Army considers additional 2FA measures

Cybercrime is more prevalent than it has ever been. Every year, the dollar value of damages done by cybersecurity will continue to rise. One way to build up walls against potential cyber attacks is to protect yourself with two-factor identification, also known as 2FA.

The United States Army, one of the country’s five branches of the military, recently announced that the agency was in the process of adding on additional measures to authenticate users. These other measures are through to give more options to soldiers who want to access the Army’s online resources without running the significant risk of getting hacked.

Roughly one full month ago, the United States Army’s Chief Information Office and its G-6-level officials began working closely with PEO EIS, better known as Program Executive Office Enterprise Information Systems, to think up new ideas that will be eventually – hopefully – be used to bolster the security of their existing multi-factor authentication protocol, also known as MFA.

Here’s what the Army’s login process is like right now

Right now, according to the Identity Management and Communications Security division chief named Thaddeus Underwood, the United States Army doesn’t have enough digital protection in the form of its login protocol.

People who want to access the system just need their username and password, providing users with a relatively weak portal to use.

Members of the United States Army who are required to log in using multi-factor authentication have to present login access portals with two of the following three things: something you own, something you consider yourself to be, and a piece of knowledge you and only you have tucked away in the folds of your brain.

Although such multi-factor authentication protocol has not yet been implemented in the United States Army, it’s likely that the protocol will be brought to fruition sometime later this year.

Another way that people can log in right now is by using their PINs, or personal identification numbers, and their Common Access Cards. Unfortunately for people who are serving the United States Army in the form of the National Guard or the Reserve, there are thousands of active soldiers who do not have steady access to the computer systems operated by the federal government.

Here’s one of the major problems that the Army is facing right now

CACs, or Common Access Cards, are needed right now for Soldiers to log in the federal government’s network of computers. However, because Soldiers don’t have the equipment that is required to read and verify Common Access Cards at home, they are not able to access such a network without showing up in person at the physical login portals.

The United States Army has narrowed down its choices to just two.

YubiKey is one of many varieties of authentication walls erected online and maintained by the pros at YubiCo, the parent company of security products like YubiKey. YubiKey is one of the two choices that the United States Army is facing itself with right now. These devices are registered ahead of time, making them easier to use.

The other choice that the Army has is to require Soldiers to log in to a mobile app that employs some of the latest forms of authentication to verify people who are trying to log in.

To log in to the United States Army’s private computer networks, Soldiers will have to log in to the real-deal, all-official Army website using their existing usernames and passwords. However, after entering such information, the site they use will trigger the production and distribution of a passcode needed to log in elsewhere that can only be used one time.

Once authenticated, they will be authorized to view their personal information on the official United States Army website.

Soldiers will have things a lot easier whenever the United States Army gets around to implementing these changes. Most Soldiers have grown tired of having to show up to Army facilities in person with their Common Access Cards to access their personal information. They want to the Army to adopt policies that mirror what’s going on in the rest of the world.

According to Mr. Thaddeus Underwood, the Army believes that the first prototype of the aforementioned mobile app will be released and tested by fall 2019.

One of the upsides of this method of logging in is that Soldiers won’t need to keep up with a physical device, something that they’d have to do with Yubi.

Air Force Has a New Cyber Security Defence Plan

Cyber Security Lessons from the U.S. Air Force

Of all the branches in the United States armed services, the Air Force is known to always be at the forefront of information technology, particularly in terms of cybersecurity. Over the next few years, the Air Force will augment its cyber defence systems with advanced cloud protection, real-time alerts and automated responses to security incidents.

The Air Force has realized that the current cybersecurity climate calls for appropriate defence measures, and this is something that American business owners should learn from. The theft and subsequent leak of cyberweapons developed by the National Security Agency is an issue that the Air Force has acknowledged as being dangerous; since these advanced hacking tools are now in the hands of cybercrime groups, all business and non-profit organizations should keep in mind.

Air Force Has a New Cyber Security Defence Plan

Modern cybersecurity strategies involve more than just firewalls and antivirus software. The Air Force is implementing measures such as constant monitoring, real-time automated responses, alerts, and multi-factor authentication; these same measures can be adopted by small business owners at reasonable costs and scale, the idea is to not fall behind the times with regard to information security.

Government of Canada issues cyber security guide for Small-Medium sized Businesses

Many small and mid-sized businesses are concerned about encountering cyber security breaches because they don’t have the budget to hire infosec professionals to monitor their infrastructure. As a solution, the Canadian government issued a guide on baseline Cyber Security controls for SMBs. One example would be to automate software updates in a single patch.

While it’s true that there’s lots of information tailored to large organizations for troubleshooting their security management programs, SMBs are unable to utilize those measures without running into cyber attacks that would endanger their IT databases. What they require is a full-packaged protection system, divided into organizational and baseline controls. Data can be stored safely if an SMB installs anti-malware, user ID verification, and security settings on all their devices including mobile phones and tablets.

Another suggestion involves training employees about recognizing security risks and how to respond in case of a lockdown emergency. In a small organization, the primary goal should be about assigning members to communicate with customers, other employees, and even investors in case something does go wrong. Or at least before a significant incident damages public security.

Cyber Security Guide for Small-Businesses

Why a DDoS attack did not take down Facebook

On March 13, Facebook suffered a significant outrage, along with its subsidiary social media platforms WhatsApp and Instagram. This caused many people across the Internet to believe that the company had experienced a denial-of-service (DDoS) attack. But it turns out that these people were entirely wrong.

At the time of the outage, Facebook actually had to use Twitter to announce that, while it had not yet determined what caused the problem, it was certain that a DDoS attack was not the culprit. 

What actually happened to the websites was not clear at the time it happened. At first, the company said that the issues were related to application programming interface (API) requests that were not functioning correctly. This led some experts to speculate that the problem may have been linked to a domain name system (DNS) problem or to a maintenance issue. Though the following day the company indicated that the problem was actually related to a server configuration change that they had initiated and that they had subsequently fixed it.

But even before the company issued this statement, it was clear to Internet security experts that a DDoS attack had not caused the outage. Troy Mursch, who is a security researcher who publishes the Bad Packets Report and who closely follows attacks, said that there was no evidence whatsoever that an attack had brought down the sites and that his company had confirmed that there had been no such attack. 

This does not mean that hackers do not attempt to attack Facebook. They do so all the time. Once they even gained access to 30 million user accounts. But the value in attacking the social media platform comes from accessing its data not from shutting it down. What’s more, even if some hackers wanted to shut the website down, it is not clear whether they could actually accomplish this. 

Primarily, a DDoS attack works by overwhelming a site with lots of web traffic. By doing this, it becomes difficult if not impossible to load a web page or update an app. Such attempts are not uncommon. Last year, according to a network security firm called NetScout, hackers sent 1.7 terabits per second (Tbps) of data to a single website. In another attack, GitHub received 1.35 Tbps of traffic. But neither of these attacks actually brought their targets down. 

According to Alex Henthorn-Iwane, who is the vice-president of a network security company called ThousandEyes, the reason that these attacks do not work on large websites is that the sites have massive amounts of bandwidth and connectivity at their disposal. So, they can handle practically any traffic a hacker could conceivably throw at them. He further believes that these companies have designed their systems specifically to handle such attacks. 

The most disruptive DDoS attacks in recent years have focused not on individual websites but on Internet infrastructure. In 2016, an attack shut down large chunks of the U.S. East Coast by attacking a company called Dyn that handles DNS services, which typically do not require large amounts of resources. So, the company was not prepared for an attack. 

Security experts believe that automatically associating website outrages with attacks makes their job even more difficult. This is because, while they are trying to both determine what caused an outage and get the truth out, they have to deal with being inundated with a flood of misinformation over social media. They say that while hackers will continue to compromise large websites, people should understand that they will unlikely be able to bring them down through DDoS attacks.

Target’s Security Breach: How Hackers Got Millions of Credit Card Numbers

If you received a phone call from Target’s customer service department about your credit card, you were probably one of the 40 million people whose information was stolen in a recent hack. Target and its customers fell victim to a common hack called RAM scraping. While RAM scraping isn’t new, the Target security breach shows that current PCI compliant security requirements aren’t enough to protect customer data.

How Credit Card Purchasing Works

Before you understand how hackers stole credit card numbers, you first need to know how retail stores process charge card purchases. You give the cashier your credit card, and the cashier swipes your card through a reader. The reader stores your credit card information in memory and sends the data to the merchant account processor. The merchant account processor transmits the data to your bank and then sends an acceptance or denial message back to the cashier.

The most important part of any credit card transaction is encryption. All of these transactions must be encrypted for a retailer to meet security compliance standards. Current PCI security standards require retailers to encrypt all data transferred from the internal retailer network to an external system such as a merchant account processor. However, there are no encryption requirements for data transferred within the retailer’s network, and it’s this issue that allows hackers to access unencrypted credit card information.

RAM Scrapers

RAM scrapers are virus programs injected into a retailer’s network to scan credit card systems for customer information. The program runs in the computer’s background as credit cards are swiped and stored. When a credit card is swiped, the system stores the account number in memory without any encryption. For its ability to steal data from RAM, the virus is given the name “RAM scraper.” These viruses are able to grab not only credit card numbers but any customer information stored in the computer’s memory.

In Target‘s case, the RAM scrapers were installed on multiple computers for several weeks, which is why the hackers were able to steal an enormous amount of data. The hack started with a phishing email sent to a third-party Target vendor. This phishing email revealed key user names and passwords that allowed hackers to inject the virus.

Target’s security breach is just one of several prominent retailers that have fallen victim to RAM scrapers. Walmart, Macy’s and Neiman Marcus have all had credit cards stolen from unencrypted data.

If you own a retail store, you can’t change the way a card reader works, but you can take steps to protect your customers from RAM scrapers. Keep antivirus software installed on cashier computers and don’t connect inside sales computers to the Internet. Instead, have your cashier computers send credit card numbers to a central server that then sends encrypted data to a merchant account processor. This alternative process clears the credit card readers’ data from memory, so only a limited amount of data is exposed to viruses. Avoid giving critical access to third-party vendors when it’s not needed and monitor any strange network activity. You can’t guarantee a hacker won’t uncover a security hole, but these few steps can help deter vulnerabilities.

New Iran Cyber Attacks will Target Android Apps

Cybersecurity experts are warning that Iran is preparing cyber attacks against mobile device users. Ransomware and malware attacks are expected to target mobile Android-based devices. Users should be especially cautious toward unofficial markets that offer Android apps.

Accenture iDefense wrote in a recent cyber threat report that its intelligence team has measured a “significant uptick” in cyber attack campaigns launched from Iran. The report, titled “Cyber Threatscape Report 2018,” expects these attacks to increase in frequency into 2019.

Both state actors and Iranian hacktivists seem to favor attacking apps that are unverified by the Google app store. These attacks seek to plant malware into mobile devices. Buyers should also be forewarned that Iranian hackers are working to plant malicious code into verified apps at the Google store, Accenture wrote.

The cybersecurity company is tracking an Iranian gang called Pipefish. This group is attacking organizations in the Middle East for espionage purposes. The attack could target Israel, Saudi Arabia, Bahrain and other countries that supported the US and its decision to cancel the controversial Iran nuclear accord.

Pipefish has developed a toolbox that exploits machines to carry out remote execution commands. The gang has apparently used a crypto-jacking exploit that has already shut down or disrupted Middle East pipelines and facilities.

Tehran Iran

Ransomware, though, appears to be the tool of choice from Iran, Accenture wrote. The Islamic Revolutionary Guard is the main actor in the use of ransomware.

According to the cybersecurity analysis, the ransomware attackers will demand crypto ransoms – payment in Bitcoin. One ransomware called “Black Ruby” scrambles and encrypts files and demands $650 in crypto-coin BTC.

The impetus behind this latest cyber warfare appears to be that the Iranian mullahs and the country’s criminal class are angry that the United States is clamping sanctions on the country again. The sanctions will hit Iran hard in its wallet. Thus, Iranian state actors and the criminal element will use cyber attacks to steal cash.

People who download Android apps, especially from unapproved sources, should exercise extreme caution. Cybersecurity experts are warning that the Iranians are on the prowl, looking for ways to snatch cash from Android users.