risk

Category

Posts

GCA Press Release

New AIDE Platform Enables IoT Device Manufacturers to Test Security, Identify and Mitigate Global Attack Risks, and Identify Vulnerabilities


London – August 15, 2019: The Global Cyber Alliance, working with its partners, today launched the Automated IoT Defence Ecosystem (AIDE), a first-of-its-kind cybersecurity development platform for Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers and individuals to identify vulnerabilities, mitigate risks and secure IoT devices against the growing volume of threats to this interconnected environment.

A complementary resource to the AIDE platform is the GCA ProxyPot, a custom IoT honeypot solution developed by GCA, which is capable of replicating one IoT device across multiple IP addresses and physical locations to identify global attack risks quickly, efficiently and accurately. Together, the AIDE and ProxyPot platforms allow for organisations and individuals to have greater visibility into the types and scale of threats facing the IoT devices deployed into various environments, including smart cities and other smart ecosystems.

Visit globalcyberalliance.org to learn more or gcaaide.org to request access to GCA AIDE.

“The number of internet-connected devices has grown exponentially over the last decade and with it the cyber risk to companies, organisations and individuals deploying these devices on their network,” said Philip Reitinger, President and CEO of GCA. “The launch of the AIDE platform furthers GCA’s mission of providing scalable, implementable solutions to organisations of all sizes and budgets to secure their devices and reduce risk.”

With an estimated 14.2 billion internet-connected devices currently in use and a projected increase to 25 billion by 2021, the challenge to identify, analyse and mitigate IoT threats has dramatically increased. Also cause for concern, a recent survey found less than 1 in 3 organisations maintain a privileged-access security strategy for their IoT devices, making the organisations an ideal target for threat actors. These statistics highlight the urgent need for addressing the threats to IoT devices.

The AIDE platform offers capabilities for data collection, analysis and automated defence on a scale not previously attained. As part of its first effort to leverage the AIDE and ProxyPot technologies, GCA is working with Attivo Networks to build a SCADA honeyfarm to collect threat intelligence on attacks targeting industrial control systems.

“We are thrilled to be working with GCA to provide the benefits of deception technology to organizations around the world. IoT devices are notoriously difficult to secure and apply typical prevention measures. As a result, innovative solutions like deception technology are playing a critical role in the early threat detection and response to cyberattacks,” said Marc Feghali, Co-founder and Vice President of Product Management at Attivo Networks. “By creating customized decoys that blend in with production connected devices, organizations can quickly detect attackers, engage them, capture their attack methods, derive their attack signature and divert them away from real IoT infrastructure, mitigating the risk of attacks on Operational Technology (OT) infrastructure.”

Specifically, AIDE allows for the following:

Collection

The AIDE platform will automatically collect IoT attack data through three methods:

  1. Honeyfarms located around the world, including a GCA honeyfarm with more than 1,200 devices, and data feeds from partners;
  2. Virtual IoT devices located on simulated networks; and
  3. ProxyPots that can be distributed around the world and backed by real and virtual IoT devices.

Analysis

AIDE aggregates attack data into an analysis platform that is available to companies, academia, nonprofits and other entities to study IoT attack signatures and patterns. In exchange for access to the data, researchers will share any algorithms developed to help AIDE generate additional information products.

The analysis platform will be used to generate data feeds available to GCA partners and the security community. These feeds will be made widely available throughout the cybersecurity ecosystem to enable IoT attack mitigation.

Automated Defence

The real-time threat feeds generated by the platform can limit and mitigate identified attacks while preventing any further compromise of IoT devices. AIDE allows an edge router/policy enforcement point to use threat feeds to mitigate attacks against the local environment and also relies upon an application of the capabilities of the “Manufacturer Usage Description” standard, through which manufacturers can specify the types of activities and communications that are allowed on their devices. This type of automated defence offers small businesses and home users a way to have free or low-cost protection for their small office and consumer network (home IoT) devices that often have no other way to address IoT vulnerabilities.

“The bad guys do not discriminate when deciding which organisations to target for IoT attacks, so our defences shouldn’t either,” said Adnan Baykal, GCA Global Technical Advisor. “With AIDE, any organisation can access our threat feeds for data, conduct analysis and even search specific activity by username, source IP, destination IP, commands, hashes and geographic location. As we continue to establish partnerships and sponsors, the platform will continue to improve and provide added value to those within the ecosystem.”

###

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

Influential Industry Leaders Will Help Shape and Expand GCA’s Global Reach


LONDON, May 31, 2018 – The Global Cyber Alliance (GCA) announced today the installation of eight individuals to serve as GCA Ambassadors who will further the nonprofit’s mission of eradicating cyber risk. These individuals were chosen because of their tremendous reputations in the cybersecurity community and their commitment to making a positive difference in addressing cyber challenges. The Ambassadors, who serve one-year terms, are:

Yossi Appleboum, Co-CEO, Sepio Systems

Barry Gooch, Chairman, Prevention of Fraud in Travel (PROFiT)

David Harcourt, Chief Security Advisor, BT

Tony Krzyzewski, Co-founder and Director, SAM for Compliance

Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive, U.S. Bank

Graeme Newman, Chief Innovation Officer, CFC Underwriting Ltd.

Jay Singh, Marketing and Partnerships, Red Sift

Nicola Staub, Prosecutor, Public Prosecutor’s Office, Canton of Schwyz, Switzerland

The Ambassadors come from diverse backgrounds and comprise an international cadre of influential leaders, representing organizations in Israel, New Zealand, Switzerland, the U.K., and the U.S., and spanning several sectors including financial services, law enforcement, technology, telecommunications and travel.

The Ambassadors will help increase the adoption of existing and future GCA tools and solutions, including its DMARC email authentication efforts and Quad9, the DNS security service that protects against malicious websites while preserving privacy. The Ambassadors will serve key roles in facilitating early testing of GCA tools and will assist with public outreach to ensure these resources are globally available. Ambassadors will also support sustainability efforts for the nonprofit, which makes its tools available to everyone, at no cost.

“We are so pleased that these expert individuals have agreed to serve as GCA Ambassadors,” said Andy Bates, GCA executive director for the United Kingdom, Europe, Middle East and Africa. “They will help us expand our reach within the international community and serve a vital role in shaping the future direction of GCA. It is important to a global organisation to have friends who understand local culture.”

“It’s truly an honor to have this group of influential and talented individuals helping us in our efforts to make the Internet a safer and more secure place for all global citizens,” said Maryam Rahmani, GCA global partnership officer. “Their willingness to contribute their time and expertise toward making a positive difference in our collective cybersecurity exemplifies the spirit of collaboration that is the cornerstone of GCA.”

Yossi Appleboum, Co-CEO, Sepio Systems said, “I’m honored to serve as a Global Cyber Alliance Ambassador and have the opportunity to help in build an ecosystem that connects between the GCA, governments and industry for creating a better secured society. I am looking forward to contributing my experience in building robust cybersecurity platforms and promoting them to the current GCA products such as Quad9 and the DMARC Setup Guide and to the future ones.”

Barry Gooch, Chairman, Prevention of Fraud in Travel (PROFiT) said, “We all rely on the internet.  I am humbled to be appointed as a GCA Ambassador, and I truly believe that it is only by working collectively and inclusively across international boundaries and sectors that we can identify and counter malign cyber activity and measure the effectiveness of our work.  GCA’s work in producing accessible and free solutions is exactly what is required for the digital economy to flourish, and we should all support it.”

David Harcourt, Chief Security Advisor, BT said, “I’m proud to have been asked to be a GCA Ambassador and the opportunity it provides to reach further in driving cybersecurity improvements across the industry, making the internet a safer place for everyone as it becomes more fundamental to our day to day lives.”

Tony Krzyzewski, Co-founder and Director of SAM for Compliance said, “I am delighted to be able to take on the role of Ambassador for the Global Cyber Alliance. I believe that the Alliance plays a very important role in helping reduce cybersecurity related risk across the world and, with this Ambassadorship, this presence will be enhanced within the Australasian region.”

Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive at U.S. Bank said, “U.S. Bank is committed to improving the cybersecurity ecosystem. The work that GCA is advancing does just that, from developing tools to simplify DMARC adoption to exploring IoT security.  I am proud to be appointed as a GCA Ambassador.”

Graeme Newman, Chief Innovation Officer, CDC Underwriting said, “The GCA takes a refreshing, pragmatic approach to combating cyber risk – identifying and implementing concrete, measurable actions and soliciting engagement from a variety of industries and geographies. The cyber insurance sector, in particular, has a responsibility to support this mission, and I’m eager to amplify the work the GCA is doing through my role as Ambassador.”

Jay Singh, Marketing and Partnerships, Red Sift said, “The GCA plays a pivotal role in raising awareness and adoption of DMARC globally, and it’s an honour to have been selected as a GCA Ambassador to champion the innovation that underpins the GCA’s solutions and tools. I look forward to working with like-minded information security professionals towards our shared mission of eliminating the cyber challenges faced globally by industries and governments over the coming year.”

Nicola Staub, Prosecutor, Public Prosecutor’s Office, Canton of Schwyz, Switzerland said,  “As a Prosecutor I am doing my best to investigate cyber crimes and bring people to justice who commit them. However, a crime prevented is far better than a crime prosecuted. Supporting the Global Cyber Alliance was therefore a no-brainer: the fight against cyber crimes requires a collective, cross-sector and transnational effort. I am proud to be a part of that.”

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org

###

GCA McScrapy and the GCA DMARC Risk Scanner Empower

Organizations to Launch Proactive Cyber Defenses


SAN FRANCISCO, CA, April 17, 2018 – The Global Cyber Alliance today released two new free, open-source tools to enable organizations to reduce cybersecurity risks associated with website and email born cyberattacks.

GCA McScrapy enables organizations to lock down their website to remove potential security issues from third-party services and other unnecessary functionality. In addition, a new email security tool – the GCA DMARC Risk Scanner – allows organizations to determine if the organizations on which they depend, such as their trading partners and supply chain, are protecting their email domains from being spoofed or phished.

“Reducing risk is the best cyber defense,” said Philip Reitinger, president and CEO of the Global Cyber Alliance. “Among the most popular open doors that cyber criminals exploit are phishing attacks and compromise of an organization’s website. The tools we released today are designed to help stop these attacks and prevent loss to businesses.”

GCA McScrapy: Locking Down Websites

While GCA McScrapy can be used on websites developed with any content management system, nearly 60 percent of websites are designed using the WordPress platform. While WordPress is a popular platform, by its nature, its functions raise the risk of potential compromise. WordPress dynamically composes web pages using PHP and JavaScript and thus carries with it a risk for bugs and security vulnerabilities that serve as an attack vector. According to a WP WhiteSecurity October 2017 report on WordPress vulnerabilities, there are 2407 known vulnerabilities, more than half those vulnerabilities (54%) are from WordPress plugins and 31.5% are core WordPress vulnerabilities. The two most prevalent vulnerabilities are cross-site scripting and SQL injection.

GCA McScrapy converts a website into a set of static files, removing unnecessary functionality. Using a static website nullifies many concerns of cross-site scripting and SQL injection since there is no communication with the website’s content management system for dynamic content. The tool evaluates every part of a website and renders it into simple form, keeping as much functionality as possible, while removing potential security issues such as third-party services.  Not all functionality can be maintained, however, and updating websites takes extra steps, making GCA McScrapy best for websites for which security is very important.  GCA McScrapy is also highly configurable and can be adjusted to reduce scan times and scrape mobile sites. GCA McScrapy is free for anyone to use. Learn more about GCA McScrapy at github.com/GlobalCyberAlliance/.

GCA DMARC Risk Scanner: Holding Partners Accountable

 The Domain-based Message Authentication, Reporting & Conformance (DMARC) security protocol enables organizations to protect their email domains from being used by spammers and phishers to trick employees, customers and trading partners.

The GCA DMARC Risk Scanner can be used to scan hundreds of domains at one time to determine the level of DMARC and Sender Policy Framework (SPF) protections used by an organization’s partners, including the third parties with whom it works, its supply chain, and its trading partners.  This enables an organization to better understand, and act upon, the risk imposed on it by its partners who have not employed DMARC.

Without DMARC implemented, scammers and criminals can easily “spoof” an email domain to steal money, trade secrets or even jeopardize national security. DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of workers in all sectors of society.  According to the 2017 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years.

Like all GCA tools, the GCA DMARC Risk Scanner is freely available at github.com/GlobalCyberAlliance/. Learn more about DMARC at dmarc.globalcyberalliance.org.

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.