Cyber Security and Networked World

Other people see this same world as being quite horrific, and bringing up huge issues in terms of privacy and security, and do not believe it will ever really happen.

The internet of things essentially refers to a process where pretty much every device that we use at home and at work, everything we wear, everything we use will in some way be connected to each other wirelessly.

This process allows manufacturers and governments to collect huge amounts of information about people in a way that has never been foreseen or planned for. This information is now being collectively referred to as big data, and there is a huge industry trying to work out how this information can be used, largely for the benefit of manufacturers and supposedly for the benefit of government planning in transport and urban development.

The reality is that all major manufacturers of virtually every product on the planet are now either putting sensors into their devices, or planning how to, in order to enable the internet of things to happen.

Whilst there are certainly technical difficulties to overcome, a whole range of what are being referred to as internet of things platforms are being developed, which will in the end enable a seamless integration of these devices.

People may doubt that this will happen, will happen quickly or at all. Sadly this is wishful thinking for a number of reasons.

The main reason is that the main beneficiary of the internet of things well in fact be a vast range of businesses and corporations who stand both to slash costs hugely and increase profits significantly at the same time.

That of itself will drive the Internet of things.

This to an extent is already happening in supermarkets, And is a really good example of how this process will work.

All products in supermarkets have a barcode, at the checkout this barcode is swiped against a screen and is added to the shoppers bill.

At the same time, the barcode feeds into the inventory system of the supermarket and sets in motion a process right back to the distribution center, and ultimately the production process itself.

In addition, supermarkets are now widely installing self-service checkout tills that means the individual customer has to swipe the products themselves, thus reducing the need for staff even more.

Whilst there are huge social and libertarian issues involved in all this, the issue of privacy and cyber security is huge, and is likely in many ways to get overlooked in the rush for profit and cost-cutting.

The amount of personal information being processed by all manufacturers of these devices and products is colossal, and all potentially at risk of being hacked or compromised in some type of data breach. This could lead to a massive erosion of trust in a number of systems currently used, and could lead to significant growth of identity fraud and theft for a whole range of individuals.

Virus vs Malware

Most of the time we will say we have a virus in our computer and much like the ones we can get in our bodies, these viruses attack our computer’s hard disk space or central processing unit which makes it very hard to fix.

By definition a computer virus is a malicious software program that replicates itself by modifying other programs and inserting its own code. That is, it gets into your computer and then takes over your programs sometimes leaving them not functioning at all.

Those who release these viruses are using social engineering deceptions to exploit the vulnerabilities that systems have. Sometimes, even if you have a security system on your computer the virus can circumvent it and still infect it. Viruses cost billions of dollars a year in economic damage because the damage they cause is so great. They are targeted for profit or political messages or sabotage. Sometimes the people who create them are just in it for the fun of watching users suffer, and suffer they do.

On the other hand, malware is malicious software, things like ransomware, worms, Trojan horses and spyware. They, thankfully, don’t interfere with the hard disk space or take over control of your computer, although they are still annoying to have and to deal with.

There are many places that deal with removing malware from your computer and even programs you can download that will scan and get rid of them from your system. Now that we know more about these things, security systems have pre-programmed scans that take place at an allotted time to scan the computer and alert you to any problems before they get too big to handle. Using an anti virus program and your security you are in a good place to keep your computer running well. Sure at times it goes slow and sometimes you need professional help and luckily there are those who deal with computers on a daily basis and know what they are doing.

Malware Works

Malware comes in many forms. It can take the shape of spyware, keyloggers, worms or viruses, but they all do the same thing to a computer: they mess with the operating system and gain access to your information, which can lead to identity theft.

Malware started off as an experiment or a big joke but now can garner big money for those criminals who impose it on unsuspecting computer users. They can make money by the forced adware that we have to endure, they can steal our bank codes and passwords to gain access to our accounts and they can track our internet browsing history and spread email spam to everyone in our address book. There is malware everywhere, and we usually download it unintentionally with other programs that we really want on our computer. It piggy backs on with the good stuff and embeds itself into our operating system and there it stays inflicting its wrath until we figure out how to get rid of it.

So how do you get rid of malware? The best cure is preventing it from entering your computer in the first place. This means being ultra careful what files you download from the internet and reading all of the user information before hitting the download button. Another great way to prevent malware is by using a good security system and adding a service like Malwarebytes to your computer that will scan for these viruses each day which makes removal that more effective. Taking advantages of the updates that pop up from trusted sources is also a great way to defend against malware as they up the security and technology for the system itself.

It all else fails, take your computer to your trusted computer repair shop where they will have the know how to rid your computer of the pesky malware that is making your life and your computer miserable.

Bitcoin Ransom

Launches an initial DDoS attack (ranging from a few minutes to a few hours) to prove the hacker is able to compromise the website of the victim.

Demands payment via Bitcoin while suggesting they are actually helping the site by pointing out their vulnerability to DdoS

Threatens more virulent attacks in the future

Threatens a higher ransom as the attacks progress (pay up now or pay more later)

Unprotected sites can be taken down by these attacks. A recent study by Arbor Networks concluded that a vast majority of DD4BCs actual attacks have been UDP Amplification attacks, exploiting vulnerable UDP Protocols such as NTP and SSDP. In the spectrum of cyber-attacks, UDP flooding via botnet is a relatively simple, blunt attack that simply overwhelms a network with unwanted UDP traffic. These attacks are not technically complex and are made easier with rented botnets, booters, and scripts.

The typical pattern for the DD4BC gang is to launch DDoS attacks targeting layer 3 and 4, but if this does not have the desired effect, they will/can move it to layer 7, with various types of loopback attacks with post/get requests. The initial attack typically lies on a scale between 10-20GBps. This is rather massive, but often not even close to the real threat.

If a company fails to meet their requests, and if that company does not migrate this attack through various anti-DDoS services, the group will typically move on after 24 hours of a sustained attack. But you should not count on this pattern to manage your cyber security tactics.

HaltDos adapts and blends in your network and requires minimum management

DDoS Protection
Automatic detection and mitigation of DDoS attacks to ensure your application stays online and always available.

Application Delivery
Having server load problems? Deliver content at lightning speed with our Application Delivery Controller.

DNS Firewall
Egress firewall for your enterprise network to prevent data exfiltration through malware.

SSL Proxy
TLS/SSL computation is expensive and can slow down your servers. Offload SSL connections from your servers with SSL Proxy.

Virus Protection Software for PC

The best security programs are able to keep up with all of the new and rising threats. It’s a race of sorts, so it’s in your best interest to purchase a software solution that includes daily, automatic updates. It should be able to keep up with all of the latest definitions of ransomware, phishing scams, and all types of malware and dangerous files.

Opt for software that is powered by a global 24/7 threat monitoring network. Cyber criminals never, ever seem to stop, so neither should monitoring and protection networks.

Another thing to look for is a program that offers seamless upgrade options. If you’re a regular PC user, you likely won’t need business-level protection. However, the option should still be there for you to purchase additional protection and security tools as your needs grow.

Virus protection software for PC is usually available in various pricing and subscription options. Typically, the most basic version can be purchased for a single computer, whether it’s a PC or Mac. If you also want protection for your smartphone, tablet, laptop, etc. there should be a Premium or Premier Suite available with varying pricing options.

What about free programs? While new versions of Windows do come with built-in security features, including a firewall, they do not offer enough protection for the average user. Free programs usually offer just the bare minimum of protection. This doesn’t mean you have to start spending money on virus protection software for PC, as there are usually free trials available offered by the biggest companies. Read reviews and try one out before deciding whether or not you want to purchase a license for the full version.

If you do a lot of shopping online and pay bills, you’ll definitely need a security suite that offers financial security. There should be a feature that keeps your financial details protected and encrypted.

User-friendliness is another important consideration. If you’re the type who prefers to be hands-on, then the ideal program will offer manual scanning and updating options. If you prefer applications to run quietly in the background, then its processes, including updates, should automate.

Overall, out of all of the cyber protection companies, Norton is perhaps the most popular. It offers virus protection software for PC, Macs, Androids, iOS, etc… Choose Norton Antivirus Basic, Standard, Deluxe, and Premium.

Data Breach

If you’re a small business and have about 5,000 customers in your database that’s just over $1 million in expenses just to comply with state and federal laws and doesn’t even begin to measure the costs associated with damage to your reputation or brand. That’s a million dollars in costs that aren’t likely covered by your business owner’s insurance policy, general liability, or umbrella liability coverage.

If your company operates on the web this is only one exposure you face, and when I say “operate on the web” I don’t mean being a technology company. Brick and mortar retailers, wholesalers, service companies, and manufacturers all may “operate on the web” if they have any sort of customer interface over the internet. If you exchange personal information of customers, take orders, or conduct commerce over the web you likely have this exposure. If you maintain databases of customers on a computer, server, or cloud (and who doesn’t today) you also are exposed to hackers and unintentional leaks of data.

Firewalls, anti-virus software, and security technology are all good risk management tools, for operating on the web at any level, but so is proper risk transfer (insurance).

The majority of standard business owner’s policies and package policies do not address the various exposures that the internet presents to any business operating on the web. Those policy forms were written in the “pre-internet” age and don’t even contemplate the various exposures you have on the net. But, specialized forms are now available that specifically address these exposures on a portfolio basis – meaning that different coverage parts can be added, subtracted or customized to your specific needs. The best news is that “Cyber-Liability” policies as they are called, are not that expensive, compared to the relatively high cost, and high probability of loss that exists. Many experts today say it’s not “IF” you’ll experience a cyber liability claim, but “WHEN”!

With that thought in mind, let’s think about the other insurance policies most business owners have – property insurance to protect their building and contents from a fire or theft, or other covered peril; general liability insurance to protect them from lawsuits for bodily injury or property damage; workers compensation as mandated by most state laws; auto insurance for their fleet of vehicles; and excess liability coverage, sometimes called an umbrella to provide “extra” liability coverage over their primary general and auto liability policies. How many fires does a business owner experience in their lifetime? How about liability claims for slip and falls?

I’m not saying that a business owner shouldn’t protect these exposures; it’s just a “given” that we must have these policies – it just makes sense to transfer the risk of a potential adverse financial loss (claim) to an insurance company. So if it’s likely that your company WILL experience a data breach at some point in the future, doesn’t it make sense to also transfer that risk to an insurance company? Especially since we know the likelihood of it happening and the costs associated with it?

I will cover the various coverage parts of the Cyber Liability policy forms in the next several posts for a better understanding of what’s involved in this unique and need coverage form.

For more information related to Cyber coverage, Technology insurance, or general business insurance, please do contact us!

Gordon Coyle is the owner of The Coyle Group, a boutique commercial insurance brokerage and risk management consulting firm focused exclusively on the protection needs of business. With 30 years of experience and expertise, my goal is to work collaboratively with clients to: minimize risk, boost operational productivity, strengthen compliance, lower costs and improve profitability. Deploying a unique and diagnostic process that goes beyond just insurance we help mid-market businesses develop long term strategies to control risk that will positively impact corporate operations, employees, livelihoods and the future; all while lowering insurance premiums.

Learned From The Facebook Breach

  • Identifying all devices involved in public access of company data including firewalls, routers, switches, servers, etc. Develop detailed access-control-lists (ACLs) for all of these devices. Again change the passwords used to access these devices frequently, and change them when any member on any ACL in this path leaves the company.
  • Identifying all embedded application passwords that access data. These are passwords that are “built” into the applications that access data. Change these passwords frequently. Change them when any person working on any of these software packages leaves the company.
  • When using third party companies to assist in application development, establish separate third party credentials and change these frequently.
  • If using an API key to access web services, request a new key when persons involved in those web services leave the company.
  • Anticipate that a breach will occur and develop plans to detect and stop it. How do companies protect against this? It is a bit complicated but not out of reach. Most database systems have auditing built into them, and sadly, it is not used properly or at all.
    An example would be if a database had a data table that contained customer or employee data. As an application developer, one would expect an application to access this data, however, if an ad-hoc query was performed that queried a large chunk of this data, properly configured database auditing should, at minimum, provide an alert that this is happening.
  • Utilize change management to control change. Change Management software should be installed to make this easier to manage and track. Lock down all non-production accounts until a Change Request is active.
  • Do not rely on internal auditing. When a company audits itself, they typically minimize potential flaws. It is best to utilize a 3rd party to audit your security and audit your polices.

We Must Mourn The Casualty Of Technology

If that all sounds a bit ‘Big Brotherish’, as predicted by George Orwell when he wrote 1984 in 1948, perhaps he got it right. Certainly, we’re three decades beyond his nightmarish vision of the future, but there can be little doubt that we are being watched, and in some detail. The trouble is, we don’t know by whom.

And the next casualty could be that fragile concept of democracy. Did Russia hack the west to influence elections? Who knows. Does the technology even exist to make that possible? Who knows that either.

What we do know is that it’s possible to be anyone you want to be on social media; to say just about anything about just about anyone without fear of redress. Invent a persona; say what you like. At least some people will believe it. The result is a growth in the politics of hate; the erosion of a consensus view; of the ability to appreciate that someone else is entitled to a point of view different from one’s own.

There’s no doubt that technology is good for us. Who’d be without a washing machine if they could afford one? It certainly makes life easier than bashing clothes on a rock by the riverside, even though there are places in the world where people still have to do that.

But we need to be in control, as far as possible. We need to think about what could happen to the information we share so freely, that is chipping away at our privacy.

We need to be aware that our phones can track our every move and turn that feature off.

We need to think about who’ll use information the social media post in which we say we’re having a good time in whatever restaurant we happen to be in, and what they’ll use it for.

We need to spend hard cash with the greengrocer or the corner shop or the butcher down the road, rather than with the supermarket, where the constant blipping of tills records the details of our lives. (And what business is it of the supermarket to know what size pants you’ve just bought? Oh, yes; they know all right.)

We need to think about what we’re doing.

We need to work out what technology enhances our lives, and what doesn’t.

In short, we need to think about what we’re doing, and take back control.

Android APK

Applications that are developed for Android platform are Android application. Each application when developed carries many different files and folders within it, that defines its functionalities and resources, and in order to run that app in mobile, one need to create an archive that contains all the necessities. This archive file is known as Android Application APK, i.e. Android package kit.

APK is a full package containing all the necessary data and files that is must to run an app on a Mobile Phone. It consist of

  • Source code used to define App’s functionalities, in general terms referred as classes.dex.
  • Manifest file, i.e. the file that specifies the
  1. Permissions that application needs.
  2. Its flow
  3. Package
  4. Version codes
  5. Signatures.
  6. Certificates.
  7. SHA-1 Digest.
  • Libs, is a directory containing compiled code or jar files, used as library for applications.
  • Assets, it is a directory that has arbitrary files like fonts, audio, texts etc. in it.
  • Resources like XML files that define the layout of different pages of the application.

· It also contains META-INF directory and res directory.

When an app is developed, after its testing, an export APK is generated where the developer signs the app with a secret key to prove his authority over the app. Now, this Signed APK is uploaded to Google play store for its availability for Users.

When a person is downloading an application from any source such as Play Store, he is actually downloading and installing the APK of that application on his phone. Other than Google Play Store, one more place where you can find Android applications absolutely free and without even having an account on Google is APK MIRROR.

APK MIRROR is a website that allows you to download any application that you can find in Google Play Store, without having an account. No extra money is charged for uploading or downloading Applications, and high security measures such as verification of certificates and authorization check of signatures are performed while uploading application in order to provide highly trusted and original applications to the users that are present in Play Store.

No Android Application for APK MIRROR is currently available in Play Store, you have to download the APK of the desired application first from the website and then install it on your phone manually.

One most unique feature that the website provides is to bring you back to the older version of the app if new one isn’t up to the mark. Yes, APK MIRROR lets you find and download the previous version of the app, if you aren’t happy with the current one.