2018

Fancy Bears hackers target International Olympic Committee

Posted on

Originally seen on Tech Target and written by: Madelyn Bacon

News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again.

The International Olympic Committee has had its email stolen again, this time in a response to its ban on Russia from the 2018 Winter Olympics.

A hacking group that calls itself Fancy Bears posted email messages allegedly from officials at the International Olympic Committee (IOC), the U.S. Olympic Committee (USOC) and other associated groups, like the World Anti-Doping Agency (WADA). There’s no confirmation yet that the email messages are authentic, but Fancy Bears focuses on anti-doping efforts that got Russia banned from this year’s Olympic Games.

“The national anti-doping agencies of the USA, Great Britain, Canada, Australia, New Zealand and other countries joined WADA and the USOC under the guidance of iNADO [Institute of National Anti-Doping Organisations],” Fancy Bears said on its website. “However, the genuine intentions of the coalition headed by the Anglo-Saxons are much less noble than a war against doping. It is apparent that the Americans and the Canadians are eager to remove the Europeans from the leadership in the Olympic movement and to achieve political dominance of the English-speaking nations.”

Fancy Bears is believed to be the same hacking group known as Fancy Bear that claimed responsibility for the 2016 hack on the U.S. Democratic National Committee, which interfered in the 2016 presidential election. Fancy Bear hackers have been linked to Russia’s military intelligence unit, the GRU, by American intelligence officials.

The batch of email messages Fancy Bears posted is from 2016 through 2017 and mainly focuses on discrediting Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

The IOC declined to comment on the “alleged leaked documents” and whether or not they are legitimate.

It’s not clear how Fancy Bears allegedly breached the IOC email. However, in 2016, the same group targeted WADA with a phishing scheme and released documents that focused on previous anti-doping efforts following the 2016 Summer Olympics. In that case, the hacking group released the medical records for U.S. Olympic athletes Simone Biles, Serena and Venus Williams and Elena Delle Donne. The medical records showed that these athletes were taking prohibited medications, though they all obtained permission to use them and, thus, were not violating the rules. This release happened in the midst of McLaren’s investigation into the widespread misconduct by Russian athletes.

In one email released in this week’s dump, IOC lawyer Howard Stupp complained that the findings from McLaren’s investigation were “intended to lead to the complete expulsion of the Russian team” from the 2016 Summer Games in Rio de Janeiro and now from the 2018 Pyeongchang Games.

What do you think about this alleged Olympics hack?

Here’s what keeps your CISO up at night

Posted on

As seen on February 14th, 2018 on Helpnetsecurity.

89.1 percent of all information security leaders are concerned about the rise of digital threats they are experiencing across web, social and mobile channels, according to the 2018 CISO Survey by RiskIQ.

ciso worry

Some 1,691 U.S. and U.K. information security leaders across multiple verticals, including enterprise, consulting, government and education, provided insights into their cyber risk concerns and plans for 2018.

Overall, the survey revealed a coming “perfect storm,” where the problem of staff shortages collides with escalating cybercrime, leaving organizations ill-equipped to manage and respond to cyber risks and threats that are accelerating in an era of digital transformation, pervasive connections and increasingly sophisticated attack strategies sponsored by nation-states and rogue actors.

As the Spectre and Meltdown security flaws in Intel chips dominated the news in early 2018, and after a year of major security breach announcements and settlements, including Equifax, Yahoo and Anthem, the following findings are hardly surprising:

  • 67 percent of cybersecurity leaders do not have sufficient staff to handle the daily barrage of cyber alerts they receive
  • 60 percent expect digital threats to grow as their organizations increase online engagement with customers
  • The top three digital threats information security leaders fear are phishing and malware attacks on employees and customers; brand impersonation, abuse, and reputational damage; and information breaches
  • The top risk organizations face today is a lack of experienced staff to monitor and help protect networks from cybercrime
  • Currently, 37 percent of firms have engaged a managed security services provider (MSSP) to help monitor and manage cyberthreats.

ciso worry

“The RiskIQ 2018 CISO Survey illuminates a growing industry-wide problem, which is that cybercrime is growing at scale, and enterprises are already experiencing critical staff shortages. That’s one reason 1 in 3 organizations have engaged with an MSSP to combat cyber risks and threats, and we expect that number to grow as the competition for top security talent gets far more intense,” said Lou Manousos, CEO at RiskIQ.

 

Check out all of our services offered at our website or call us today: 518-479-3881.

Five Windows 10 2018 resolutions to follow

Posted on

By: Eddie Lockhart, Site Editor, Tech Target

IT pros who emphasize these resolutions in 2018, including a focus on the easy-to-overlook security holes in Windows 10, will have a great year ahead.

The start of a new year often leads people to make resolutions; some people strive to lose weight, others look to save money. Whatever they select, the goal is to make their lives better.

Windows professionals should follow suit and make their own Windows 10 2018 resolutions. The right changes can make both their lives and their users’ lives better in 2018.

From improved security to fewer privacy concerns, the time is now to adopt these five Windows 10 2018 resolutions for the new year.

Focus on the simple things for security

IT can put a lot of its security concerns to rest in the new year by shoring up obvious areas. For example, IT can easily encrypt users’ personally identifiable information and other data by activating BitLocker, which is built into Windows 10. IT should also educate users on how to avoid bad links or malicious emails. It’s impossible to completely eradicate the risks associated with users making mistakes, but some teaching can go a long way.

Many organizations also run into rampant levels of unpatched third-party software. Attackers know that IT often forgets to update third-party software because there can simply be too much to keep track of. Fortunately, there are patch management tools out there, such as GFI LanGuard, that IT can use to identify unpatched software and address it.

In addition, IT needs security standards on every desktop. Setting minimum password lengths or whitelisting applications can really fortify an organization’s defenses.

Put Windows Update problems in the past

Windows Update can hit some snags that block updates, which can create security and compliance risks. IT should make sure that all devices are connected to the internet because Windows Update requires an internet connection to function.

Windows also delivers an error code when Windows Update fails. IT can search the internet for that code to diagnose the problem. If that proves fruitless, IT should make sure the device meets Windows 10’s minimum hardware requirements. It is also possible for a user’s device to simply run out of the space it needs to update. IT can clear space with Disk Cleanup.

Windows 10 certainly isn’t perfect, and there are a host of nagging problems that can make it tough to deal with for users.

Problems with Windows Update can also crop up if something happens to the System Reserved Partition, which contains the Boot Manager, Boot Configuration Data and BitLocker startup files. The partition works as part of the update process. Sometimes users delete the System Reserved Partition because they don’t know what it is and want to free up space on their devices. The partition can also run out of space. The Disk Management Console gives IT pros a window into the System Reserved Partition so they can make sure it’s present and see how much space it still has.

IT can also use the Windows Update Troubleshooter to identify and resolve any issues that commonly cause Windows 10 update problems.

Take full advantage of Windows 10 features

Microsoft has already released several major updates since the OS debuted in 2015. The Fall Creators Update added Exploit Guard, a tool within Windows Defender Advanced Threat Protection that enables IT pros to block malicious websites and combat zero-day attacks with intrusion policies. For users, the Fall Creators Update enhanced the My People app by enabling them to pin contacts to their task bars and open an email, instant message or video chat directly from there.enterprise_desktop-windows_10_desktop.jpg

The new features are great, but it’s important to also maximize the existing features. Windows Defender Device Guard, for example, enables IT to create code integrity policies that whitelist which apps are allowed to run on Windows 10.

IT can bolster security even more with Windows Hello for Business, which enables both biometric and two-factor authentication. Users can also work with the Cortana digital assistant to make appointments, get directions and more. And, of course, there is Continuum, which can orient the screen of a 2-in-1 device to match the presence of a keyboard.

Turn off annoying ads

Windows 10 certainly isn’t perfect, and there are a host of nagging problems that can make it tough to deal with for users. Ads, for example, pop up everywhere in the lock screen, the Start menu and in the Windows 10 Action Center. It is possible to suppress them, but users or IT must do it on a case-by-case basis. There are different toggles for turning off the ads for the Start menu than for the lock screen.

Address privacy concerns

The last of the five Windows 10 2018 resolutions is dealing with privacy concerns. Microsoft collects data from users, including security settings, contact lists, passwords and website visits. It also collects email and text message information, but does not read the contents. This data collection is supposed to help Microsoft customize the user experience. Apps such as Cortana, for example, rely on users’ personal information to better meet their needs.

 

There are ways to limit the data Windows 10 gathers. With telemetry data, for example, there are three settings: Basic, Full and Enhanced. Enhanced sends the most data of the three back to Microsoft. In Windows 10 Enterprise and Education, the user can even turn telemetry data collection off entirely. IT can employ Group Policy settings to limit other data collection or to alter privacy settings.