main

Security

Blockchain and the future of IoT – Part 3

August 10, 2017 — by Pascal Geenens0

blockchain-iot-part-3-960x640.jpg

To read Part 1 of the series, click here.

To read Part 2 of the series, click here.

Blockchain in the IoT world

A blockchain implementation in the IoT world is probably not best served by a public blockchain based on Proof of Work. The inefficient consumption, not to say waste, of energy to generate Proof of Work is pretty much orthogonal with the premise of IoT devices, which have to consume less energy and are in some cases battery powered. POW comes at a severe cost and it does not add much value to the use case of a distributed ledger used within a consortium of partners. Hence the implementation based on Proof of Stake provides a better starting point for any attempt to chainify an IoT ecosystem where a consortium of partners is adopting a new business application. The security would then be based on a limited number of centralized nodes or cloud servers and by design it does not rely on independence of central trust as do the public cryptocurrencies. Most blockchain use cases I came across start from the assumption that there is a set of parties or a consortium of partners that have a common interest in a specific ledger, and while it might serve the larger public in terms of better quality and faster service, the consumer is not directly concerned with or interested in the ledger itself, only the parties who provide the service and rely on the ledger for remuneration will be.

Security

GDPR and HITECH: Can the past predict the future?

June 27, 2017 — by David Hobbs2

gdpr-hitech-compliance-960x640.jpg

In February of 2017, Memorial Healthcare System settled their HIPAA violation fines for $5.5 Million USD. During an investigation, it was discovered that over 100,000 patient records had been impermissibly accessed. Allegedly, an ex-employee retained access to personal identifying information and sold data records to people who filed fraudulent tax returns using the data. Federal criminal charges were filed against the ex-employee.

Application DeliveryHacksSSL

Network Security Does Not Matter When You Invite the Hacker Inside

March 9, 2017 — by Frank Yue0

outbound-ssl-inspection-960x540.jpg

We build security solutions to protect our networks from the rest of the internet, but do we do anything to protect the network from our own employees and users?  The first line of protection for your networks is not the firewall or other perimeter security device, it is the education and protection of the people that use the network.  People are concerned about having their apartments or homes broken into so they put locks on the doors, install alarm systems, or put surveillance equipment like security cameras around the property.  They are vigilant about making sure that an unauthorized intruder cannot enter the home easily without detection and alarms being raised.

HacksSecurity

Headaches for the Holidays

November 4, 2016 — by Radware0

Retail_Cartoon_v2-960x878.png

We’re fast approaching the biggest holiday shopping season for retailers. Just how big? According to the National Retail Federation’s annual consumer spending survey, consumers plan to spend an average of $935.58 each this holiday season in 2016. What’s more, 41% of consumers plan to start their shopping this month. Every year, consumers entrust their financial and personal information (everything from credit card data to home addresses) to retailers both big and small. But are these stores doing enough to keep their customers’ data safe?

HacksSecurity

Profile of a Hacker

October 27, 2016 — by Daniel Smith1

hacker-profile-960x658.jpg

As the hacktivist community continues to grow and evolve, so do the tools and services at a hacker’s disposal. The digital divide between skilled and amateur hackers continues to grow. This separation in skill is forcing those with limited knowledge to rely solely on others who are offering paid attack services available in marketplaces on both the Clearnet and Darknet.  While most hacktivists still look to enlist a digital army, some are discovering that it’s easier and more time efficient to pay for an attack service like DDoS-as-a-Service. Cyber criminals that are financially motivated market their attack services to these would-be hacktivists looking to take down a target with no knowledge or skill.

Attack Types & VectorsSecurity

Why Online Retailers Should Be On High Alert for Cyber-Attacks

August 18, 2016 — by Ben Desjardins0

ert-report-retail-3-960x640.png

The close of summer in the United States brings with it one of the most important online selling seasons for Internet retailers: Back-to-School (BTS) shopping. This critical shopping season trails Cyber Monday closely as the most important for online generated revenue for many retailers. According to a recent study by Field Agent, a research firm specializing in retail, nearly two-thirds of U.S. consumers plan to purchase at least some of their BTS goods online. So, naturally this is a time of year that the security teams for major online retailers need to be on high alert, keeping an eye out for any attacks that can disrupt operations or breach sensitive data. It’s also a time they need to worry about malicious actors targeting customers with phishing attacks, even if there’s little they can do directly to prevent them. With average consumers in U.S. planning to spend between $500-$1,000 on BTS shopping, any impediment to consumer sentiment and quality of experience can have dramatically bad effects.

Given the timeliness of the topic, let’s explore some of what we, at Radware, are seeing as significant trends both in the threat landscape targeting online retailers, but also changes they are making in their IT and business that play into the cyber threats.

Attack Types & VectorsDDoSSecurity

The Rise of Booter and Stresser Services

August 12, 2016 — by Daniel Smith2

booters-and-stressers-3-960x640.png

Stressers

Denial of Service (DoS) attacks have come a long way since the days of LOIC and other GUI-based tools. Today, potential hackers do not have to know the first thing about conducting such an attack. They can simply purchase attack services to carry one out for them. Just a few years ago, attackers would have had to download simple GUI-based tool to launch a DoS attack. As time moved on, hackers started to combine their efforts and tools in distributed group attacks. Today, attackers are now abandoning GUI and script tools and opting to pay for attack services via stresser services.

HacksSecurity

5 ways hackers market their products and services

August 8, 2016 — by Daniel Smith2

Screen-Shot-2016-07-29-at-4.04.03-PM.png

Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.

DDoSHacksSecurity

School Networks Getting Hacked – Is it the Students’ Fault?

June 23, 2016 — by Daniel Smith2

school-education-hacks-3-960x656.png

School networks are increasingly becoming victims of cyber-attacks. They are presented with unique threats and challenges that most organizations do not have to deal with. Every year schools see thousands of new students that bring with them an arsenal of potentially vulnerable devices. To add to this growing complexity, most college campuses have migrated to digital platforms like Blackboard and Moodle. These online web portals are prime targets for denial of service attacks.