Corporate data leaks are the most dangerous threat to IT security today – a fact evidenced by industry development trends, company survey results, market analyses, and related studies.
Internal threats include any harmful actions with data that violate at least one of the fundamental principles of information security (integrity, availability, and confidentiality) and originate from within a company’s information system.
While there are many different kinds of internal threats, the most common are:
- any violations of internal network security rules and procedures that could lead to data theft
- unauthorized searches or viewing, modification, or destruction of confidential data
- brute force password attacks and user installation of Trojans, rootkits and other malicious programs on the network
- targeted data theft using removable storage media such as HDDs, USB Flash devices, card readers, or CDs/DVDs in order to copy and carry
- theft of devices containing confidential data: laptops, hard drives, handheld computers, etc.
- theft of corporate databases in whole or in part
- unauthorized installation of Wi-Fi network connections in order to extract confidential data
- printing important documents in order to remove hard copies from company premises.
These are just a few of the many different kinds of internal threats…
Confidential data breaches are directly connected to business operations risks, since a company can suffer major damage as the result of a data leak:
- clients may be lost if the client base is leaked
- technologies may be lost if technological secrets are leaked
- founders and investors will be displeased if financial information is leaked
- licenses could be lost of confidential data is not properly protected in compliance with federal requirements.
Even worse, a company’s business reputation will be tarnished, which could mean suspending operations – or even closing down completely.
This article discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. We hope to draw the attention of vendors that develop software for industrial automation systems and the industrial IoT to problems associated with using such widely available technologies. Read Full Article
We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relevant ads, but often fail to protect that data when sending it to their servers. Read Full Article
At last year’s Security Analyst Summit 2017 we predicted that medical networks would be a titbit for cybercriminals. Unfortunately, we were right. The numbers of medical data breaches and leaks are increasing. According to public data, this year is no exception. Read Full Article
We confront hundreds of thousands of new threats every day and we can see that threat actors are on a constant lookout for new attack opportunities. According to our research, connecting a software license management token to a computer may open a hidden remote access channel for an attacker. Read Full Article
Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Read Full Article
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017. Read Full Article
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, we will look at just one of them that was customized to serve the needs of a specific product and became the basis of Kaspersky Anti Targeted Attack Platform. Read Full Article
Let us discuss what defines the profitability of bitcoin mining, what principles for mining speed adaptation were initially embedded into it, and why these principles can lead to the failure of the cryptocurrency in the long run. Read Full Article
Corporate information security services often turn out to be unprepared: their employees underestimate the speed, secrecy and efficiency of modern cyberattacks and do not recognize how ineffective the old approaches to security are. And if there is no clear understanding of what sort of incident it is, an attack cannot be repelled. We hope that our recommendations about identifying incidents and responding to them will help information security specialists create a solid foundation for reliable multi-level business protection. Read Full Article
In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The source of the queries was a software package produced by NetSarang. Our analysis showed that recent versions of the software had been surreptitiously modified to include an encrypted payload that could be remotely activated by a knowledgeable attacker. Read Full Article