STE WILLIAMS

A decade since the global financial crisis of 2007–2008, the nature of risk that financial institutions face has remained at levels that continue to concern global financial institutions and financial analysts. Two things are contributing to this situation: the fact that financial firms operate in an increasingly interconnected, digital world where the rules around compliance are constantly being tested by the threat of cyberattacks; and the diverse, sometimes conflicting global data regulations and vulnerabilities associated with the open and collaborative nature of the Internet of Things.

As a result, regulators, compliance officers, and businesses are up against considerable odds to deliver compliance in a climate rife with the near-everyday possibility of cybercrimes, attacks on personal data, and challenges to the foundations of national and international financial stability.

In such an environment, the various constituents are seeking access to a set of clearly stated compliance rules that are as iterative, quick-moving, and responsive to changing circumstances as today’s global financial market itself. This is moving several financial sector players to turn their attention to next-generation tech solutions to track, manage, and better prepare their institutions for the kind of unforeseeable and potentially catastrophic risks that today’s interconnected and “always-on” world poses.

Built on a backbone of advanced technologies such as artificial intelligence (AI) and machine learning (ML), these solutions, with their unsurpassed capacity to reliably analyze reams of data, offer compliance teams the ability to, in real time, both quickly quarantine suspicious activity and swiftly approve safe financial transactions.

Money-laundering estimates indicate that “dirty money” accounts for 2%–5% of global GDP per annum, or up to $2 trillion of global GDP in current US dollars. 

Researchers at RMIT University in Melbourne, Australia, are reported to be helping the country’s financial intelligence agency — the Australian Transaction Reports and Analysis Centre (AUSTRAC) — to find and stop suspicious financial activity, including money laundering, by implementing AI/ML tools.

With black money worth about $4.5 billion said to be circulating in the Australian economy annually, AUSTRAC is reported to have been struggling in recent years to keep up with the sheer volume of transactions it needs to scour. As a result, it partnered with researchers from RMIT to set up an AI-enabled ML system to accurately identify suspicious-looking financial activity across potential nefarious transaction patterns. 

Contrary to previous detection systems, the new AI-driven systems empower the financial intelligence agencies to spot suspicious patterns across millions of transactions even when they are hard to trace back to specific individuals. It does this by feeding the ML system with previously gathered data as well as insights procured from the analysis of money-laundering networks, which helps AUSTRAC substantially reduce the volume of transactions it needs to sift through.

Similarly, HSBC (along with Europe’s other large banks) has been moving toward adopting AI-based software to help improve its anti-money-laundering (AML) processes in the wake of heavy fines that several financial institutions have had to pay for failure to; prevent money-laundering activities. For example, HSBC is partnering with a Silicon Valley-based AI startup, Ayasdi, to boost the efficiency of its AML investigations by replacing manual processes with automated ones. In a pilot of the startup’s AI technology, HSBC saw a 20% drop in the number of false-positive financial transactions investigations (without reducing the number of cases taken forward for closer study) — a crucial win for the bank as it continues to drive adoption of next-generation technologies to lower risks while also lowering costs. 

As financial compliance requirements grow in complexity in response to the threat of attacks on financial institutions, it is clear that advanced technologies such as AI and ML as well as natural language processing will continue to play a leading role in helping financial organizations better meet their regulatory obligations. With speed and accuracy being essential requirements to both maintain compliance and prevent the possibility of financial fraud/crime, these technologies uniquely qualified to help financial compliance teams fulfill their pressing daily requirements.

Although human oversight is required for the final calls that financial institutions may need to take regarding the blocking or quarantining of suspicious activities, it is clear that advanced technologies built on AI will become pivotal in the endeavor to build safer financial markets and a safer world.

Related Content:

• 6 Ways to Strengthen Your GDPR Compliance Efforts
• Privacy Ops: The New Nexus for CISOs DPOs
• The Rx for HIPAA Compliance in the Cloud
• Bringing Compliance into the SecDevOps Process

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Eric Winston is the Executive Vice President, General Counsel, and Chief Ethics and Compliance Officer responsible for Mphasis’ global legal and compliance function and policies. He has spent nearly 20 years guiding international market-leading public and private equity-owned … View Full Bio

Article source: https://www.darkreading.com/risk/compliance/stay-ahead-of-the-curve-by-using-ai-in-compliance/a/d-id/1333945?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Former Albany College student Vishwanath Akuthota has been arrested and charged with intentionally causing damage to protected computers owned by the College of Saint Rose.

A criminal complaint states that on Feb. 14 Akuthota entered several buildings at the Albany college and damaged more than 50 student-used computers by inserting a device similar to a USB stick. This sent a series of power surges into the devices, rendering them inoperable. The Department of Justice reports the damage done exceeds $50,000.

Akuthota, an Indian citizen residing in the United States on a student visa, appeared in federal court in Raleigh, N.C., where a US magistrate judge ordered him detained and transported to the Northern District of New York. As of this writing, the charges in the complaint are accusations.

The charge with which Akuthota was arrested carries a maximum sentence of 10 years in prison, fine of $250,000, and supervised release term of three years, maximum.

Read more details here.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/former-albany-college-student-charged-with-computer-damage/d/d-id/1333992?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A penetration testing and consulting firm based in Poland plans to release a free penetration testing toolkit next month at Black Hat Asia; the toolkit includes privilege escalation and network attack functions.

Paula Januszkiewicz, CEO of CQURE, says she and her team at the security firm are rolling 39 of the company’s 200 homegrown hacking tools — plus five new ones — into the freebie CQTools kit that they will demonstrate and offer during their talk at the conference in Singapore.

“This toolkit allows a cybersecurity specialist to deliver complete tests within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, and custom payload generation,” Januszkiewicz says.

Januszkiewicz’s firm traditionally has developed its own penetration testing tools for its client engagements as well as its own research work. She says existing forensic investigation tools rarely come with all of the features her team requires and that provide researchers the ability to gather specific types of information. CQURE researchers built, for example, their own hacking tool for the cryptographic Data Protection Application Programming Interface (DPAPI) in Windows.

Her team reverse-engineered DPAPI and its later version, DPAPI-NG. “That is why we had to write our toolkit, which consists of over 40 tools decrypting almost everything in the operating system,” she said. The researchers discovered how to decrypt DPAPI user-protected data by using the private key stored on a domain controller.

“DPAPI-NG is a very fresh subject and we already have the whole toolkit for it,” Januszkiewicz notes.

Januszkiewicz says CQTools encompasses both exploit kits and information-extraction functions, which a researcher could use to grab information from different areas in an operating system, for example, and it can bypass anti-malware software during pen testing engagements and research.

CQURE performs consulting, pen testing, incident response services, training, and security research

Januszkiewicz, along with Mike Jankowski-Lorek, CQURE’s cybersecurity specialist and cybersecurity and database architect, will demonstrate CQTools in their talk at Black Hat Asia. “I will be presenting different ways of revealing secrets from the operating system,” she says. “I will show how data and secret storage and encryption work on Windows, and how we are able to compromise related operating system mechanisms.”

Related Content:

• New Zombie ‘POODLE’ Attack Bred from TLS Flaw
• Researchers Dig into Microsoft Office Functionality Flaws
• Toyota Prepping ‘PASTA’ for its GitHub Debut
• Security Spills: 9 Problems Causing the Most Stress

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/analytics/european-security-firm-to-offer-free-hacking-toolkit/d/d-id/1333984?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Sergiy P. Usatyuk, who owned a series of services that collectively launched millions of distributed denial-of-service (DDoS) attacks, has pleaded guilty in federal court to one count of conspiracy to cause damage to Internet-connected computers. The services he owned and offered for use included ExoStress.in (“ExoStresser”), QuezStresser.com, Betabooter.com (“Betabooter”), Databooter.com, Instabooter.com, Polystress.com, and Zstress.net.

The sites were booter services, a class of publicly available, Web-based services that allow cybercriminals to launch DDoS attacks, often for low fees paid by customers who sign up via Web browser and online payment.

According to court documents, Usatyuk ran the network between August 2015 and November 2017. In September 2017, the ExoStresser website advertised that ” … its booter service alone had launched 1,367,610 DDoS attacks, and caused targeted victim computer systems to suffer 109,186.4 hours of network downtime,” one of the documents shows.

No date for sentencing was announced.

Read more here and here.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/booter-owner-pleads-guilty-in-federal-court/d/d-id/1333993?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

State-sponsored attackers continued to be extremely active in 2018 with major groups from at least a dozen countries involved in operations targeting government, business, and civilian targets throughout the year, according to analyses by two security firms.

While advanced persistent threat (APT) groups have, in the past, often used custom frameworks to help compromise systems and exfiltrate data, current groups are just as likely to use open-source malware and legitimate administration tools as a way to avoid detection and attribution. In a report released this week, managed security service provider Secureworks highlighted one group—Bronze Union (aka APT27 and Emissary Panda)—as a good example of these tactics becoming more common among APT groups. 

The group typically uses two open-source malware frameworks: ZxShell, a remote access trojan (RAT) released to the public in 2007, and Gh0st RAT, another popular framework used by criminal groups as well as espionage groups. The quality of readily-available malware is high enough that nation-state groups have no problem incorporating it into their toolset, says Matt Webster, senior security researcher with Secureworks.

“There are other circumstances where the group may pull out the more advanced tools, but there are other situations where they are making decisions based on the environment they are in, so they often use tools that are less sophisticated,” he says. 

Bronze Union, which is likely based in China, has focused on attacking defense-technology firms and their suppliers, as well as civilian groups that have a role in politics, Secureworks stated in its analysis. 

“The past couple of years have really solidified that they have two broad camps of intent,” Webster says. “One side seems to be more technology-focused, aiming toward defense technologies and their supply chains, and the secondary camp is more toward targeting organizations that would hold data that are relevant to civilians and civilian groups.”

The analysis of the Bronze Union APT group comes as other security firms companies continue to see widespread activity by state-sponsored intelligence groups. Cybersecurity services firm CrowdStrike tracks 81 named state-sponsored actors, with at least 28 conducting active operations in 2018, according to the company’s 2019 Global Threat Report.

China accounted for more than a quarter of all sophisticated attacks attributed by CrowdStrike to nation-states, while North Korea (DPRK), Iran, and Russia rounded out the top four actors, accounting for a total of 75% of attributed attacks.

“The activities … have been assessed as likely state-sponsored operations supporting intelligence collection, military requirements and—in the case of certain DPRK operations—currency generation,” the firm stated in the report.

Secureworks tracks more than 100 different groups, many likely connected to nation-state actors. 

Commodity malware is not just used by nation-state attackers, of course. Opportunistic attackers often use commodity remote access trojans (RATs) and other software to gain access to vulnerable networks and then sell that access to other groups, such as state-sponsored attackers, according to CrowdStrike.

“You can’t let your guard down — access gained with commodity malware is increasingly sold to other bad actors, who then use it to deploy ransomware, steal intellectual property, or engage in cryptomining, fraud and extortion,”  CrowdStrike said in its 2018 Cyber Intrusion Services Casebook. “An organization’s susceptibility to commodity malware is also an indicator of the effectiveness of their entire security strategy.”

P for Persistent

Secureworks found that Bronze Union occasionally did use a custom solution, usually to help the group maintain a presence inside a compromised network. While such tools are less likely to be detected by security products that focus on known malicious tools, the attackers appear to only use them when such a capability is truly needed, the company said.

For example, Secureworks found that for specific targets, the Bronze Union group would come back every few months to reestablish contact, Webster says.

“They will take time, effort, and resources, and expose themselves to some level of risk on a certain cadence, usually about three months,” he says. “The challenge with many organizations with this group is how do you detect the group when they have access to accounts? How do you spot that needle in the haystack?”

Often such tactics make the attackers and their tools much harder to detect. Groups that use compromised account credentials and then “live off the land” by using administration tools already present on the network to compromise other systems are extremely hard to detect. 

For that reason, companies need to make sure that they have a baseline of activity and can see anomalous activity, says Webster.

“It doesn’t really matter what tool they are going to use,” he says. “From our point of view, it is about getting visibility of your endpoints and your systems.”

Related Content:

• Asian APT Groups Most Active in Q2
• Politically Motivated Cyberattackers Adopting New Tactics, Report Says
• Chinese Hackers Stole Classified US Navy Info
• Cyber Espionage Campaign Reuses Code from China’s APT1

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/persistent-attackers-rarely-use-bespoke-malware/d/d-id/1333994?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Intel today announced new security tools and updates ahead of next week’s RSA Conference (RSAC). The Intel SGX Card and hardware-based firmware analyzer (HBFA) are intended to provide greater security within data centers and identify vulnerabilities earlier in the development cycle.

Intel Software Guard eXtensions (SGX) is designed to isolate specific application code and data to run in enclaves, or separate areas of memory. It was introduced to create more secure environments without having to trust the integrity in all layers of a system.

Intel SGX is used by major cloud providers, including Microsoft Azure, Alibaba Cloud, IBM Cloud Data Guard, and Baidu. However, it’s not without flaws. In March 2018, researchers demonstrated how SGX could be abused to steal cryptographic keys and other sensitive data.

The Intel SGX Card was created to quicken and broaden deployment of Intel SGX, says Jim Gordon, Intel Security’s general manager for Security Ecosystem Strategy and Development. Businesses can use the card to bring the application memory protection of Intel SGX to existing data center infrastructure that currently lacks support for it (earlier than Skylake processors).

“The card will let data center operators to accelerate deployment and adoption of SGX for the vast majority of servers in use today,” Gordon explains. Card users will have access to other benefits: larger, non-enclave memory space, for example, or additional side-channel protection when compartmentalizing sensitive data to a separate processor and associated cache.

Intel anticipates the Intel SGX Card will be made available later this year, officials report.

Along with the introduction of the Intel SGX Card, Intel and partners are rolling out new tools and capabilities targeting operational control, development, and emerging workload support.

The company is also adding new capabilities to its Threat Detection Technology (TDT) to support Linux on servers in virtualized data centers and cloud environments. In short, TDT uses hardware to improve malware detection in both cloud platforms and data centers. At RSAC, Intel will demo how TDT on Linux can be used to detect unauthorized cryptomining.

“It’s hard to detect without overburdening the user,” says Gordon of cryptomining. “It’s hard to do effectively with software alone.”

Intel is also developing a new tool for the open-source firmware community, which will simplify detection of security vulnerabilities earlier in the development lifecycle. “It’s a critical element in root of trust of the system,” says Gordon. However, because firmware is so low-level, it may not be apparent to developers. “It’s an environment they’re not as comfortable working with.”

The Host-Based Firmware Analyzer (HBFA) is a new tool for the TianoCore open-source firmware community. Intel is building a framework to automate testing of firmware components before they’re integrated into the system. HBFA lets developers run open-source tools (fuzz testing, symbolic execution, address sanitizers) in an open source environment. This tool is set to be available in the first half of this year, Intel reports.

Related Content:

• Whose Line Is It? When Voice Phishing Attacks Get Sneaky
• Embracing DevSecOps: 5 Processes to Improve DevOps Security
• Researchers Build Framework for Browser-Based Botnets
• ‘Cloudborne’: Bare-Metal Cloud Servers Vulnerable to Attack

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/application-security/intel-focuses-on-data-center-firmware-security-ahead-of-rsac/d/d-id/1333996?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The number of security vulnerabilities present in web applications and other software shows little signs of coming down anytime soon.

A new report from Risk Based Security (RBS) shows that a total of 22,022 security vulnerabilities were disclosed in 2018. The number is projected to increase substantially once vulnerabilities that were disclosed after the report was compiled are added to the total. Last year for instance RBS initially reported a total of 20,832 vulnerabilities. It later revised that figure to 22,230 after accounting for flaws in 2017 that were disclosed after the report was ready.

The main takeaway for enterprises is to remain vigilant, says Brian Martin, vice president of vulnerability intelligence at RBS. “Vulnerabilities are still being disclosed in high numbers, and every type of software is impacted,” he notes. “Organizations, regardless of size, need to be aware of the vulnerabilities and constantly enhance their triage process.”

As has been the case in recent years, web-related vulnerabilities accounted for nearly half (47.9%) of all reported security flaws in 2018. Some 27.5% were vulnerabilities tied to access authentication and 3.5% were classified as SCADA vulnerabilities—a doubling from 2017.

Input validation vulnerabilities—such as SQL injection errors, cross-site scripting, buffer overflow and command injection—once again accounted for a substantial majority of disclosed bugs in 2018. More than two-thirds of reported vulnerabilities (67.7%) last year were related to insufficient or improper validation of input suggesting that developers are still struggling to address an issue that has topped OWASPs list of top 10 vulnerabilities for a long time. Bug bounty programs, including those managed by vendors accounted for almost 8% of reported vulnerabilities in 2018, compared to just 5.8% the year before.

Of the total number of disclosed bugs last year, approximately 33% received a severity rating of seven above. Nearly one-third of them had public exploits available and slightly more than half were remotely exploitable. But, for the third year in a row, software vulnerabilities with a severity rating of between 9 and 10—the highest risk category—declined as a proportion to 13.6% of the overall total.

The reason for it could simply be that researchers are publishing a higher percentage of lower-risk vulnerabilities than before, Martin says. “If more researchers publish XSS, CSRF, or path disclosures—all considerably lower than 9.0—that could cause the percentage of lower-scored vulnerabilities to increase,” even as the actual number of high-risk flaws increase.

It is also likely that some high-severity security vulnerabilities are also being deliberately kept quiet, though that number is likely insignificant, Martin says. “While governments do keep some 0-day vulnerabilities that are typically 9.3 or 10.0 scores, there has been no indication that they are sitting on hundreds of them at any given time. It could be the case, but we only have a few samples to go off,” he says.

Significantly, RBS’ report shows that organizations relying solely on the CVE / National Vulnerability Database (NVD) for their vulnerability information are missing a substantial number of bugs. In total, RBS had 6,780 more vulnerabilities in its database compared to the NVD. Of that number, nearly 46% had a severity rating of 7 or higher. “We have a very different mindset and philosophy when it comes to aggregating vulnerabilities,” Martin explains. “We actually go looking for the vulnerabilities,” rather than waiting for bugs to be reported, he notes. Others have noted the same issue. In 2017, research conducted by Recorded Future showed that more than 75% of vulnerabilities are disclosed online publicly before the NVD included them in its database.

Troublingly for organizations, RBS’ data showed that nearly three-in-10 flaws reported in 2018 (27.1%) had no known or available fixes. That statistic highlights the reason why organizations need to have a defense-in-depth model, Martin notes. The goal should be to make vulnerable systems more difficult to access using approaches like access control lists, network segregation and technologies such as IDS and IPS, he said.

Related Content:

• Vulnerability Disclosures in 2018 So Far Outpacing Previous Years
• China’s Vulnerability Database Altered to Hide Govt. Influence
• 75% of Vulns Shared Online Before NVD Publication
• 7 Deadly Security Sins of Web Applications

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/more-than-22000-vulns-were-disclosed-in-2018-27--without-fixes/d/d-id/1333998?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple