67.4 F
Thursday, January 23, 2020


Home Internet

Major trends in app development, agile/DevOps maturity, and low-code adoption


Digital transformation dominates business strategy today, which is why web and mobile development demand is booming. Moreover, speed and agility are more important than ever before.

trends app development

Investments in approaches to speed up application delivery

OutSystems published its research report on the state of application development and the challenges faced by application development and delivery teams in all industries across the world.

Six key findings that impact every IT professional

Demand for app dev is at an all-time high: The number of applications slated for delivery in 2018 is higher than ever, with 42 percent of IT professionals saying they plan to deliver 10 or more apps, and 21 percent planning to deliver 25 or more apps in 2018.

Excessive development time: 47 percent of respondents said the average time to deliver a web or mobile application is five months or more.

Backlogs remain stubbornly high: 65 percent of IT professionals said they have an app dev backlog, and only 32 percent said their app dev backlog had improved in the past year.

Skilled developers are hard to hire: 80 percent of respondents described app dev talent as scarce, with hiring taking longer and costing more.

Agile and DevOps practices are slow to mature: 60 percent of organizations have invested in agile tools and services in the past year. However, the average agile-maturity score was a lackluster 2.6 out of five. Of the 40 percent of organizations who said they invested in DevOps tools and services during the past year, their DevOps maturity was described as somewhere between “just starting” and “fundamental.”

Customer-centricity is on the rise: 52 percent of organizations have invested in customer-centric practices in the past year, including customer journey mapping, design thinking, and lean UX. For the new apps slated for development in 2018, those that will be used directly by customers or business partners were identified as most important, out-scoring internal business applications by 14 percent.

Low-code is becoming mainstream

Another key research finding was that low-code is no longer just for innovators and early adopters. For example, 34 percent of respondents said their organization was already using a low-code platform. And, a further 9 percent said they were about to start using one.

The analysis in the report identified that organizations using low-code are:

  • 21 percent more likely to describe their organization as happy or somewhat happy with the speed of application development
  • 15 percent more likely to deliver applications in four months or less
  • 15 percent more likely to score their agile maturity as level 3, 4, or 5
  • 10 percent more likely to score their DevOps maturity as level 3, 4, or 5
  • Nearly three times more likely to say they have no app dev backlog
  • Three times more likely to describe citizen development as tightly governed.

Endpoint security automation a top priority for IT pros


A new SANS Institute report found that automating endpoint detection and response processes is the top priority for IT professionals trying to put actionable controls around their endpoints.

endpoint security automation

Diversity and quantity of endpoints

The survey questioned IT professionals globally on how they approach endpoint security within their organisations, with endpoints referring to devices connecting to networks such as desktop computers, employer-owned laptops, network devices, cloud-based systems and IoT devices.

“The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities,” says survey author and SANS Analyst Lee Neely. “While organisations are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing the key purchased capabilities needed to protect and monitor the endpoint,” Neely continues.

Endpoint breaches

Forty-two percent of the IT professionals surveyed said their endpoints had been breached; 82% of that group said their breaches involved desktops, while 69% cited corporate laptops and 42% claimed involvement of employee-owned laptops (42%), which are generally not well-covered in security programmes.

The top threat vectors for these exploited endpoints were web drive-by (63%), social engineering/phishing (53%) and ransomware (50%).

Protecting endpoints

While respondents are relying on the security capabilities they currently have to protect these endpoints, often those technologies are not fully implemented.

For example, 50% have acquired next-gen antivirus but 37% have not implemented the capabilities. Additionally, 49% have malware-less attack detection capabilities, but 38% of these have not implemented them. In some cases, it appears that, while respondent organisations were able to procure these types of newer technologies, they lacked the resources to implement them.

Incomplete strategies

This gap in implementation indicates issues such as incomplete strategies, a leadership shortfall or a failure in project management related tools and processes. With 84% of endpoint breaches including more than one endpoint, respondents have a vested interest in improving visibility, detection and response through more automated, integrated endpoint protection, detection and response technologies.

Automating and integrating workload across the detection and response cycle is critical as endpoints of every type are under constant attack. Neely concludes that more automation enables the security operations centre (SOC) to stay abreast of endpoint-related threats, while addressing a major issue cited by respondents, that of a lack of staffing and resources to manage and monitor their many endpoint-related toolsets.

Could an Equifax-sized data breach happen again?


Many global financial services organizations are targeted by sophisticated cyberattackers in an attempt to steal critical data and personally-identifiable information (PII), according to Vectra.

Financial industry attacker behaviors per 10,000 devices

Equifax-sized data breach happen again

Vectra disclosed that cyberattackers build hidden tunnels to break into networks and steal information. These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as exfiltration, while remaining largely undetected.

Security breaches across multiple industries continue in an upward trajectory, and the financial services industry is no exception. But while financial services firms didn’t experience the same volume of breaches as other industries, they still face considerable risk as lucrative targets of cyberattackers in search of a windfall.

Researchers found the same type of attacker behaviors across the financial services industry as those that led to the 2017 Equifax data breach. The Equifax breach resulted in the theft of driver’s license numbers, email addresses, Social Security numbers and other personal information from 145.6 million consumers, according to a company filing with the Securities and Exchange Commission. After the breach occurred, it reportedly went undetected for 78 days.

From August 2017 through January 2018, Vectra monitored network traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid catastrophic data breaches.

“Every industry has a profile of network and user behaviors that relate to specific business models, applications and users,” said Chris Morales, head of security analytics at Vectra. “Attackers will mimic and blend in with these behaviors, making them difficult to expose.”

“What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems,” Morales added. “The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data.”

Key findings from the report include:

  • Researchers detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined.
  • Vectra detected more than twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries combined.
  • For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to 23. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services.
  • For every 10,000 devices across all industries, two hidden tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to five. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic doubled from two per 10,000 devices to four in financial services.

Cisco plugs critical flaws in many switches, security appliances


Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its switches, next generation firewalls and security appliances.

Cisco switches critical flaws

Those vulnerabilities are present in the Cisco NX-OS Software, which enables network automation and programmatical provisioning and configuration of the devices via APIs, and Cisco FXOS (Firepower eXtensible Operating System).

“Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, execute arbitrary commands, gain access to sensitive information, or cause a denial of service (DoS) condition on an affected device,” the company explained.

They can be exploited via specially crafted packets (HTTP or HTTPS, Cisco Fabric Services, SNMP, IGMP) and messages (Cisco Discovery Protocol and BGP update messages).

Twelve of the vulnerabilities affect both Cisco FXOS Software and Cisco NX-OS Software and the remaining vulnerabilities affect only Cisco NX-OS Software. None of the vulnerabilities affect Cisco IOS Software or Cisco IOS XE Software.

There are no workarounds for the vulnerabilities, so administrators should implement the offered updates.

The good news is that the flaws were found during internal security testing, and there is no indication that they are being exploited in the wild.

Affected devices

Affected products include:

  • MDS 9000 Series Multilayer Switches
  • Nexus 2000 Series Fabric Extenders
  • Nexus 1000V/2000/3000/4000/6000/7000/7700 Series Switches
  • Nexus 1100 Series Cloud Services Platforms
  • Nexus 3500/3600/5500/5600 Platform Switches
  • Nexus 9000 Series Switches in standalone NX-OS mode and in Application Centric Infrastructure (ACI) mode
  • Nexus 9500 R-Series Line Cards and Fabric Modules
  • Firepower 2100 Series
  • Firepower 4100 Series Next-Generation Firewalls
  • Firepower 9300 Security Appliance
  • MDS 9000 Series Multilayer Switches
  • UCS 6100/6200/6300 Series Fabric Interconnects

Some products that have reached end-of-life status could also be affected, but updates for them won’t be provided.

For links to the advisories and more details about each flaw go here.

Early detection of compromised credentials can greatly reduce impact of attacks


detect compromised credentials

According to Blueliv’s credential detection data, since the start of 2018 there has been a 39% increase in the number of compromised credentials detected from Europe and Russia, compared to the same period in 2017 (January-May). In fact, Europe and Russia are now home to half of the world’s credential theft victims (49%).

In this podcast, Patryk Pilat, Head of Engineering and Cyberthreat Intelligence at Blueliv, talks about the report, and illustrates how these startling increases in cybercriminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.

Here’s a transcript of the podcast for your convenience.

I’m Patryk Pilat, Head of Engineering at Blueliv, a leading cyber threat intelligence company from Barcelona. We help organizations protect themselves by giving them visibility over the Internet, giving customers all over the world, from financial to insurance to retail, super fresh actionable threat intelligence to help them reduce their cyber risk. This includes detecting millions of compromised credentials every year to help secure the infrastructure. I’m here today to talk about our latest report, which focuses on the lifecycle of these stolen credentials.

There is a growing industry in the cybercrime ecosystem focused on obtaining valid login credentials using multiple mechanisms and tools. These tools nowadays can be cheaply acquired in the underground, darknet markets and forums. And you don’t have to be a highly seasoned cybercriminal to launch an attack.

According to our credential detection data, since the start of 2018 up until the end of May, there has been a 39 percent increase in the number of compromised credentials that we have detected from Europe and Russia, compared to the same period in 2017. In fact, Blueliv’s observations conclude that Europe and Russia make up half of the world’s credential theft victims.

We also found that when we remove Russia from the dataset, the growth figure for European theft victims jumps to 62 percent. This European growth figures tracked by us are surprisingly higher than North America’s, which we call it a decline by almost half in this period. We think that these cyber criminals’ success rates mean that the credential theft industry is growing in the European region, both in innovation and scope. We believe there are several reasons for this.

Firstly, there are more data stealer campaigns distributed across Europe at the moment. We also see that we are using most services online than ever before, such as cryptocurrency exchanges and other services like gaming or even gambling. There are simply more credentials that can be monetized by the bad guys. We’ve also seen trends indicating that APTs, which are already well known for exchanging information online for targeted attacks, are continuing their collaboration at pace. In the report, we also point out that there has been a proliferation of cheap malware kits available for less skilled attackers to use.

credential theft victims

We also highlight some more some sub-credentialed price lists. For example, stolen credentials for an e-commerce site which are available from about 9 dollars with bank account credentials varying in price depending on the account balance. They can rise up to twenty five thousand dollars for a single account, which has for example half a million deposited on it. All it takes is a single good credential for a threat actor to gain access to an organization and cause havoc. So, we have been concerned to see significant credential theft growth rates in our region.

Most of the time the motivation behind credential compromise is financial, from blackmail to ransom, selling sensitive information, to committing fraud. The end goal is usually to profit from the attack. This could be through extortion or blackmail, espionage or to cause reputational damage, or for a number of other reasons which we explore in-depth in the report.

Ultimately, Any organization which holds valuable data is at risk, and so should take appropriate measures to protect themselves. So, what different measures can be taken by organizations to prevent and mitigate the impact of credential theft?

Well, there are some key things that we think that organizations should take away from this report. As with many aspects of cybersecurity, education is key to mitigating attacks. People within any organization should treat any requests for credentials as guilty until proven innocent. The end users are always the weakest, and also the strongest link in the chain. A human touch complemented by threat intelligence is the best way to protect an organization. In fact, actionable intelligence enables organizations to block potential and trap intrusions at the firewall level. It helps to plug holes before the attacker can get in.

This continuous cyber hygiene within an organization prevents attacks and mitigates the impact of an attack when one happens. It forces IT security teams to locate sources of breach and patch vulnerabilities and go home, with ongoing penetration testing, red teaming exercises and the like.

Now, organizations should always remember that the fresher the credential, the more likely they can be used effectively by cybercriminals. On the flipside, the sooner compromise credentials are protected the sooner security teams can remediate.

Early detection of compromised credentials can greatly reduce impact of attacks 1

So, having ultra fresh credential information is often extremely important. The very early detection of compromised credentials, no more than a few days after they have been compromised, can massively reduce the impact of the theft. We provide deep insight into the lifecycle of the compromised credentials, and have made sure that our report offers valuable guidance to all of us – from CISOs seeking to protect their business, to analysts looking for IOCs to shrink their attack surface. With actionable intelligence, both from our platform Threat Compass and from the report we can fight cybercrime together.

The report, The Credential Theft Ecosystem, is available to download now you can get it from www.blueliv.com on our homepage. This was Patryck Pilat from Blueliv in Barcelona. Thank you.

Fraudster exploited US govt staff info stolen in 2015 OPM breach


The data breach suffered by the Office of Personnel Management (OPM) is, by now, very old news, but some of the people involved and affected are still feeling the repercussions.

OPM breach fraud

Stone data used for identity theft

The US Attorney’s Office for the Eastern District of Virginia announced on Monday that a Maryland woman has pleaded guilty to using that stolen identification information to obtain fraudulent personal and vehicle loans through Langley Federal Credit Union (LFCU).

39-year-old Karvia Cross both participated in and recruited others to engage in this fraudulent identity theft scheme.

“In 2015 and 2016, LFCU received numerous online membership and consumer loan applications in the names of stolen identities that were victims of the OPM data breach. LFCU approved and issued the requested memberships and loans prior to determining that they had been sought using the stolen personal identifying information of others,” the Department of Justice explained.

“LFCU disbursed loan proceeds via checks and transfers into the checking and savings accounts opened through these fraudulent applications. Vehicle loan proceeds were disbursed by checks made payable to individuals posing as vehicle sellers, while personal loan proceeds were disbursed to LFCU accounts opened in connection with the fraudulent loan applications and transferred to accounts of others. Cross and others then accessed and withdrew the fraudulently obtained loan proceeds.”

Cross is the second person involved in this scheme to plead guilty to conspiracy to commit bank fraud and aggravated identity theft: co-defendant Marlon McKnight pleaded guilty to the same charges on June 11.

Cross will be sentenced in October 2018, and is facing a minimum of two years in prison.

The OPM breach

The OPM breach, predating April 2015, was hypothesized to be the work of Chinese hackers as it resulted in the compromise of huge amounts of sensitive personal information of nearly 22 million US government employees, contractors and job applicants.

But, as it turned out, at least some of that information somehow ended in the hands of common fraudsters. How that happened is still unknown – the Department of Justice has yet to reveal that piece of information.

When the breach happened, the Federal Government offered individuals impacted by it a variety of identity monitoring, credit monitoring and identity restoration services, as well as identity theft insurance.

iOS 12 will allow users to share their exact location with emergency services


When iOS 12 is released later this year, it will come with a new feature that will allow iPhone users in the US who call 911 to “automatically and securely” share their location data with first responders.

iOS share location emergency services

How does it work?

Since 2015, Apple used Hybridized Emergency Location (HELO), a technology that estimates a mobile 911 caller’s location using cell towers and on-device data sources (GPS, WiFi Access Points).

This data was made available to wireless carriers and through them to emergency services, but major US carriers only recently started using it, as well as a similar Google technology that works on the company’s Android devices.

With iOS 12, the HELO data will be sent to the NG911 Clearinghouse when a user dials 9-1-1.

“The NG911 Clearinghouse is a NENA i3 compliant Location Information Server (LIS) and Additional Data Repository (ADR) that integrates into most major 9-1-1 call-taking, dispatching and mapping systems. RapidSOS offers this service at no cost to public safety, and it can be accessed by any authorized 9-1-1 center in the United States,” Reinhard Ekl, VP Product & Public Safety at RapidSOS, explained.

He noted that public safety agencies across 35 states have already completed the integration and has invited those who haven’t yet to get in touch to receive instructions on how to do so.

He also reassured them that this location information sent by Apple devices is a supplemental source of data, not a replacement for the carrier location they already receive through the Automatic Location Identification (ALI) system.

From the user perspective

Users will be able to use the feature easily, as it will be part of the operating system – they will not have to install a dedicated app on their phone.

The HELO location data will be sent to the NG911 Clearinghouse through RapidSOS’s Internet Protocol-based data pipeline.

“In keeping with Apple’s focus on privacy, user data cannot be used for any non-emergency purpose and only the responding 911 center will have access to the user’s location during an emergency call,” Apple added.

Some 80 percent of 911 calls today come from mobile devices, and this new feature should help reduce emergency response times.

CyberMap: Live map of Israel’s cybersecurity ecosystem


During CyberWeek 2018, YL Ventures launched CyberMap, the first live map of Israel’s cybersecurity ecosystem.


The live landscape enables interactive filtering based on: company category, funding stage, and more.

Unlike other industry guides and infographics, CyberMap is flexible, and constantly updated. It allows for continued relevance and wider applicability. Additionally, YL Ventures have curated the list of source data to only include companies they’ve determined are active and engaged.

CyberMap is designed to be relevant to a wide cross-section of the cybersecurity industry:

  • Entrepreneurs will be able to identify new trends and greenfield opportunities as well as learn about their competitors
  • Investors will be able to connect with novel startups they might otherwise have never heard of
  • Security practitioners will be able to shop around for unique services
  • Large companies will be able to pinpoint ideal acquisition targets.

Essentially, CyberMap’s main goal is to enable entrepreneurs, investors and analysts to generate their own insights, identify new opportunities and make better business decisions. YL Ventures hopes the these capabilities will ultimately grow the Israeli (and eventually the global) cybersecurity industry as a whole.

Visibility across the digital experience is critical to manage it successfully


Riverbed found that 99% of business decision makers agree that optimizing digital performance is essential to business performance, and 98% agree that digital, including the delivery of digital services and applications, is critical to the future of their business.

digital experience

However, 95% of these same business decision makers say that major barriers – including budget constraints, legacy networks and lack of visibility – are holding them back from advancing digital strategies and delivering the performance and customer experience required in today’s digital world.

The global survey, which includes responses from 1,000 business decision makers at companies with $500 million or more in revenue across nine countries, also found that while digital services and applications are critical to future business success, 80% of respondents reported that critical digital services and applications are failing at least a few times a month.

Awareness is high, need is immediate

The need for companies to provide a successful digital experience for customers, partners and employees is well recognized, and it continues to grow in importance. Some 91% of global business decision makers agree that providing a successful digital experience is even more critical to the company’s bottom line than it was just three years ago.

Likewise, 99% of global business decision makers believe their company would benefit from improving the performance of their company’s digital services and applications. They see this happening primarily through:

  • Improved customer/user experience and satisfaction (53%)
  • Greater market agility (49%)
  • Increased revenue/sales and profitability (49%)
  • Increased employee productivity (49%)
  • Faster time to market (48%).

Hurdles to implementing a digital strategy are real

However, it is widely recognized that inadequately performing systems today are a key limitation to a successful digital strategy. In fact, of the 95% of global business decision makers who said they face significant challenges when it comes to achieving a more successful digital strategy, most cited multiple challenges including:

  • Budget constraints (51%)
  • Overly complex or rigid legacy IT infrastructure (45%)
  • Lack of full visibility across the digital or end user experience (40%)
  • Lack of available or appropriately-skilled personnel (39%)
  • Lack of buy-in from leadership on prioritizing digital initiatives (37%).

And of the nearly 80% reporting that critical digital services and applications are failing at least a few times per month and impacting productivity and the end user experience, nearly one in four experience failures at least several times a week. When critical digital services fail, every minute matters. Half of the survey respondents say the maximum acceptable time to resolve digital performance issues is within an hour, and nearly 20% said within minutes, recognizing a digital service failure can cost companies millions of dollars in lost revenue, and significantly impact customer loyalty and brand reputation.

Business leaders are well aware of the impact these failures can and are having on their businesses. The consequences expressed include:

  • Loss of sales and revenue (42%)
  • Delayed product launches (41%)
  • Loss of customers (41%)
  • Loss of brand loyalty (41%)
  • Loss of employee productivity (40%).

Investing to maximize digital performance

Smart business leaders are looking to put greater emphasis on the management tools and infrastructure underlying digital services. In fact, 99% say that visibility across the digital experience is critical to measure and manage it successfully; and 98% of global business decision makers believe that a modern IT architecture that delivers greater agility is important to improving digital performance.

digital experience

Businesses also say the time to act is now. More than 3 of 4, or 77% of global business decision makers say it is critical that their company invest in improving the digital experience for users or customers in the next 12 months. The key areas business decision makers see themselves making investments in the next 12 months include:

  • Modernizing networks and infrastructure to drive greater agility (60%)
  • Ability to better monitor and manage the end user’s digital experience (59%)
  • Improving service desk capabilities (59%)
  • Accelerating development of applications (58%).

A significant number of business decision makers also identified cloud solutions and emerging technologies as key drivers of the digital experience moving forward. Nearly all, 99%, of global business decision makers believe the use of cloud technologies is important to their companies’ ongoing digital strategy, and business leaders would like their companies to invest in emerging technologies such as:

  • Data Analytics (60%)
  • Internet of Things (59%)
  • Blockchain Technology (48%)
  • Machine Learning (47%)
  • Artificial Intelligence (47%)
  • Virtual Reality (36%)
  • 5G Networks (21%).

3,000+ mobile apps leaking data from unsecured Firebase databases


Appthority published research on its discovery of a new HospitalGown threat variant that occurs when app developers fail to require authentication to Google Firebase databases.

unsecured Firebase databases

Appthority security researchers discovered the HospitalGown vulnerability in 2017 which leads to data exposures, not due to any code in the app, but to the app developers’ failure to properly secure backend data stores (hence the name). The new Firebase variant exposes large amounts of mobile app-related data stored in unsecured Firebase databases.

Exposed data from the Firebase vulnerability includes personally identifiable information (PII), private health information (PHI), plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and registration numbers, and more data leaking from vulnerable apps. To date, Appthority is the only mobile security vendor researching and protecting against these large scale back-end data exposures.

“The Firebase vulnerability is a significant and critical mobile vulnerability exposing vast amounts of sensitive data,” said Seth Hardy, Appthority Director of Security Research. “The large number of vulnerable apps and the wide variety of data shows that enterprises can’t rely on mobile app developers, app store vetting or simple malware scans to address data security. To keep their data safe and stay in compliance with regulations like GDPR, HIPAA and PCI, they need to be investing in deep app analysis that detects these types of vulnerabilities.”

Key findings

  • 3,000 mobile iOS and Android apps – over 620 million Android downloads, alone — are leaking data from 2,300 unsecured Firebase databases
  • Multiple app categories are impacted including tools, productivity, health and fitness, communication, cryptocurrency, finance and business apps
  • Most enterprises are impacted: 62% of enterprises have at least one vulnerable app in their mobile environment.

unsecured Firebase databases

More than 100 million records are exposed, including:

  • 2.6 million plain text passwords and user IDs
  • 4 million+ PHI (Protected Health Information) records (chat messages and prescription details)
  • 25 million GPS location records
  • 50,000 financial records including banking, payment and Bitcoin transactions
  • 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens.

Follow threeblocksaway | styleandeasy