The bank has been on a mission to transform its anti-money laundering capabilities after substantial illegal transaction activity was uncovered at a Danske Bank subsidiary in Estonia. The Baltic state made global headlines when Danske Bank was found to have transferred more than €200bn of suspicious money through its tiny branch in Tallinn. Danske Bank’s transaction-focused AML-detection apparatus proved sluggish in identifying account and money transfer divergence anomalies at the branch in Estonia’s capital. During the pilot of the platform from Quantexa, Danske Bank improved its ability to detect suspicious activity in its market trading business in areas such as foreign exchange, securities and equities. “Harnessing technology enables us to identify complex financial crime behaviours more effectively. Running advanced analytics on a wide range of datasets can help us better detect, investigate and prevent financial crime,” said Satnam Lehal, head of financial crime detection at Danske Bank. The bank has now taken the pilot project to the next stage and integrated it with existing infrastructure.
The hack appears to be the result of the successful insertion of malware into SolarWinds' recent updates. The SolarWinds technology is used by the Pentagon, all five branches of the U.S. military, the State Department, NASA, the NSA, the Postal Service, the National Oceanic Atmospheric Administration, the Department of Justice and the Office of the President of the United States, among others. Plus, it's installed at thousands of companies and organizations around the world. Perhaps these events will serve as a wake-up call to our citizenry and bring the severity of our exposure to adversarial cyberattacks into a more focused picture. Today, I'm recalling watching "60 Minutes" in February 2015 - an episode titled: "DARPA: Nobody's Safe on the Internet" with Leslie Stahl interviewing some intriguing guests. A review of that segment helps to illustrate that some efforts back then were misguided, and cybersecurity remains very much a work in progress. The "60 Minutes" report said the Department of Defense had put Dan Kaufman, a former video game developer, in charge of inventing technology to secure the internet and given him a staff of 25 "brainiacs" and a budget of $500 million a year to "do something to help national security" and "make the world a better, safer, more secure place."
The attackers kept their malware footprint very low, preferring to steal and use credentials to perform lateral movement through the network and establish legitimate remote access. The backdoor was used to deliver a lightweight malware dropper that has never been seen before and which FireEye has dubbed TEARDROP. This dropper loads directly in memory and does not leave traces on the disk. Researchers believe it was used to deploy a customized version of the Cobalt Strike BEACON payload. Cobalt Strike is a commercial penetration testing framework and post-exploitation agent designed for red teams that has also been adopted and used by hackers and sophisticated cybercriminal groups. To avoid detection, attackers used temporary file replacement techniques to remotely execute their tools. This means they modified a legitimate utility on the targeted system with their malicious one, executed it, and then replaced it back with the legitimate one. A similar technique involved the temporary modification of system scheduled tasks by updating a legitimate task to execute a malicious tool and then reverting the task back to its original configuration.
Holding a hackathon is a sure-fire way of attracting programming talent and development activity to a blockchain platform. The concept is popular among many kinds of tech companies and developers. In the context of blockchain, a platform’s founders or operators will usually offer some type of incentive to participants in exchange for their creative contributions. Often, hackathons have been held as part of blockchain-developer conferences or events. However, with the social restrictions currently in place, many projects are forging ahead with remote hackathons, and with a high level of participation and success. ... Blockchain and cryptocurrencies are chock-full of jargon, acronyms and technical concepts that can be off-putting to many newcomers. Not to mention, starting to invest or trade in cryptocurrency comes with particular risks that everyone should be aware of before they start. For this reason, those companies that can provide newcomers with a comprehensive library of educational materials have an opportunity to inspire loyalty from newcomers. One example is Indian cryptocurrency exchange Bitbns, which has created its own multimedia academy targeted at those eager to learn about cryptocurrency.
Zero Trust security architectures are underpinned by a segmented environment that limits the movements of attackers, isolating them and reducing their impact. In a Zero Trust environment all users, devices and applications are assigned a profile, based on techniques like digital identity, device health verification and application validation. They are then granted restricted access based on their profile. This prevents attackers from moving around freely, but it is also a precise and methodical process that provides and maintains genuine users and resources access, as and when required. Enforcing granular permissions based on the profile of the user or digital asset is a complex process. Automation provides the means to perform these actions programmatically and at scale. It also ensures that new technologies and solutions can be constantly added either to support, or replace, existing systems to ensure actions are performed in line with Zero Trust policies. Faced with a backdrop of emergent threats and an enterprise environment that is constantly evolving, automation provides the means to adapt quickly. Policies can be rewritten, while systems and processes can be reconfigured to deal with sudden changes or requests. This can be done at a micro level, dealing with very specific issues, or on a broader macro level, dealing with enterprise-wide issues.
As organizations have adapted to remote work and adopted new solutions, it's critical they understand how their architecture has changed in order to identify the evolving threat surface. But it's also important to realize that an IT architecture is like a fingerprint; there are some common types, but ultimately, they're unique. VPN is more effective for an on-premises environment, while MFA is more effective for a cloud-based setup. Let's take VPNs as an example. The most straightforward use case of a VPN is to establish a secure connection to access corporate infrastructure. You're at home, on your own wireless network, but you connect through a VPN. The VPN is protected by a firewall device to access the corporate network. This model works well for organizations that have a data center and file servers on-site because they can still leverage their network perimeter to protect it. However, VPN traffic can get more challenging when you consider the scale of larger organizations. Once hundreds of remote employees are connecting through VPN, the burden of moving data to a point which it can be distributed over network traffic can become significant.
Clearly, we need to introduce more support around security awareness, understand the pressures that employees are under, whether that be self-inflicted or whether that be because of some external factors that are going on. This one is also the real challenge of security folks. We’re still not that good at that kind of emotional intelligence. We love a process, we love a policy. But we’re still not very great at this touchy, feely, fluffy emotional space. There’s a real role here for a human resources professional to get engaged to help deal with this one. ... There is a real leadership opportunity there to create the right environment that encourages people to talk about some of those issues. We’ve seen some real progress in that space. Because let’s face it we all have good days and bad days. I think encouraging people to talk about that, to share those things is hugely important as is encouraging people to take breaks, move away from the screen. We’ve moved into a realm that those kind of things are really important for us to be picking up on. Some of us are doing it quite naturally, perhaps, but they are not skillsets that are the strong suits for CISOs and security professionals.
When it comes to budgeting, the three areas of information technology noted as incurring the most expense by SMB and mid-market company executives are: information security (60%), data storage (48%), and data analytics/business intelligence (45%). The IT areas incurring the least expense in budgets are: application licensing (24%), digital transformation (21%), and data center automation (21%). “We conducted this survey to better understand the dynamics of how business executives perceive and select MSPs, as well as how MSPs can provide the greatest value to their SMBs and mid-market customers,” said Infrascale CEO Russell P. Reeder. “Based on the results, we recommend that MSPs continue to lead with solutions focused on security, data storage, and data analytics. Our most successful MSP partners are enabling their businesses to be more secure and to always access and analyze their data. The lifeblood of any business is its data, so it makes sense that securing it, backing it up, and analyzing it is most important to businesses.”
"Security is really only as good as the weakest link," says John Titmus, director of sales engineering EMEA at CrowdStrike, a security vendor. "Supply chain attacks are getting more widespread and growing in frequency and sophistication. You need to understand the nature of the risks and develop a security roadmap around it." Deep Root Analytics, a marketing firm used by the Republican National Committee, leaked the personal data of 200 million voters in 2017. This is a small company, that, according to its LinkedIn profile, has fewer than 50 employees. Deep Root Analytics accidentally put the data on a publicly accessible server. Larger service companies are also vulnerable. The Verizon breach, which involved six million customer records, was caused by Nice Systems, a provider of customer service analytics. Nice put six months of customer service call logs, which included account and personal information, on a public Amazon S3 storage server. Nice reports that it has 3,500 employees and provides services to more than 85% of Fortune 100 customers. Nice is tiny compared to Deloitte, an accounting firm with more than a quarter million employees.
For many years there’s been a gulf between the tools we use as consumers and the tools we use as knowledge workers. It’s often a source of frustration: why is it that at an internet search console, we can find the answer to the most obtuse and bizarre question we can possibly imagine in seconds through a couple of clicks of the mouse, yet it takes me ten minutes to find the document that Jack from Accounts sent me two weeks ago? The answer lies in the complexity of enterprise search as a function. Behind the veil of the easily accessible user interface, enterprise search is more complex than it appears and there are much greater technological challenges to be overcome, despite the visual similarities with internet search. For example, content online can easily be categorised by the number of clicks and views a page has received, in order for relevancy to be established, as traffic volumes are incredibly high. However, the document that Jack from Accounts sent is unlikely to have been opened anywhere near as much, so other technologies, such as natural language processing, need to be relied upon in order to understand the content of documents and recommend relevancy.
Quote for the day:
"Positive thinking will let you do everything better than negative thinking will." -- Zig Ziglar