VANCOUVER, British Columbia, May 14, 2019 (GLOBE NEWSWIRE) — Leading Philippine based telecommunications carrier selects Internet Security firm DOSarrest to deliver cyber security solutions to their commercial client base. The partnership allows Eastern to provide a number of cloud based security solutions including DDoS Protection, Web Application Firewall, global load balancing and Content Delivery Network(CDN). The partnership also gives Eastern Communications access to DOSarrest’s traffic Analyzer (DTA) and Data Center Defender, a solution that allows its customer to protect thousands of IP addresses at the same time with one automated cloud based service.

Mark Teolis, CEO at DOSarrest States, “We are honored to have been chosen by Eastern to deliver leading edge cloud based security services to their thousands of business customers. Eastern’s forward vision on cybersecurity is on the right track and we will help them deliver.”

“As part of our ‘High Tech’ promise to our customers, we’re expanding our product portfolio to meet their increasingly varied digital needs. Aside from our reliable data and voice services, we’re venturing into cybersecurity and cloud services provided by global innovation leaders,” shared Eastern Communications Co-Coordinator Atty. Aileen Regio.

DOSarrest CTO, Jag Bains comments, “Eastern has the right stuff to be a telecom carrier ahead of the security curve in the Philippines and beyond. Our recently released cloud based traffic analyzer services (DTA) gives their customers a definite edge in the market today on network intelligence.”

“Here in Eastern Communications, we’re excited to partner with leading companies in cybersecurity like DOSarrest. We look forward to offering their services to the Philippine market as part of our commitment to bring best-in-class cybersecurity and cloud solutions to Filipino businesses,” said Eastern Communications Co-Coordinator Ramon Aesquivel.

About Eastern Communications:
Eastern has been operating in the Philippines for over a hundred years and offers a wide range of connectivity options and related telecom services. For more information about Eastern Communications’ latest products and services, visit www.eastern.com.ph.

About DOSarrest Internet Security: 
DOSarrest founded in 2007 in Vancouver, B.C., Canada specializes in fully managed cloud based Internet security services including DDoS protection servicesData Center Defender (DCD), Web Application Firewall (WAF)DDoS Attack testing, as well as cloud based global load balancing.

Source: https://finance.yahoo.com/news/eastern-communications-philippines-partners-dosarrest-230000086.html

Cloud computing has clear advantages, learn how to mitigate security risks

Cloud Computing has revolutionized the way of doing businesses. More and more firms are opting for cloud services these days due to the various benefits they provide. Initially, cloud computing was limited merely to storing additional data such as contacts.

But the scenario today has changed entirely. Cloud computing services have taken the responsibility of the majority of core business data. This is because of the simple reason that these services have lessened the workload of business enterprises to a great extent. Today, the firms do not need to employ an entire IT department to look after the data of the company. This job is easily done by the cloud service providers who store and manage the data for the firms. Moreover, they also provide guidance form expert IT professionals on how to manage data.

What is Cloud Computing?

Cloud computing refers to the storage of data by business firms and other organizations with a third party known as Cloud Service Providers (CSPs). These CSPs store your data in their data centers at a different location. Companies can access this data through the internet.

Advantages of Cloud Computing

● Saves IT Costs:

As mentioned above, a company doesn’t need to maintain a team of IT professionals to store and maintain its data. All these tasks are handed over to the CSPs. This saves a lot of cost for the company.

● Better Storage Space:

Cloud Computing provides great storage space. Moreover, this storage can even be increased as per the company’s requirements. This would have required a great deal of effort and infrastructure otherwise.

● Professional Help:

CSPs not only provide storage services to their clients. They also provide expert guidance to the companies regarding the management of data. This works as an added advantage for the companies.

Risks Associated with Cloud Computing

Since every coin has a flip side, this one is no exception. There are loads and loads of risks that come along with Cloud Computing. If not paid proper attention these risks may engulf entire business entities. The damage can be so vast that it could not even be undone.

Therefore, one should be very cautious while choosing to transfer the data to a cloud network. Today, we are going to discuss the risks of Cloud Computing and how can we avoid them to make the best use of this inevitable service.

Top 5 Risks of Cloud Computing Service

1. Loss of Data:

The foremost risk that is faced by companies using Cloud storage is loss of their extremely valuable data. This loss can either be temporary or permanent. Cloud Storage Providers do not only store data of one company. They have data from many companies stored within their systems. In such situations, it might be possible that the data of one company may get replaced by other company’s data. Not only this, but data can be lost in a variety of other ways. For instance, hackers can delete your valuable data on purpose. Apart from this, data can also be lost because of human error.

How to Avoid Such Risks

● Take a backup of your data on other cloud services. Don’t just rely on one CSP.

● Sign agreements with cloud service providers on data restoration, backup, and other security policies.

● Know about all the threats that may lead to loss of your data and take effective measures to prevent them.

2. Non-Compliance with Regulations:

CSPs are often found not complying with the regulations that prevent businesses from data loss and effective measures they can take. In certain situations, small firms also do not know much

about the regulations. This makes them more vulnerable to such risks. Firms should make sure that the CSPs that they opt for data storage should comply with all the policies and regulations.

How to Avoid Such Risks

● Choose only those CSPs which adhere to all the rules and regulations.

● Don’t make all your crucial data migrate to the cloud service. Assess your risks.

3. Service Denial:

A firm should know that CSPs deal with multiple clients. This means that if an attacker attacks the resources of one company, it may affect the data of all the companies associated with that Cloud Service Provider. This may lead to a denial of service of other clients as well.

How to Avoid Such Risks

● Ask your service provider about provisions for retrieving cached data after malicious attacks.

● Is your provider capable of increasing the bandwidth against DDoS attacks?

4. Data Breaches:

Stealing of crucial data by hackers is another major risk that accompanies Cloud Computing. Even big organizations such as World Wrestling Entertainment (WWE) have faced this data breach. Therefore, it is very necessary to select those service providers who provide better security control.

How to Avoid Such Risks

● Avoid using applications which are not specified by the service providers.

● Install anti-malware, authentication, and encryption in personal devices to protect your data.

5. Insider Threats:

Intentional or unintentional threats posed by employees also result in a breach of data. Your employees might unknowingly share files which are pivotal to the organization. This can also happen purposely. This use of your data inappropriately may bring a lot of loss to the company.

How to Avoid Such Risks

● Employees must be well trained so that they do not share valuable information with other sources.

● Multifactor authentication can be effective in data theft.

Measures to Avoid Cloud Computing Risks

● Take Limited Risks:

It is advisable to take limited risks. This means that companies should not be entirely dependent on storing and managing their data. They should also put in efforts to personally store data to avoid complete data loss in case of any mishap.

Zero Trust Model:

Zero trust model approach means that every user, a system must be properly verified before giving access to the company’s systems. Restricting users from unauthorized access can prevent your data to a great extent.

● Learn from the Past Failures:

There are many large and small firms that have faced huge data losses in the past. Learn from their failures and make sure that you don’t repeat the same mistakes again.

● Encryption:

Encrypting your information through complex algorithms can protect data loss very effectively. However, small companies do not pay much heat to such measures. Consequently, this becomes fatal for the organization.

● Keep an Eye out:

Keeping a regular check on the management of your data and changing encryption codes regularly. Assessment of the level of security being provided or firewalls being used can contribute significantly to prevent a data breach.

Any business takes a lot of efforts and investment. Data has proved to become one of the most valuable and powerful assets of any company. Everyone wants more and more data, and this has led to an increase in the number of the data breach as well. Therefore, prevention of crucial

information has become the need of the hour. Few cautious steps can prevent companies from falling prey to such attacks. One just needs to be careful enough when using Cloud Computing Services.

Source: https://thebossmagazine.com/cloud-computing-security/

It is accepted that all states are vulnerable to cyber threats. Yet, a majority of states have yet to develop coherent cyber strategies or implement sufficient preventive measures. Despite the increase in severe cyber incidents directed at national power plants, companies and nuclear-related military equipment, the threat of cyber interference in national nuclear weapons systems is not being properly tackled. With multinational nuclear supply chains and nuclear command and control systems at risk of being compromised, this must be urgently addressed.

The more complex, the more vulnerable

Governments and legislators are struggling to keep pace with the rapid development of cyber capabilities. As military systems become more technically complex it would be easy to assume that they are more secure. The opposite is true. Increased automation and connectivity increases vulnerabilities to cyber attacks. Measures such as air-gapping a system (ie. de-connecting it from the internet) can fall short. A recent US Government Accountability Office (GAO) report assessed the cyber security of US weapons systems and found “mission critical cyber vulnerabilities in nearly all weapons systems […] under development.“ While the report does not make reference to any specific system type, one can reasonably assume that nuclear weapons systems are vulnerable to cyber attacks.

Possible kinds of cyber attacks

Cyber attacks can take many forms. Activities range from cyber espionage, data theft, infiltration of nuclear command, control and communications (NC3), denial of service/distributed denial of service (DoS/DDoS) attacks, false alarms (jamming and spoofing), sabotage and physical damage. When directed against nuclear weapons systems, in the worst possible case this may escalate to a deliberate or inadvertent exchange of nuclear weapons.

Another area of concern is the supply chain, comprised of any hardware and software components belonging to the nuclear weapons system, including NC3, platforms, delivery systems and warheads. The supply chain usually includes a string of companies and providers located in different countries with varying cyber security standards, which means there is room for manipulation and sabotage. Take, for instance, a computer chip produced in country A. If a vulnerability were inserted at the production stage it could then be remotely activated at a later point when the chip is integrated into the military system of country B. If the attacker happened to be an “insider“ with unlimited access to a military site, compromising military equipment could be easier. This could be done for instance through an infected USB drive when security standards in a military facility happen to be low, leaving the victim of the attack unaware of the manipulation up until it is too late.

Limited awareness of cyber risks to nuclear systems

There is a lack of awareness within the expert community and among decision-makers and a reluctance by states to implement measures such as common cyber security standards and the sharing of information on vulnerabilities. Among the nuclear weapons states, only in the United States have high-ranking officials, such as Gen. Robert Kehler (ret.) and Air Force Gen. John Hyten (STRATCOM), in two Senate Armed Service Committee hearings in 2013 and 2017 expressed their concerns about a potential cyber attack affecting the U.S. nuclear deterrent. One reason why decision-makers and governments are unwilling to take these steps could be that it seems too unrealistic or improbable a threat, merely belonging to the worlds of science fiction and doomsday scenarios. But there is no reason to assume that the warnings of the GAO, the U.S. 2017 Task Force on Cyber Deterrence or the Nuclear Threat Initiative (NTI) are exaggerated.

Certainly, there has not yet been a major cyber attack on a state-run nuclear weapons programme – at least none we have publicly heard of. But there are a string of examples of cyber interference in nuclear installations or parts of the supply chain related to them. These include: the Stuxnet attack in 2010 affecting over 15 Iranian nuclear facilities which slowed down the development of Iran’s alleged nuclear weapons programme; a massive cyber attack on Lockheed Martin in 2009 during which thousands of confidential files on the U.S. F35 Lightning II fighter aircraft were compromised by hackers (they were also able to see information such as the location of military aircraft in flight); the 2017 hacking of the THAAD missile defence system in South Korea; the 2009 Conficker Worm attack on the French Marine Nationale; a 2011 cyber espionage campaign on the French nuclear company Areva; and deep worries over the WannaCry virus possibly targeting parts of the UK Trident system in 2017.

What should decision-makers and policy-makers do?

Governments need to grapple with how to handle rapidly developing cyber capabilities. A critical first step is develop a better understanding of the threat, including by answering the following questions:

  • What are the possible targets within the entire supply chain, the nuclear weapons system itself and within the upgrades, modernization and maintenance processes? What kind of vulnerabilities do they have?
  • Who are the potential actors likely to carry out a serious cyber attacks? Which state, non-state actor or state-sponsored group would have (1) an interest and (2) the resources and capabilities?

All states possessing nuclear weapons, hosting NATO nuclear weapons on their soil, or running a civil nuclear programme should conduct annual assessments of the cyber resilience of all systems in question.

No less important is improved information sharing on possible and actual vulnerabilities and lessons learned with large technology companies, suppliers, vendors and manufacturers, and the implementation of common security standards. These companies are normally not keen to disclose information on vulnerabilities because of possible reputational damage or for fear of revealing details that potential hackers or competitors could exploit. Government and business must work closely together to overcome these challenges and address joint concerns.

Governments must also invest heavily in research activities in the framework of existing institutions such as the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE), the EU CBRN Centres of Excellence, or in cooperation with the European External Action service (EEAS), the United Nations (UNICRI) and, of course, within national cyber security institutions.

Governments and decision-makers of the nuclear-armed states should also publicly acknowledge that cyber security for nuclear weapons systems is a top tier priority for the safety and security of national military programmes. If the security of nuclear weapons is in question, this not only reduces their credibility and deterrent value but it also poses a massive safety and security risk. This is a risk that no government, population or company can or should manage alone.

Source: https://www.europeanleadershipnetwork.org/commentary/understanding-and-addressing-cyber-threats-to-nuclear-weapons-systems/

The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.

Last year, according to the FBI’s “2018 Internet Crime Report,” reported damages from cybercrime nearly doubled to $2.7 billion, and roughly half of that amount stemmed from business email schemes that zeroed in on wire transfer payments.

The FBI’s Internet Crime Complaint Center (IC3) report said agency received approximately 352,000 complaints about online skullduggery in 2018 — over 900 per day, on average. In recent years, the center has averaged somewhat fewer (about 300,000 complaints); however, between 2014 and 2018, the reported losses more than tripled, leaping from $800.5 million in 2014 to $1.42 billion in 2017 before reaching $2.7 billion last year.

Practically all businesses, irrespective of size and industry, are vulnerable to being victimized by cybercriminals. This makes cyberattacks the single biggest risk for today’s corporate leaders, as highlighted by the World Economic Forum.

“The 2018 report shows how prevalent these crimes are,” says Donna Gregory, chief of the FBI’s IC3 unit. “It also shows that the financial toll is substantial, and a victim can be anyone who uses a connected device.”

Business Email Scams Are Especially Lucrative
The FBI report pegs $1.2 billion of the 2018 losses on business email scamsthat hijack or mimic actual email accounts using social engineering or hacking to transact unauthorized fund transfers. Over time, the wildly successful scam has evolved to include spoofed personal, vendor, attorney, and real estate-related emails.

Hunting down and recovering unauthorized payments is one area where the FBI has made headway. In February, as noted in the report, the FBI established a Recovery Asset Team to focus on repatriating monies lost via business email scams. Last year, the FBI recouped $257 million unwittingly wired by cybercrime victims. That’s a respectable recovery rate of 75%.

The next-biggest moneymaker is “confidence fraud/romance,” where a criminal convinces his quarry that he can be trusted — and then steals from them. Another popular scam is when grandparents are tricked into thinking that a grandchild needs immediate financial help. The IC3 report says that 18,493 confidence scam victims racked up $362.5 million in reported losses in 2018.

Cyber Extortion Keeps Emerging
Last year, extortion generated 51,146 complaints and $83 million in losses, a 242% increase in complaints compared with 2017. Reported incidents included “sextortion” — where a criminal says he’ll send a pornographic video of the target to the target’s family and friends unless he receives a ransom — or distributed denial-of-service (DDoS) attacks, in which networks and systems are swamped with malicious IP traffic unless a “fee” is paid.

The FBI scored a big win when it identified and arrested two ringleaders of Apophis Squad, a cybercriminals-for-hire group that made bomb threats against scores of schools and launched multiple DDoS attacks against websites.

Apophis Squad took inspiration from the activities of another group, Lizard Squad, online hoodlums who also operated a DDoS-for-hire service, issued bomb threats to airlines, and repeatedly directing DDoS attacks at tons of websites. Almost all of its crew were arrested and charged with various online crimes. Until recently, the Apophis Squad’s online presence and DDoS-for-hire service resided on the same server used by a number of other domains linked to Lizard Squad.

Dark Figure Remains High
Cybercrime is a giant multinational business, and it continues to proliferate around the globe. That said, a yet-to-be-determined but undoubtedly massive number of cases still remain unreported or undetected. Many cybercrimes — such as malware, phishing, and ransomware — that have made the news in the past year were responsible for a fairly inconsequential portion of the reported losses. According to the IC3 report, ransomware scams that hit a number of large organizations in 2018 resulted in a relatively paltry $3.6 million in losses.

The IC3 also notes that the total number of reported complaints “only represents what victims report to the FBI via the IC3 and does not account for victim direct reporting to FBI field offices/agents.”

Additionally, the reported losses do not account for lost business, time, wages, or the cost of paying vendors to fix damaged computer networks. Both of these result in considerable margins of error in certain forms of cybercrime, which means that some of the figures are artificially low. The upshot is clear: As businesses everywhere continue to turn to digital technology and transact business online, more and more crime is shifting into the digital realm — and the number of attacks and the size of financial losses is only going to grow.

Source: https://www.darkreading.com/vulnerabilities—threats/fbi-cybercrime-losses-doubled-in-2018/a/d-id/1334595

Lawmakers tackle safety and security issues, while an Internet Society survey said a majority of people find the devices ‘creepy.’

The safety and security of internet of things (IoT) devices remains a vexing issue for lawmakers, while a survey from the Internet Society shows there is still some way to go before reaching widespread public acceptance of IoT connectivity.

The survey, conducted in six countries by polling firm IPSOS Mori, found that 65% of those surveyed are concerned with how connected devices collect data, while 55% do not trust those devices to protect their privacy. Meanwhile, 63% of those surveyed said they find IoT devices, which are projected to number in the tens of billions worldwide, to be “creepy.”

Those concerns were at the forefront of a hearing last week on IoT security by the U.S. Senate Committee on Commerce, Science and Transportation’s Subcommittee on Security, where lawmakers and witnesses debated how to make the devices safer and more transparent for consumers, and what the role of the federal government should be in legislating that. It’s a dilemma for policymakers and industry leaders who must wrestle with these questions.

“We can’t put the genie back in the bottle,” Internet Society president and CEO Andrew Sullivan told Smart Cities Dive. “We have invented this technology, so we’re going to have to figure out how to cope with it now. We have to figure out how are we going to make this technology something that better serves the people, the consumers who are buying it.”

Risks and concerns

Consumers are turning to internet-connected devices, and while they present enormous opportunities for convenience, they are not without risks.

In prepared testimony before the subcommittee, Robert Mayer, senior vice president for cybersecurity at the United States Telecom Association (USTelecom) said there is “ample evidence of IoT security vulnerabilities,” with incidents like cameras being used for spying, personal information being stolen and hackers taking control of devices like smart thermostats.

“Concerns of this kind can have a massive influence on public perception of technologies, and if not addressed in meaningful ways, trust in the digital ecosystem will erode, causing unpredictable levels of disruption and economic harm,” Mayer’s testimony reads.

There have already been several major hacks of IoT devices, including the Mirai DDoS botnet attack in October 2016 that rocked technology company Dyn and resulted in the dramatic slowing or bringing down of the internet across the East Coast and elsewhere in the world.

In written testimony, Mike Bergman, vice president of technology and standards at the Consumer Technology Association (CTA), warned of the international nature of the attack; 89.1% of the attack traffic originated from devices installed outside the United States, he said.

Source: https://www.smartcitiesdive.com/news/privacy-concerns-abound-as-iot-devices-grow-in-use/553986/