. By reviewing these sessions, you will be able to see all performed actions within their proper context, allowing you to determine whether malicious activity have taken place. User activity monitoring solutions also usually contain robust alerting functionality, allowing you to not only investigate issues after the fact, but also detect incidents as they happen and often even block ongoing sessions, preventing further damage.

How Ekran System Can Help You with Privileged Access Management

Ekran System is a universal insider threat detection tool that enables companies to audit activities of both regular and privileged users and protect corporate systems from data breaches. The solution can record, monitor, and audit privileged sessions as well as provides an intuitive user interface with effective search tools.

Real-time alerts will allow you to timely detect suspicious activity and block it if the session is still ongoing. Using Ekran System, you will be able to control access to monitored endpoints due to the built-in two-factor authentication feature and one-time password functionality. Furthermore, with this solution, you can depersonalize corporate shared accounts by enabling a requirement to provide personal account credentials while using shared access. Thus, you will always know who stands behind a specific shared account session.

Ekran System allows monitoring privileged user sessions while enabling you to focus on your priority security tasks and implementing other best practices for privileged access management.

LiveEdu announced that they have successfully reached the $10M hardcap for their ICO ahead of schedule. Over 5000 people from 150 countries participated in the ICO. Many of the participants are professionals working in the industry LiveEdu is targeting.

Disclosure: This is a Sponsored Article

CEO, Dr. Michael J. Garbade had this to say,

“You guys surprised us all. We launched our crowdsale without any private pre-sale or any aggressive bonus model for major contributors. No contributor even had 100% bonus, but still we have been able to close quickly. Thank you for believing in our project and the opportunity of disrupting the $306 billion professional development market one shot at a time. We are looking forward to hiring experienced new team members from LinkedIn, YouTube and Lynda. We look forward to setting up LiveEdu Project Screens in cities around the world, one city at a time.”

He added,

“Because our ICO closed quicker than we anticipated, we’re working to go over everything and create a new schedule. And of course, we know getting your tokens are your first priority. Please be patient as due to the early finish we will have to make some changes to our original timeline. We are still monitoring all online social communities and forums so don’t hesitate to reach out to us with any questions.”

The funds raised in the crowdsale will be used for rapid expansion of the LiveEdu ecosystem and streaming clusters, building ten thousand projects for their initial eight topics and hiring more experienced team members.

About LiveEdu

LiveEdu is a decentralized peer-to-peer project learning platform for people to improve their job skills in future technologies. LiveEdu is building the YouTube for online education and professional development. They are taking one category out of YouTube and building it out into a bigger category of its own. Just as Twitch took the category gaming out of YouTube and built it into its own large vertical, LiveEdu is taking the category professional development out of YouTube.

Website and Social Media

Website: https://tokensale.liveedu.tv/

Whitepaper: https://tokensale.liveedu.tv/static/docs/LiveEdu-white-paper.pdf

Telegram: https://t.me/liveeduico

Twitter: https://twitter.com/liveedutv

One of the most prominent threats in the current world of cybersecurity is ransomware. Major ransomware attacks involving never before seen strains are constantly on the front pages of the news outlets.

One of the recent examples of such an attack is Bad Rabbit ransomware that hit Ukraine and Russia in late October of 2017. Based on the well-known EternalBlue exploit, it targeted old Windows systems that weren’t properly updated. While the exploit itself has already been patched on the latest versions of Windows, users still remain vulnerable if they have legacy systems and fail to apply updates.

Current state of ransomware

Ransomware has gained prominence not only on Windows, but also on macOS, Linux, and popular mobile systems.

It is estimated by Kaspersky Lab, that over the first quarter of 2017 240,799 mobile users have become victims of ransomware infection. US government also says that the average number of daily ransomware attacks has increased dramatically over the past couple of years – from 1000 attacks in 2015 to more than 4000 attacks in 2016.

This increase in the number of attacks corresponds to the increase in popularity of ransomware on the black market. According to Carbon Black, the number of ready-to-use ransomware, offered on the dark web saw a 2,502% increase.

These numbers only prove how easy it for anyone to conduct ransomware attacks even without the specific knowledge on how to write a virus like that.

All of this leads to a high demand for anti-ransomware software that would be capable of detecting and preventing such attacks. However, ransomware protection solutions like this are usually fairly complex and hard to develop, requiring considerable investment and experienced development team. They often employ behavior-based algorithms coupled with wide system access and system control in order to effectively monitor the state of the OS and block all attacks in real time. Thus, the number of solutions that fit the bill in terms of capability of detecting new ransomware strains is still fairly limited.

Types of ransomware

Generally, ransomware can be defined as a malware specifically designed to extract ransom from its victims. However, numerous different types of ransomware put their own unique spin on this basic idea. All ransomware can be divided into four major groups:

• System lockers – this type of ransomware is focused on denying the user access to their operating system. Usually, a ransom message will appear as soon as the system is booted, not allowing to use it in any way.
• Application lockers – this type of ransomware is focused on blocking specific applications. The usual target is web browser – whenever user tries to access internet, a ransom note will appear preventing them from using the browser.
• Encryption ransomware – this is probably the most standard and well-known type. It encrypts data, blocking user’s access to files.
• Fake ransomware – this is a particularly nasty type of ransomware that displays a ransom note without any means to undo the damage, Even if the user pays the ransom, they wouldn’t get their files back, because they are usually deleted instead of being encrypted.

All modern different types of ransomware stem from the very successful 2013 malware named CryptoLocker. Despite the fact that the very concept of ransomware has appeared as early as late 80s, and that ransomware existed all throughout the 90s and 2000s, it wasn’t until CryptoLocker adopted Bitcoin as an innovative means to pay ransom that it became popular.

CryptoLocker spread through spam emails, encrypting files on Windows endpoints with the pair of public and private keys and demanding $400 in ransom, payed via Bitcoin. It was extremely successful, with the amount of paid ransom estimated to be in the vicinity of $3 million.

As a result, a huge number of malware tried to imitate the success of CryptoLocker, while at the same time expanding and improving upon its design.

Some of other the prominent ransomware examples include:

• Cryptowall – first appeared in 2014, this ransomware proved extremely successful. One of the main features of Crypowall is its ability to avoid detection by using various tricks, often employed by other Trojans. For example, it creates fake system processes to mask its presence and used actual digital signature.
• Locky – this ransomware uses several advanced techniques to encrypt data and avoid being detected. For example, it uses encryption algorithm with server-side key generation, rendering unauthorized decryption impossible. It is also capable of encrypting data on all types of storages, including removable and network ones.
• Wannacry – this is very famous ransomware that took out UK NHS (National Health Service) in May 2017. It infected more than 230,000 endpoints by using already mentioned EternalBlue exploit that was leaked prior to the attack. Despite the fact that the exploit was patched, many users failed to update their legacy systems, leaving them vulnerable to the attack.
• Petya – first appeared in 2016, this ransomware has been spreading through spam emails. It infects Windows Boot Record and encrypts main drive’s file system table in order to block user access to the system. Another, variation of this strain of ransomware appeared in 2017. Named NotPetya, to distinguish it from the original, it uses EternalBlue exploit to infect target endpoints.

Ransomware detection via behavior-based algorithms

One of the main dangers of ransomware is the fact that it grows extremely quickly. As already mentioned, new strains appear almost daily and traditional signature-based detection methods cannot be used to detect them.

Of course, timely system updates can minimize risks when it comes to dealing with already known malware, while having fresh backup will allow you to minimize the damage in case of an attack. But how to prevent ransomware attack from happening in the first place?

A popular approach to ransomware detection is to combine deep system monitoring with machine learning, resulting in a system that can detect new strains of ransomware in real time by searching for certain behavioral patterns.

Despite the fact that multiple strains of ransomware use different approaches to obfuscation, encryption, and demand for ransom, majority of them displays similar behavioral patterns that can be detected. These patterns include:

• Assurance of attack continuation – ransomware needs to assure, that an attack, once initiated, can continue despite any measures that user may take to prevent it. This means that malicious payload needs to stay persistent between system reboots, and that any system restore or backup services should be disabled.
• Protection from detection – ransomware needs to protect itself from detection and subsequent analysis. This means that code obfuscation and other similar techniques are used to hide the payload. Apart from that, ransomware often employs environmental mapping in order to detect whether it is operating on a real or virtual system. In case of the latter, it may shut itself down to prevent security specialists from analyzing the payload. Another purpose of environmental mapping is to confirm that the ransomware is about to attack the correct target, for example, by checking system language and other identifiers.
• Network usage – ransomware uses existing network for various purposes, for example, to download parts of the payload or to download encryption keys from the server. They will often use domains with randomly generated names to stay anonymous.
• Privilege escalation – users often lack the level of privilege necessary to do real damage to the system. Thus, ransomware that wants to, for example, overwrite Master Boot Record, often tries to escalate its own level of privilege in order to do so.
• Large number of file operations – encrypting files involves a large number of specific operations, such as adding another extension to the name of each file, or copying and deleting large groups of files.
• Ransom notes within the malware – since ransomware needs to make its demand for ransom known, it will usually contain a ransom message within its files, either in the form of a text or an image. Detection of a message like this is a very strong indication that you’re dealing with ransomware.

All of the abovementioned behavior can be detected by the anti-malware system, and associated files can be put for quarantine or removal.

However, it is important to remember, that a single type of behavior does not guarantee that you’re dealing with ransomware, and relying on it can lead to false negatives or false positives. To avoid these issues, you need to correctly detect a pattern that consists of several behavioral indicators. This requires analyzing each individual event in the context of the whole even stream in order to establish its connection with other events.

Ransomware prevention via early blocking

Behavior analysis is not the only way to protect against ransomware. Another solution is to try and block a potential malicious software outright, without trying to identify it via behavioral indicators.

Malware will often use the same techniques to attack the system. These techniques, for example, involve DLL or process injections, that can be blocked outright. This allows to immediately prevent the damage and avoid using resource-intensive behavior analysis.

However, the main challenge of this approach is the fact the anti-malware solution needs to be able to distinguish between legitimate and malicious usage of hooks and injections. If this challenge is solved, such method can prove extremely successful at preventing damage from ransomware.

Conclusion

While the threat of ransomware is very significant, it doesn’t mean that we don’t have the necessary means to deal with it.

There are several solutions available, focusing on detecting zero-day ransomware attacks and preventing the damage. The most effective are hybrid solutions, that combine behavioral analytics, statistic, and proactive blocking of certain potentially harmful actions to both minimize the number of false positives and false negatives and provide you with reliable defenses.

Another way to deal with ransomware, is to use several solutions at once, granted they are compatible with each other.

The world is changing while you are reading this sentence. New technologies, new opportunities, new ways of thinking. Even gambling isn’t the same any more. One of the oldest pastimes in human history has made great strides since it entered the online world, and the casino lobby has been getting closer and closer to the players. From dusty saloons to virtual labyrinths – it has sure been a wild ride. What’s next? What will be the next step in casino evolution? Let’s try to find out.

Disclosure: This is a Sponsored Article

The Times, They Are…

…a-Changin’. Bob Dylan said so more than four decades ago, and this is one of the few things that have not changed. If you’re reading this piece, then you, like us, are interested in the evolving world of online gambling. Gambling has been an important part of human society for a staggeringly long time – about 4 300 years, if you listen to archaeologists. However, it took four millennia for the first casinos to appear! Their birthplace was Venice, and they were an attempt to organise the betting madness during the local carnivals.

Since then, casinos have been spreading like wildfire. They crossed the Atlantic with the first settlers, and the dusty Old West saloons slowly grew into the grand palaces of Las Vegas. However, things went viral when the first online casinos appeared in the 1990s. The dot-com boom changed things forever. Before, a night at the casino was kind of a fantasy for most, but suddenly anyone with a decent internet connection could play exclusive games in the living room. Online casinos were something fresh, exciting – and sometimes dangerous.

According to Nicholas Crouch from scams.info, this is no longer the case. Nowadays, the online world is no less regulated than the real one. People had to learn to manage invisible money, while casinos now keep their guard against scammers hidden miles away. And… online casinos no longer feel new. People have gotten so used to constant change that they expect it on a daily basis.

And the industry has to deliver.

The Next Great Tech for Online Gambling

The last few years have seen a tremendous increase in mobile gaming. People have started to play from their phones while they are on their way to work, or during the breaks. It’s that easy. Online casinos are suddenly competing in introducing mobile-friendly platforms faster, even as they are managing the new requirements towards the web-based ones. The graphics that you will see on smartphones are a whole world apart from the first tetris-like games that people raved about less than two decades ago. This is another field of online competition – or warfare, if you prefer to be blunt about it – that has developed naturally as people changed their habits in response to new technology.

Of course, the million-dollar question is what the next innovation to shake the gambling world will be. Surprisingly, it seems that there is already an answer to that. If you’ve been keeping an eye on tech news, you may have noticed that a very old sci-fi dream has steadily been gathering steam. We are talking about Virtual Reality, of course.

Some years ago, VR expert Mark Bolas boldly claimed that this revamped technology will change every aspect of our lives. Well, it hasn’t been that quick in spreading, but VR seems to be real enough, and everyone expects it to be the next great shaker. And you can bet your bottom dollar that casinos will be among the first to take a leap into this new world.

In fact, they are already doing exactly so.

Expect the Unexpected

Even as new technologies flood our lives, you should remember that innovation can often be found in the rethinking of older concepts too. French aviation designers AirJet Designs and Designescence tried a more straightforward approach in making gambling accessible – by putting the casino on a plane. While not exactly cheap (or successful, for that matter), this is an alternative approach that might also work.

There is a growing nostalgia for the simpler, less tech-driven lifestyle of the past. Progress will keep marching on, but this doesn’t mean that the next grand change won’t be something quite more retro than you would expect. Even the new generation – those millennials that have practically been suckled with a tablet in hand – have proven surprisingly resilient to some tech changes. Taking a sideway step from gambling, a decade ago everyone expected that eReaders would turn paper books in a thing of the past, but the recent Nielsen survey shows that this isn’t the case at all. Perhaps VR will follow a similar route – establishing a niche, but without threatening land-based casinos or even their web platforms.

After all, humans are extremely diverse in their thoughts, dreams, and desires – and that’s OK! There is no real reason to stop old and new concepts from co-existing, especially if both are bringing us entertainment!

How decentralized crowdfunding could break down borders #SPONSORED

XinFin opens token sale of it’s utility tokens, unveils the first of it’s kind hybrid blockchain XDC protocol

Singapore based XinFin unveiled the first of its kind Hybrid Blockchain protocol architecture for enterprise adoption for global trade and finance market, opens sale of it’s utility tokens.

(For Immediate Release) XinFin unveiled its Hybrid Blockchain network, powered by the XDC protocol. The XDC protocol enables real world enterprises to work with Blockchain and digital assets ecosystem with a network architecture that combines best features of public blockchains and private networks. The XDC protocol has been architected to make it compliant with laws of the land and can work purely as a messaging layer for existing and approved payment mechanisms in any country.

The ERC20 utility token XDCE is hosted on decentralised ethereum Ecosystem and will let global enterprises work with XDC Protocol. The XDCE utility tokens are now available through it’s public ICO. The utility tokens will help get access to the XDC protocol and its subnetworks by hosting XDC masternodes.

• Youtube : https://www.youtube.com/watch?v=K-tHZkV6zAs
• Telegram : https://t.me/xinfintalk
• Token Sale Page : www.xinfin.io
• Main Website : www.xinfin.org

XinFin raised over USD 1.5 million in a private sale in July-August 2017 and utilized the funds to build it’s XDC hybrid blockchain protocol and the tradefinex.org app meant for bridging the global infrastructure deficit. Over  a half a dozen PoCs have been completed on the XinFin network and the proceeds from current round of token sale will be used to extend the PoCs into sizeable pilot projects with enterprises and institutions around the world. The funds will also be utilized for ecosystem development and masternodes proliferation of the XinFin network amongst institutions.

“The major hurdles for mainstream adoption of Blockchain ecosystem is the power intensive mining process, highly congested trust less networks, security and scalability. The XDC protocol is designed considering real world applications in global trade and finance. It has also been designed to make sure the enterprises that work with XDC protocol can work with full regulatory compliance.” Said Alex Mathbeck, head of marketing at XinFin.

“XinFin has architected its hybrid network from a fork of Quorum. The network consensus is two tiered. Along with a PBFT derived consensus mechanism between nodes, XinFin has implemented a stake based rule set that governs node participation.

The network maintains a private state and a public state. Private state ensures that the sensitive financial data is secure yet at the same time its public state makes it transparent and verifiable. The architecture makes the XDC protocol secure, scalable and lightning fast. Its Hybrid nature also makes it highly interoperable with legacy systems and other Blockchain platforms. XinFin network is highly compatible with the Ethereum network and its smart contracts while the underlying fuel is very cost efficient making transactions costs negligible. IoT layer over the XDC protocol allows real time state change to the Blockchain. The XDC protocol will support utility tokens in compliant jurisdictions to run on the XDC protocol.” Said Karan Bharadwaj, CTO of XinFin.

“The various tiers of XinFin master nodes makes it flexible for participants to work with the XDC protocol in a secure environment. The XDC can act as a pure messaging and confirmation layer using existing payment rails or as a settlement layer through approved and regulated institutions.” added Mr. Alex Mathbeck.

Tradefinex.org is the first of the distributed app launched in beta environment that uses the XDC protocol. TradeFinex is a smart contracts User Interface for global trade and finance using XDC Protocol. Tradefinex application is aimed at helping enterprises and policy makers to minimize inefficiencies in the $27 trillion annual infrastructure and international trade market. TradeFinex platform was inaugurated at the 2nd Global Summit on P2P Digital Asset System Summit held in India and is being extended to leading trade associations, financial institutions and regulators worldwide.

XinFin network has initiated onboarding of global alliances and developer communities to build disruptive Apps on XDC protocol to improve business process efficiency.

• Twitter : https://twitter.com/XinfinF
• Slack :  https://xinfin-public.slack.com

The post XinFin unveils XDC, the hybrid Blockchain protocol; opens its utility token sale appeared first on NewsBTC.

The crypto landscape in Dublin has changed rapidly, and with an enthusiasm perhaps disproportionate to the city’s scale.

Bluzelle, which raised $19.5 million in an initial coin offering (ICO), says a decentralized version of structured databases would be more resilient.