Android phones can be security keys now

CNET | April 10, 2019

Android phones can be security keys now
Security keys are an effective way to keep your accounts secure from hackers, but they suffer from a major challenge: They're inconvenient. Not a lot of people want to buy and carry an extra key or Bluetooth fob just for logging in -- which is why most two-factor authentication is done through text messages, even though it's less secure. Up to 90% of Gmail users don't even use 2FA, a Google software engineer revealed in 2018. Convenience is a big hurdle, and Google is hoping to solve that by making your phone the security key. It'll have the same functionalities as a physical security key but won't require you to carry an extra device to keep your accounts safe. That means that like a security key, your phone will warn you if an imposter website is trying to steal your password. Unlike using SMS or authenticator codes for logging in, security keys have to verify that the website you're logging in on is legitimate. The updated security feature is coming only to Android devices versions 7 and up, which account for about 50% of all active users, according to Google's distribution board. For now, it's working only on Google's Chrome browser and with Google accounts, but the company expects to expand availability.

Spotlight

As the popularity of BT cloud services grows, our approach to helping you keep your data secure becomes ever more proactive and innovative. Always remember that real security in the cloud is the result of a joint effort: it involves you as much as us. This document makes you aware of the threats every cloud user potentially faces. We’ll introduce you to advanced security measures to counteract them, and the policies and procedures we have in place to help you safeguard your valuable information.

Related News

New Security Challenges for Organizations Having Larger Remote Workforces

Tripwire | August 18, 2020

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger remote workforces. Tripwire wanted to learn the specifics of these challenges, so it commissioned Dimensional Research to 345 IT security professionals about them in mid-April 2020. As reported by Business Wire, a majority of respondents (58%) indicated that employee home network security was one of their areas of higher concern followed by increased attacks (45%), difficulties in keeping remote systems configured securely (41%) and obstacles with keeping remote systems compliant (38%). Reflecting on the difficulties of keeping remote workers safe, 89% of survey participants said their job was harder as a result of the new work-from-home policy. Nearly half (49%) blatantly said they couldn’t effectively secure employees’ home offices, leading 65% of respondents to admit their belief that their security was worse because of COVID-19.

Read More

Cybersecurity Threats Posed by USB to Industrial OT Has Doubled, Finds Honeywell's USB Threat Report

Honeywell | July 09, 2020

In a report released today by Honeywell (NYSE: HON) based on cybersecurity threat data collected from hundreds of industrial facilities globally, the severity of threats detected to operational technology (OT) systems has risen by significant amounts over a 12-month period.The findings from the latest Honeywell Industrial USB Threat Report show that the total amount of threats posed by USB removable media to industrial process control networks remains consistently high, with 45% of locations detecting at least one inbound threat. Over the same time period, the number of threats specifically targeting OT systems nearly doubled from 16 to 28%, while the number of threats capable of causing a loss of view or other major disruption to OT systems more than doubled, from 26 to 59%.The report shows that 1 in 5 of all threats was designed specifically to leverage USB removable media as an attack vector, and more than half the threats were designed to open backdoors, establish persistent remote access or download additional malicious payloads. These findings are indicative of more coordinated attacks, likely attempting to target air-gapped systems used in most industrial control environments and critical infrastructure.

Read More

NETWORK THREAT DETECTION

Lacework Quarterly Cloud Threat Report Shows the Automated Techniques Cybercriminals are Using to Attack Businesses in the Cloud

Lacework | August 31, 2021

Lacework, the data-driven security platform for the cloud, today released its quarterly cloud threat report, unveiling the new techniques and avenues cybercriminals are infiltrating to profit from businesses. The rapid shift of applications and infrastructure to the cloud creates gaps in the security posture of organizations everywhere. This has increased the opportunities for cybercriminals to steal data, take advantage of an organization's assets, and to gain illicit network access. "It's in enterprises' best interest to start thinking of cybercriminals as business competitors," said James Condon, Director of Research at Lacework. "Last year alone, cybercrime and ransomware attacks cost companies $4 billion in damages. As more companies shift to cloud environments, we're seeing an increase in demand for stolen access to cloud accounts and evolving techniques from cybercriminals, making enterprises even more vulnerable to cloud threats." New research from Lacework Labs, the dedicated research team at Lacework that focuses on new threats and attack surface risks within the public cloud, sheds light on the crimeware and growing ransomware landscape in the face of new threat models and emerging cybersecurity challenges. Based on anonymized data across the Lacework platform from May 2021 - July 2021, key findings of the report include: Initial Access Brokers (IABs) Expand to Cloud Accounts As corporate infrastructure continues to expand to the cloud, so do opportunistic adversaries as they look to capitalize on the opportunity. Illicit access into cloud infrastructure of companies with valuable data/resources or wide-reaching access into other organizations offers attackers an incredible return on investment. In particular, Lacework Labs found Amazon AWS, Google Cloud, and Azure administrative accounts are gaining popularity in underground marketplaces. Threat Actor Campaigns Continue to Evolve: Lacework Labs has observed a variety of malicious activity originating from known adversary groups and malware families. This section showcases those who continue evolving their operators as a valuable return on investment: 8220 Gang Botnet and Custom Miner: Lacework Labs recently found a new cluster of activity linked to an 8220 Gang adversary group campaign of infecting hosts, primarily through common cloud services, with a custom miner and IRC bot for further attacks and remote control. This cluster shows operations are evolving on many levels, including efforts of hiding botnet scale and mining profits.This is indicative of attacks growing in size. TeamTNT Docker Image Compromise: The Lacework Labs team discovered threat actor TeamTNT backdooring legitimate Docker Images in a supply chain-like attack. Networks running the trusted image were unknowingly infected. Developer teams need to be certain they know what's in the image they pull. They need to validate the source or they could open a door to their environment. Popular cloud relevant crimeware and actors: Cpuminer, the open-source multi-algorithm miner, has been legitimately used for years. However, Lacework Labs observed an increase in its illicit use for cryptomining altcoins. Monero and XMRig are the most common accounts for cryptomining against cloud resources, hence activity involving lesser-seen coins and tools may be more likely to go undetected. Cloud services probing: Lacework Labs captures a range of telemetry in both product deployments and custom honeypots, which allows the company to see trends relevant to cloud defense purposes. For these sources, many cloud-relevant applications are continually targeted, but Lacework found that AWS S3, SSH, Docker, SQL and Redis were by far the most targeted. Based on the findings of this report, Lacework Labs recommends that defenders: Ensure Docker sockets are not publicly exposed and appropriate firewall rules/ security groups and other network controls are in place. This will help to prevent unauthorized access to network services running in an organization. Ensure the access policies you set via the console on S3 buckets are not being overridden by an automation tool. Frequent auditing of S3 policies and automation around S3 bucket creation can ensure data stays private. About Lacework Lacework is the data-driven security platform for the cloud. The Lacework Cloud Security Platform, powered by Polygraph, automates cloud security at scale so our customers can innovate with speed and safety. Polygraph is the only security solution that can collect, analyze, and accurately correlate data across an organization's AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter. Customers all over the globe depend on Lacework to drive revenue, bring products to market faster and safer and consolidate point security solutions into a single platform. Founded in 2015 and headquartered in San Jose, Calif., with offices all over the world, Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, Liberty Global Ventures, and Snowflake Ventures, among others.

Read More

Spotlight

As the popularity of BT cloud services grows, our approach to helping you keep your data secure becomes ever more proactive and innovative. Always remember that real security in the cloud is the result of a joint effort: it involves you as much as us. This document makes you aware of the threats every cloud user potentially faces. We’ll introduce you to advanced security measures to counteract them, and the policies and procedures we have in place to help you safeguard your valuable information.