Consumer fraud is increasingly committed via mobile phone applications, security firm RSA has revealed in its Quarterly Fraud Report.

In its April 1-June 30, 2018 survey of global fraud trends, RSA detected 9,185 rogue mobile applications – a 13 percent increase from the previous quarter. Rogue apps made up 28 percent of observed attacks.

“Fraudsters have always been known to be opportunistic and the increase in attacks leveraging mobile devices (and of fraudulent transaction from mobile devices), demonstrates that,” said Daniel Cohen, director and head of products at RSA Fraud & Risk Intelligence.

“Considering the world’s growing use and reliance on mobile devices, smartphones are now the device we spend most of our time on and fraudsters are leveraging this to get at us,” he warns.

The increased use of mobile apps in consumer transactions has surged over a three-year period. In the second quarter of 2015, 59% of transactions were conducted through the web, 27% through mobile browsers, and just 14% through mobile apps. By the same period in 2018, the share of transactions made through the web dropped to 44%, those via mobile browsers fell to 21%, but surged to 35% through mobile apps.

This dramatic development particularly reflects fraud transactions. In 2015, 51% of fraudulent dealings were conducted through the web, 42% through mobile browsers and only 7% through mobile apps. Three years later, just 29% of fraudulent transactions were made through the web, 31% through mobile browsers, and 40% via mobile apps.

Writing on the RSA blog, Heidi Bleau noted: “Rogue mobile apps take on many faces. Fraudsters take advantage of the trust many consumers place in the mobile channel by creating malicious applications that appear genuine, but are used for fraudulent purposes.”

A popular example of rogue mobile apps, Bleau said, are fake banking applications like phishing emails that ask for extensive permissions that enable fraudsters to gain access to a user’s mobile phone. “Most often, these apps are used to divert the out-of-band SMS codes used in identity verification from the genuine user’s phone to one managed by the fraudster,” she said.

Phishing is the primary vector

RSA also found that phishing remains the most common means of observed attacks, making up 41% of the total. It found that the primary targets of phishing attacks are Canada, the United States, the Netherlands, India and Spain. However, the primary hosts of the attacks are the US, India, Canada, Russia, and Germany.

“Phishing attacks not only enable online financial fraud,” the report said. “These sneaky threats also chip away at our sense of security as they get better at mimicking legitimate links, messages, accounts, individuals and sites.”

Cohen said the very technologies organizations need to compete—cloud applications, virtual infrastructure, mobile devices, etc.—provide attackers with more vulnerabilities to exploit and more ways to evade detection.

“Attackers have more resources than ever for surveilling organizations’ infrastructure and launching their attacks,” he notes, “while security teams struggle with a talent shortage and an ever-expanding list of alerts.” Traditional tools, he added, must rely on signatures and are easily left blind by intentional obfuscation of attachments and embedding of unique malicious codes.

To respond to such attacks, Cohen said, defenders must “maximize visibility into each stage of the attack lifecycle in order to understand the delivery mechanism that persuaded the user to fall for it, and “the impact to the business by having full visibility into network, endpoint, and user activity.”

Between convenience and security

“In a ‘human-not-present’ scenario, convenience is at its highest, as AI, smart devices and connected things carry out mundane tasks for us, such as ordering milk, paying bills and booking our vacation,” said Cohen.

The RSA report found that technology has, over time, fundamentally altered a core requirement of any value-based transaction – presence. “New crimes are created as criminals find ways to take advantage of a fledgling system built more on the promise of convenience than security,” he notes.

How then, should these opposing interests be balanced? “In this Wall-E like world, security must rely on behavioral patterns and entity relationship-analysis to better identify the malicious activity. Of course, machine-learning techniques are key to analyzing the vast amounts of data generated,” Cohen said.

The RSA report warns that “It is critical that we seriously strive to learn from those lessons, and ensure that, while we embrace the convenience and freedom that automation can provide, we are also doing everything possible to ensure the probable risks are accurately assessed and mitigated.”

The post Rogue mobile apps are common vector of fraud attacks appeared first on Security Current.

Check Point researchers have announced newly discovered vulnerabilities that affect tens of millions of fax devices in businesses and homes worldwide. These breaches, dubbed Faxploit, leave the door open for criminals to hack networks by sending malicious faxes.

The researchers demonstrated the vulnerabilities in the popular HP Officejet Pro All-in-One fax printers, but the same vulnerable protocols are also used by many other vendors’ faxes and multi-function printers, and in online fax services such as fax2email. Check Point shared its findings with HP, which quickly developed a software patch for its printers (available on HP.com).

Perhaps hard to believe in the growing age of email, there are more than 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year. Fax is still widely used in healthcare, legal, banking and real estate. In many countries, emails are not accepted as evidence in courts of law, thus faxes are relied upon in certain business and legal issues. About half of the laser printers sold in Europe are multi-function devices that include fax capability.

“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multi-function office and home printers,” said Yaniv Balmas, group manager for Security Research at Check Point. “This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.

“It’s critical that organizations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks,” Balmas continued. “It’s a powerful reminder that in the current, complex fifth-generation attack landscape, organizations cannot overlook the security of any part of their corporate networks.”

Once an attacker obtains an organization’s fax number, the vulnerabilities enable malware to be coded into the fax image file, which the fax machine uploads to its memory. The malware can then breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected.

To minimize the security risk, Check Point advises that organizations check for available firmware updates for their fax devices and apply them. Businesses are also urged to place fax devices on a secure network segment separated from applications and servers that carry sensitive information. That will limit the ability of malware to spread across networks.

The vulnerabilities were presented by Check Point researchers Balmas and Eyal Itkin at the recent DEF CON 26, the leading security and hacking conference.

“There are absolutely no protections over fax,” said Balmas. “Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers.”

Researchers focused on the most popular fax machine brand, Hewlett Packard’s OfficeJet Pro all-in-one fax printers, but found that even those manufactured by Canon and Epson contain similar vulnerabilities.

Some 45 million fax machines containing highly sensitive data are in use worldwide, especially in the healthcare, banking and law industries. In the United States alone, 75 percent of all communication in the medical sector are sent by fax, the AP said.

Because many of these machines are too old to update, it is difficult for companies to stop hackers from entering their system. Check Point recommends that organizations check whether their fax machines can be updated, and should place them on a secure network separate from those carrying sensitive information.

“Fax is an ancient technology; the protocols we use today haven’t been changed for the past 30 years,” Balmas says. “But everybody is still using fax and nobody really looks at it as a valid attack vector.” This complacency persists despite the fact that hackers have targeted fax machines for decades, and the technology is still insecure in basic ways.

For example, fax data are sent with no cryptographic protections; anyone can tap a phone line and instantly intercept all data transmitted across it. “Fax is perceived as a secure method of data transmission,” says Balmas. “That’s a huge misconception—it’s absolutely not secure.”

“The attack scenario is actually pretty simple,” Check Point’s Itkin says. “A malicious attacker wants to infiltrate a covert network, let’s say a bank. And the fax number for this bank is public, so he can get that number. On the bank side, if the printer that receives the fax is also connected to the internal network, then all the attacker needs to do is send a malicious fax to this phone number and automatically he will be inside the internal network of this bank. It’s crazily dangerous.”

While fax machines were once standalone devices, the machines of today are typically connected devices that combine fax, printer, and photocopier. And almost every company has them. By exploiting vulnerabilities inherent in the fax protocol, the researchers were able to gain access to an entire IT network. Popular online fax services, such as fax2email, use the same vulnerable protocol.

The researchers said that if you penetrate a single access point on a network you can compromise everything connected to it via “lateral movement.” This means that even networks that are not connected to the Internet are also vulnerable, such as by stealing a customer’s account number from a document.

Check Point said there are some 46 million fax machines in use, with 17 million of them in the US. In Japan, an estimated 100 percent of businesses and 45 percent of private homes own a fax machine. The health care industry is the mainstay of worldwide fax sales, while the legal industry’s fax machines offer the convenience of sending documents to clients and receiving confirmation they were received.

To protect against attacks, Check Point recommends segmenting your network and regularly patching your fax devices.

The post Faxploit: New research reveals how criminals can target fax machines and spread malware appeared first on Security Current.

Check Point says WhatsApp weakness enables attackers to send false information

Check Point Software Technologies said Wednesday it had uncovered a security flaw in WhatsApp that gives hackers the possibility “to intercept and manipulate messages sent by those in a group or private conversation” as well as “create and spread misinformation,” The Times of Israel reported.

It said the flaw allows hackers to change the identity of the sender, to alter the text of someone else’s reply, and to send a private message that is visible to everyone in the conversation. Check Point warned that intruders could use such weaknesses for various criminal activities, causing personal and financial harm to users worldwide.

Check Point’s Oded Vanunu said the company had notified WhatsApp, which responded that it could not immediately fix the breach due to the way the app is constructed.

“Since people have been murdered in India and Brazil due to fake WhatsApp messages, and since WhatsApp is admissible evidence in courts around the world, we decided we couldn’t keep it to ourselves,” he said. He pointed out that “WhatsApp has long since stopped being simply an app — it has become an infrastructure that serves institutions, organizations, schools and industry.”

A WhatsApp spokesperson said the issue “has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.” He noted the company recently placed a limit on forwarding content, added a label to forwarded messages, and made a series of changes to group chats in order to avoid misinformation.

Last month WhatsApp announced limits on forwarding messages, after the Indian government threatened to take action when more than 20 people were butchered by crazed mobs after being accused of child kidnapping and other crimes in viral messages on WhatsApp.

Founded in 2009 and purchased by Facebook in 2014, WhatsApp said in January it had more than 1.5 billion users who exchanged some 65 billion messages per day.

The post Israeli cybersecurity firm exposes hacking appeared first on Security Current.

Too often harmless-looking email in fact contains dangerous attachments or links. Researchers at Israel’s Ben-Gurion University have found a new method that uses machine learning algorithms to detect malicious emails that most commercially available security products cannot.

Called Email-Sec-360°, the technique was developed by Aviad Cohen, a Ph.D. student and researcher at the David and Janet Polak Family Malware Lab at the Ben-Gurion University of the Negev.

The method leverages 100 general descriptive features extracted from all email components, including the header, body and attachments. It employs Natural Language Processing (NLP) to analyze the email’s textual content for linguistic patterns, and the Hidden Markov Model (HMM) to look into URLs and email addresses to distinguish benign from malicious mail.

Researchers used 33,142 emails and compared the model to 60 industry-leading anti-virus engines. Email-Sec-360 scored 0.875 in the true positive scale, where the next best-performing antivirus solutions, Cyren, Sophos, Avira and F-Secure, scored 0.77, 0.746, 0.727 and 0.709, respectively

“Existing solutions only analyze specific e-mail elements using rule-based methods and signature-based detection methods,” said Dr. Nir Nissim, head of the Malware Lab. “These are insufficient for detecting new and unknown malicious emails.”

Results of the research were published at the scientific journal Expert Systems with Applications.

“Detecting that a virtual server has been compromised is extremely important for organizational security,” said the researchers in the abstract. “We used a collection of real-world, professional, and notorious ransomware and a collection of legitimate programs. The results show that our methodology is able to detect anomalous states of a virtual machine, as well as the presence of both known and unknown ransomware.”

Researchers intend to extend their study and integrate analysis of attachments such as PDFs and Microsoft Office documents with Email-Sec-360°. They are also looking at developing an online system to evaluate the security risk posed by an email message.

The post Malicious Email Detector: Israeli Researchers Develop New Method to Stop Threatening Email appeared first on Security Current.

The post The SingHealth breach: A rude awakening appeared first on Security Current.

CISOs interested in the invitation-only platform should contact arhodes@securitycurrent.com.

The post Security Current launches one-stop shop for CISOs appeared first on Security Current.

Taiwan is the most cybersecurity prepared country in the world, with three other Asia-Pacific countries following close behind, according to The Economist Intelligence Unit’s Global Cybersecurity Index.

Taiwan earned a perfect score of 1.0 in the index. It was followed by Singapore (0.925), the United States (0.919), Malaysia (0.893), Estonia (0.846) and Australia (0.824). The five top performers in Asia-Pacific had an average score of 0.8856, followed by Europe at 0.8044, the Americas at 0.6944 and Middle East/ Africa at 0.6608.

“Strong scores in this category in Asia are indicative of the fact that governments have put a lot of emphasis on building up their capabilities in this area — public policy measures are key to developing cyber-security,” said Emily Mansfield, Country Forecast Product Head at The Economist Intelligence Unit (EIU).

“Africa and Latin America have the most room for improvement,” she said.

The EIU’s Preparing for Disruption: Technological Readiness Ranking, released June 5, drew from the findings of the International Telecommunication Union, a UN agency, for the index. It includes measures of the legislative environment, technical standards, government strategy, public awareness building and intra-state co-operation.

The EIU said that “ensuring that sufficient cybersecurity measures are in place has become a priority for governments and a matter of concern for the corporate world.”

Cybersecurity preparedness is part of a broader study on digital economy infrastructure, which along with access to the internet and openness to innovation make up the Technological Readiness Ranking among 82 nations from 2018-2022.

Australia, Singapore and Sweden earned top places in the general categories.

The report mentioned the highly disruptive attacks in 2017 including the WannaCry and Petya ransomware attacks, the sustained attacks on Germany’s government networks early this year, and an attack on the US energy grid which it blamed on Russia.

Revelations of data breaches at social media networks, and the use of personal data for propaganda purposes, have also proliferated in recent years, the EIU said.

Estonia, which has long been the digital leader and cybersecurity leader in Europe and which has hosted NATO’s cybersecurity center since 2008, is expected to improve further.

Gains will be balanced out by declines in countries like Finland and Argentina, “where growth in the frequency and severity of cyber attacks is likely to outpace efforts to upgrade security,” the EIU said.

Cybersecurity programs will become increasingly crucial as cyberwarfare is seen to become more sophisticated and widespread.

Attacks will be carried out by both state-sponsored actors and criminal networks.

“Our concerns about this centre not just on the threat to consumer faith in the security of the internet, but also on the risk that cyber attacks could be used to damage physical infrastructure (such as energy grids), constrain government activities or influence democratic processes,” the report said.

The post Asia-Pacific leads the way in cybersecurity preparedness appeared first on Security Current.

The post CISOs News Feed appeared first on Security Current.