hacking – Page 311 – STE WILLIAMS

Alan Turing chosen for the UK’s new £50 note – a cracking result!

library
crime | hacking | security

In 2021, the UK’s highest-denomination banknote – or, more precisely, the biggest note in general circulation – will go plastic.

New banknotes typically mean new portraits, as when a plastic Sir Winston Churchill supplanted a paper Elizabeth Fry on the fiver in 2016, and the author Jane Austen replaced the scientist Charles Darwin on the tenner in 2017.

Like the £10, the £20 will transfer its allegiance from the sciences to the arts in 2020, with economist Adam Smith booted in favour of artist JMW Turner, after whom the prestigious Turner Prize is named.

(To be clear, there are at least two portraits on each banknote, because the reigning monarch is by tradition always on the front – it’s the people on the back who get swapped out when new notes are commissioned.)

So here’s a question for you – and don’t cheat by looking up the answer online or by peeking in your wallet…

…who’s depicted on the current £50 note, and what are they known for?

Chances are you don’t know.

Most people, at least in the UK itself, have no idea who’s commemorated on the fifty, for three main reasons: we don’t use cash that much any more; we’ve never taken much notice of the back of banknotes- everyone knows Her Majesty is on the front but the famous person on the other side is usually forgotten; and £50s are surprisingly rare in daily life anyway.

Somehow, we’re afraid of fifties, presumably on the assumption that counterfeiters favour the biggest notes because they offer the biggest return on, ahem, investment.

In fact, you regularly see signs in shop windows, especially in tourist towns, saying, “Sorry, no £50 notes accepted.” (Yes, they are allowed to do that – you can’t force a shopkeeper to take your money, just as they can’t stop you spending it somewhere friendlier instead.)

The answer is: the £50 currently has a double-bill of engineers-stroke-entrepreneurs on the back, namely Matthew Boulton and James Watt.

Boulton and Watt were business parters who helped fire up the industrial revolution in Britain and elsehere by selling and licensing their steam engines around the world.

And when the new note comes out it will stick with STEM (that’s contemporary shorthand for science, technology, engineering and mathematics) because Alan Turing has been picked as the new face of the £50.

Our hero

We’ve written about Alan Turing many times on Naked Security – he’s quite a hero of ours for lots of good reasons that anyone interested in computer science will know.

He’s probably best remembered for his codebreaking work at Bletchley Park during World War 2, where Turing and many other brilliant minds worked in dreadful conditions so that the Allies could crack the Nazis’ encrypted messages and thereby acquire a critical operational advantage in the fight to depose Hitler and his abominable regime.

Bletchley was cramped, crowded, leaky, insanitary – and, for the women who ran the first-ever electronic digital computers that were installed there towards the end of the war, downright dangerous.

Apparently, the operators were instructed to wear Wellington boots on duty so that they wouldn’t be electrocuted as they tended to the Colossus computers while splashing about in standing water that had got in through the roof.

Physical and intellectual endurance

Turing’s physical and intellectual endurance during the war was astonishing – he carried on making cryptanalytical breakthroughs in the midst of such shortages of everything, including food and sleep and time, that most of us would simply have run out of steam and achieved nothing.

But in our view, the most amazing indication of his brilliance, both practical and theoretical, was his pre-war work in which he figured out various vital limits to “what digital computers can do“…

… before digital computers even existed.

Turing was gay in an era when that was proscribed by law in Britain.

This ultimately led to his prosecution and conviction in court, to his formal ostracism by the Establishment – who had, of course, conveniently ignored the law when his wartime contribution was so desperately needed – and, tragically, to his ultimate suicide.

In a way, therefore, it almost seems inappropriate to commemorate Turing now on the very Bank of England note that many people shun for reasons they can’t really explain, based on fears of being ripped off that they can’t really justify.

On the other hand, the £50 is the biggest English banknote in circulation, in both size and value, so perhaps it is a fitting tribute for Turing after all – one that will remind us of the huge value of mathematicians and scientists who can blend theory and practice in ways that advance the world as a whole.

As the Bank of England’s website proclaims, “Think science and celebrate Alan Turing.”

IN CASE YOU WERE WONDERING…

Symantec share price nose dives after rumored Broadcom biz gobble taken off the menu

library
crime | hacking | security

Symantec’s share price has plunged on reports that its planned merger with Broadcom has fallen through.

According to CNBC, several sources have confirmed that the deal is off after Symantec insisted on too high a price – $28 a share – to sell up. That report, and the claim that it was asking too much, appear to have been validated when Symantec’s stock price immediately dropped 12 per cent and has continued to slowly slide all morning. At the time of writing, it is down 15.5 per cent at $21.64.

Adding insult to injury, Broadcom’s share price has risen slightly – up 1.7 per cent at the time of writing – demonstrating that as far as analysts are considered Symantec is not exactly a shining tech target.

Its CEO Greg Clark stepped down in May with no permanent replacement; something Symantec has had to get used to, losing five chief executives now in eight years. The security shop is also plagued with allegations of dodgy accounting, into which investigations are ongoing.

That said, when reports of the proposed deal first appeared, Symantec’s price went up 18 per cent and Broadcom’s went down 4 per cent, so Symantec has become mildly more interesting to the markets, presumably because they suspect someone else may look at buying the legacy security outfit.

Symantec offloads its certs and web security biz to DigiCert

The Broadcom/Symantec love-in was short-lived. Just two weeks ago, it was reported that the two companies were in “advanced talks” with Broadcom planning to pay $15bn for control.

What went wrong? Well, CNBC reports that Symantec wanted $28 a share and Broadcom thought that was too high. Bloomberg has added more context by reporting that the deal was set higher than that – $28.25 – but Broadcom insisted on a drop of $1.50 – ie: down to $26.75 a share – after it had done its due diligence. Symantec wasn’t happy with that and walked away. The deal was due to be announced this week.

The rationale for the deal was that Broadcom wants to get into higher margin software, a year after it bought CA Technologies for $18.9bn. Broadcom has had a relatively tough run of late as semiconductors slumped 12 per cent year-on-year in the first quarter of this year.

Broadcom CEO Hock Tan is also under pressure to justify his wage packet: he was the highest paid exec in the US in 2017 with a salary of $103.2m a year. Symantec will be the second failed takeover in the past year after Broadcom missed out on Qualcomm after US authorities blocked the deal, citing national security concerns. ®

Sponsored:
Balancing consumerization and corporate control

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/07/15/symantec_broadcom_deal/

FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine

library
crime | hacking | security

The fine, for the social media giant’s role in the Cambridge Analytica scandal, would be the largest ever against a tech company.

The Federal Trade Commission (FTC) and Facebook have reached a settlement over the 2015 Cambridge Analytica privacy scandal, according to reports in The Wall Street Journal and other news outlets.

The fine, at approximately $5 billion, is the largest against a tech company in the FTC’s history, surpassing the $22.5 million levied against Google in 2012. That fine also was for failures in privacy practices.

While the settlement has not been formally announced, legislators are already speaking out on the subject, with those on both sides of the aisle criticizing the amount – approximately 9% of Facebook’s 2018 revenue – as insufficient.

The proposed settlement must be reviewed by the Department of Justice before it’s finalized. No date has been announced for the conclusion of that review.

Meet DoppelPaymer, BitPaymer’s Ransomware Lookalike

library
crime | hacking | security

New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.

Researchers have identified a new ransomware variant dubbed DoppelPaymer, named for code similarities it shares with BitPaymer ransomware operated by the Indrik Spider attack group.

The new variant was spotted in a series of ransomware campaigns starting in June 2019, including attacks against the City of Edcouch, Texas, as well as the Chilean Ministry of Agriculture, CrowdStrike researchers report in a blog post on the malware discovery.

While most of their source code is related, differences between BitPaymer and DoppelPaymer could indicate a member of Indrik Spider splintered from the group and forked BitPaymer and Dridex source code to begin a “big game hunting” ransomware operation. Big game hunting is a term CrowdStrike uses to describe the tactic of targeting organizations for large payouts.

“Big game hunters favor municipalities, industrial/manufacturing, healthcare, and targets which cannot accept downtime,” says Adam Meyers, vice president of intelligence at CrowdStrike, adding that in this case, researchers saw targets across multiple verticals. “They choose targets in these verticals to increase the likelihood of payment, likely thinking that these victims are not prepared to recover and the cost of ransom is less than the cost of downtime.”

Indrik Spider was formed in 2014 by former affiliates of the GameOver Zeus criminal network. Shortly after its inception, the group built Dridex, which became one of the world’s most prominent cybercrime operations in 2015 and 2016. In August 2017, it launched BitPaymer and began the shift to big game hunting, using access to an organization to demand more money.

Since BitPaymer launched, Indrik Spider has made several changes to its original source code. November 2018 brought a significant update: the ransom note was altered to include the victim’s name, which was also included in the file extension added to encrypted files. BitPaymer’s file encryption was updated to use 256-bit AES in lieu of the earlier 128-bit RC4. Researchers suggest the swap was due to “relative weakness” of RC4 compared with AES.

The latest version of BitPaymer has been used in at least 15 confirmed ransomware attacks since November. Activity has continued through 2019, with multiple incidents in June and July.

In June, lookalike DoppelPaymer arrived on the scene. Researchers recovered DoppelPaymer builds dating back to April 2019; however, because these were missing new features seen in later versions, it’s likely they may have been test builds. CrowdStrike has confirmed eight malware builds and three victims with ransoms starting at $25,000 and exceeding $1.2 million.

Adversaries typically gain access to targets via other malware like Emotet or Dridex, Meyers explains. Once they identify a target, they begin to interact by escalating privileges, moving laterally, and getting to a position with enough reach to deploy the ransomware payload.

“The code is very similar” to BitPaymer’s, says Meyers of DoppelPaymer, adding that “the actor likely had access to the BitPaymer source code and created a forked version where they added some customizations such as changing the cryptography and the ransom note schema.”

While DoppelPaymer’s ransom note is similar to the one used by the original BitPaymer in 2018, there have been some changes. The payment portal is “almost identical” to the original BitPaymer portal, researchers report, and it contains a ransom amount, countdown timer, and bitcoin address for payment. Both threats use Tor for ransom payment and the .locked extension.

Code overlaps indicate DoppelPaymer is a more recent branch of the latest iteration of BitPaymer, and there are “notable encryption differences” between the two. The actor behind DoppelPaymer made several code changes to improve BitPaymer’s functionality: file encryption is now threaded to increase the speed of encrypting files, for example, and DoppelPaymer will run only after a specific command line argument is provided. If no arguments, or an incorrect one, is provided, then DoppelPaymer will crash. It also uses a technique called ProcessHacker, a legitimate open source administrative utility, to terminate some of its processes and services.

Both BitPaymer and DoppelPaymer continue to operate at the same time, as separate threats.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/risk/meet-doppelpaymer-bitpaymers-ransomware-lookalike/d/d-id/1335251?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Flaws in Telegram & WhatsApp on Android Put Data at Risk

library
crime | hacking | security

App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.

WhatsApp and Telegram are personal messaging apps that have, between them, more than 1.7 billion users around the world. They are frequently used by political activists, healthcare providers, and businesses around the world because of the security of their “always encrypted” communications. But recent research shows that there are security vulnerabilities that could open the services to manipulation and data theft for users on Android devices.

In a blog post today, Symantec researchers Yair Amit and Alon Gat discussed a media file jacking flaw in the way that the Android apps store files that the user receives. The researchers note that the flaw isn’t in the app code, but in the app logic, specifically where the apps will store files that they receive.

“We found the vulnerability in the way on Android that WhatsApp (by default) and Telegram (in a certain setting) can store attachments like photos and audio messages before the user is able to open the original file,” says Domingo Guerra, senior director of modern OS security at Symantec.

The trouble is that Android can store files in two locations — internal and external storage. Data in internal storage can only be accessed by the app that stored it. Data in external storage is defined as world readable and writeable — any app or user can read and modify the data.

WhatsApp stores received media files in external storage by default. Telegram uses external storage for its “Save to Gallery” feature. In both cases, the files are stored to publicly accessible directories.

According to Guerra, there are several kinds of damage that could result from the ability to intercept and manipulate files on an Android device — damage beyond the simple ability to see what sort of files are being sent back and forth between users.

In the blog post on the vulnerability, the researchers point out image manipulation, in which faces are changed or individuals inserted into images; audio manipulation, in which a “deepfake” technology makes it seem an individual is saying something they never actually said; invoice manipulation, in which the amount and payment details in a legitimate invoice are changed to send money into the attacker’s account; and “fake news,” in which the material sent out by a legitimate news organization is changed to become inaccurate, as possible harm from media file jacking.

To add to the vulnerability’s seriousness, “You don’t have to attack Telegram or WhatsApp for this to happen,” says Guerra. “A device that already has malware that’s monitoring for external storage could be vulnerable to replaced documents.”

The apps’ global footprints mean that the potential impact of these vulnerabilities. For example, Otavio Freire, CTO and president of SafeGuard Cyber, says, “In South America two years ago, doctors didn’t use WhatsApp to communicate at all. Now, the adoption is 90% of Brazilian doctors who use WhatsApp for daily business.”

And Freire says that more companies will be — and should be — using WhatsApp, Telegram, and other messaging apps going forward. “Companies that come to WhatsApp have come to it because it has significantly impacted their business processes,” he says. “They do better marketing. They do better sales. They do better customer service. That’s where the customers are, so if you ignore it, you’re not where your customers are.”

As for protection against the vulnerabilities, both Guerra and Freire say that some steps will be up the individual device owners — like setting WhatsApp to store files in internal storage and not using the “Gallery” function of Telegraph.

In addition, Freire points to the importance of saving archival copies of any corporate information transmitted by either app (or other messaging apps). In an era that sees the possibility of “deepfakes,” they are necessary insurance against unwanted information going out to employees or customers.

Related content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/mobile/flaws-in-telegram-and-whatsapp-on-android-put-data-at-risk/d/d-id/1335253?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Bust the password for an air-gapped machine – with its keyboard LEDs

library
crime | hacking | security

Here’s a Hollywood scenario for you: elite hacker Jack wants to get some top secret security codes from a locked down computer inside a government facility, guarded by sharks with lasers. And the computer is air-gapped – it isn’t connected to a network! Is Jack fazed? Not at all.

He gets the office cleaner to infect the computer with his own custom malware. Then, he dons his haxxor sunglasses and breaks into the security camera watching the room containing the target computer. He points it at the infected computer’s keyboard, and then the malware uses the keyboard’s LED lights to communicate the secret password! The security camera sends him the video, which he then uses to ‘read’ the LEDs and reconstitute the code.

If that sounds as unrealistic as most Hollywood hacker movies, think again. Researchers at Israel’s Ben-Gurion University have developed a technique for reading data from air-gapped PCs using LEDs. Cue dynamic hacker music now.

How does it work?

First, you’d have to get the malware onto the target machine so that it would be able to manipulate the keyboard. Ideally, you want a detachable keyboard with three LED lights (caps lock, num lock, and scroll lock).

The malware collects the data it wants to steal from the PC. It then arranges the data into a series of frames, comprising a preamble (announcing the start of the frame), an agreed number of bits constituting the actual data being transmitted (the researchers used 256 bits) and then a checksum to ensure that the data arrived properly. It transmits these frames in three-bit chunks by switching each of the three LEDs on or off.

To read that data, you need an optical receiver that can see the LED. The team suggests a hidden camera in the room (or a compromised IPTV security camera). Alternatively, assuming that an air-gapped PC isn’t in a windowless room, they say that you could use a high-resolution camera outside the building that can see the LEDs from afar.

‘Evil maid’

The problem lies in lining the camera up with the LEDs. As the researchers point out, the viewing distance shrinks if you can’t align the optical sensor to see all the LEDs properly and distinguish them from each other. However, if the attacker is on the premises, then they could wear a camera, perhaps in the form of a smartwatch, allowing them to get up close. This is known as an ‘evil maid’ attack, in which the attacker gains physical access to an already compromised device that enables them to access it.

To process the video, the researchers used an open source computer vision library which could interpret the brightness of each LED in the image as either on or off, recreating the data at the receiving end.

The device used determines the transmission speed, in combination with the speed at which the computer can flip the LEDs. A high-end security camera could read 45 bits per second when watching all three LEDs, while a Samsung Galaxy S7 could read data at between 45 and 130. The higher number is down to the higher maximum number of frames per second it can shoot (up to 120, compared to the security camera’s 30). Either way, don’t try to Bittorrent the Matrix using this method. It’s strictly for encryption keys or passwords.

Things get much better when you use a photodiode, which converts light into electrical current and is capable of reading LED light at high rates. Although the photodiode can’t distinguish between different lights like a camera, it’s really good at sensing different brightness levels, so the researchers were still able to send multiple levels of signal using the lights in conjunction with each other. The photodiode received a maximum 5155 bits/sec with an error rate of 3.10%. At that speed it would take about two and a half days to transmit the Mueller report, so stick to short stuff only.

You can try to detect the malware to prevent this kind of attack (and you should be detecting malware regardless), but the most effective countermeasure is probably covering up the LEDs or using a keyboard that doesn’t have them.

Of course, if you can infect an air-gapped machine with malware in the first place, you can probably just have it slurp the data from the PC onto the USB stick and walk off with it. That wouldn’t look quite so good on film, though.

Air-gaps aren’t an impermeable barrier. Researchers at Ben-Gurion have been researching air-gapped data exfiltration for a while now. The researchers previously transmitted data from an air-gapped computer using hard-drive LEDs, and infra-red cameras, but also power lines, fan noise, and even magnetic signals emitted by the computer’s CPU.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/sQFMNwp5mKQ/

Instagram bug could have allowed anyone to take over your account

library
crime | hacking | security

Do you remember the name Laxman Muthiyah?

We certainly do, because we’ve written about his bug-hunting work before – for example, he’s uncovered not only a data deletion flaw but also a a data disclosure bug on Facebook.

The first bug meant he could have zapped all your photos without knowing your password; the second meant that he could have tricked you into installing an innocent-looking mobile app that could riffle through all your Facebook pictures without being given access to your account.

To be clear: he found those holes in compliance with Facebook’s Bug Bounty program, and he disclosed them responsibly to Facebook.

As a result, Facebook was able to fix the problems for everyone before the bugs became public, and (as far as anyone knows) these bugs were patched before anyone else found them.

Back in 2015, those two holes together netted Laxman Muthiyah $22,500 in bug bounty money.

Laxman is back, this time with a surprisingly simple bug that was nevertheless worth $30,000.

It’s still Facebook paying out the bounty, but this time it’s for a flaw in the company’s Instagram platform rather than its eponymous Facebook network.

Very simply put, what Laxman discovered is that it was possible not only in theory but also in real life to take over someone’s Instagram account by:

Triggering a password reset.
Requesting a recovery code.
Quickly trying out every possible recovery code against the account.

Seemed OK at first

Interestingly, Laxman’s initial tests suggested that Facebook had this one locked down safely.

He found that he could only try about 200 different codes before he got blocklisted, meaning that the Instagram servers would no longer let him make any more guesses.

The recovery codes have six digits, giving a million different possibilities each time, so he was 999,800 guesses short of what’s called a brute-force attack. (That’s where you try every possible code or password, not just the likely ones.)

And a so-called dictionary attack, where you stick to the most likely codes or passwords, such as 123456 or 8888888, was no good either.

That’s because the recovery codes are chosen randomly, avoiding the vagaries of human predictability, so that codes such as 875415, 681411 and 849867 are just as likely as 000000, 111111 and 222222 – there’s no way to pick “the most popular passwords” to try first.

Likewise, he couldn’t try each code super-slowly, or wait quietly for a while after every 100 guesses to avoid tripping the alarm, because each recovery code was valid for only 10 minutes.

Even if Instagram would have let him try try a new batch of 200 guesses after, say, two minutes, he’d still have managed only 1000 out of 1,000,000 guesses before the code expired anyway.

What’s being blocked?

Laxman wondered, “Is the blocking down to the number of attempts against the same account, or is it down to the number of guesses from the same computer?”

In other words, if he had 201 different computers, each with a different IP number, and each computer made just one guess, would that trigger the 200-guess limit?

Or if he had 201 computers, would each one get 200 guesses of its own in the 10-minute window, giving him 201×200 = 40,200 guesses?

In fact, he tried with 1000 different IP numbers and was able to make 200,000 guesses without getting locked out.

From this he inferred that anyone with 5000 different IP numbers at their disposal could reliably try all one million recovery codes in 10 minutes (5000 × 200 = 1,000,000), and therefore complete the account recovery with certainty.

Who would have 5000 computers?

But who would have 5000 different computers and 5000 different IP numbers handy?

Well, Laxman estimated that setting up that sort of attack from a bunch of cloud accounts on Amazon or Google would cost about $150, so although you couldn’t easily hack everyone’s account with this trick, you could reliably and fairly cheaply hack someone’s account.

Also, don’t forget that cybercrooks with one or more botnets at their disposal – a botnet is a “network army” of malware-infected computers that can be instructed to kick off identical commands in unison – could probably activate 5000 simultaneous connections from 5000 different IP numbers all over the world at a moment’s notice.

Facebook must have agreed that this attack was more than just a theoretical risk – the company paid him $30,000 and fixed the hole, presumably by rate limiting the use of recovery codes on a per-victim basis rather than a per-attacker basis.

What to do?

To protect your Instagram account from this attack, you don’t need to to do anything. Facebook altered Instagram’s server-side defensive mechanism unilaterally, so this attack no longer works.
If you receive an account recovery code or a password reset message that you didn’t request, report it. It means that someone other than you is probably trying to take over the account, hoping you won’t notice until after they’ve had a crack at getting in.
In case any of your accounts do get taken over, familiarise yourself now with the process you’d follow to win them back. In particular, if there are documents or usage history that might help your case, get them ready before you get hacked, not afterwards.
If you are programming a rate-limiting security system of your own, actively protect the victim as well as slowing down any attackers. In this case, limiting the scale of each individual attack is a good thing to do, but you also need a direct defence for the account that’s being attacked.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/EKhXI-pIOD0/

Symantec share price takes a nose dive after rumored Broadcom biz gobble called off

library
crime | hacking | security

Symantec’s share price has plunged on reports that its planned merger with Broadcom has fallen through.

Symantec offloads its certs and web security biz to DigiCert

The Broadcom/Symantec love-in was short-lived. Just two weeks ago, it was reported that the two companies were in “advanced talks” with Broadcom planning to pay $15bn for control.

Sponsored:
Balancing consumerization and corporate control

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/07/15/symantec_broadcom_deal/

Security 101

library
crime | hacking | security

Article source: https://www.darkreading.com/security-101/d/d-id/1334297?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Where Businesses Waste Endpoint Security Budgets

library
crime | hacking | security

Too many systems, failure to test tools, and fear of replacement drive endpoint complexity and render products less effective.

(Image: Drobot Dean – stock.adobe.com)

The endpoint security market is teeming with tools, each promising to help identify and remediate threats better than the rest. New technologies built to fix age-old issues seem a worthy investment, but as businesses are finding, there can be too much of a good thing.

“If there’s a problem, there’s certainly a technology you can throw at it, and there’s certainly no shortage of people in Silicon Valley to tell us that it’s so,” says Josh Mayfield, director of security strategy at Absolute. Organizations get into a mindset of “throwing money at the problem.”

The global information security market is predicted to hit $170.4 billion by 2022, Gartner reports. And as Dark Reading learned in its survey “How Enterprises Are Attacking the Cybersecurity Problem,” much of organizations’ security budgets are spend on endpoint security: Eighty-four percent of respondents use email security and spam filtering, 81% employ antivirus and anti-malware tools, 75% use endpoint protection, and 68% have invested in data encryption.

As the place where 70% of breaches originate, the endpoint is a prime target for cyberattacks, Absolute found in its “2019 Endpoint Security Trends Report.” The most common endpoint products focus on antivirus/anti-malware, encryption, and client and patch management. Over time, as new methodologies arise and new tools appear, businesses want those as well.

The ever-changing threat landscape also influences security spend, says Gus Evangelakos, director of field engineering at Comodo. Fileless attacks are on the rise, as are “living off the land” attacks in which cybercriminals use Powershell and other tools in the environment to conduct reconnaissance and move laterally across the network after they break in.

“That’s why you’re seeing statistics that attackers are on the network six months before they’re detected,” Evangelakos says. The motivation to capture these intruders is causing companies to spend more money on more tools – but is their investment paying off? Oftentimes no, experts say. In its study of more than 6 million enterprise devices over a one-year period, Absolute researchers found much of endpoint security spend dissolves when tools eventually fail.

Here, security experts explain where organizations are misspending their endpoint budgets and how it’s putting them at risk. Have any insight to add? Feel free to share in the Comments.

Article source: https://www.darkreading.com/risk/where-businesses-waste-endpoint-security-budgets/d/d-id/1335242?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple