New Trend 2018 – Exfiltrating data via DNS (see below url for reference)
Comments: A popular discussion on cyber attack topic this year focusing on DNS attack. Security expert found that threat actor transform DNS topology as a hack tool assists their goal. It show small data set with frequent connections. But the new generation of malware found today looks like a prototype. Why? The fact is that malware relies on executable file instead of hide himself in memory.
Are you ready for EU-GDPR new data protection regulation yet? The new GDPR established common rules across Europe and gives individuals better control over their personal data held by the organizations and will be effective on May 2018. Below details are the principle for your references. But did you confirm your inhouse strategy align with data protection?
- Establish data privacy as a fundamental right
- Clarify the responsibilities for EU data protection
- Define a base line for data protection
- Elaborate on the data protection principles
- Increase enforcement powers
In short, your company needs to:
- Classify data, tag them, implement encryption.
- Modify application
- Manage hardware and software for encryption for distributed platforms
For more details, please refer following url: https://www.eugdpr.org/
In last hundred years, the record of information includes storage of information without big changes. A revolution appears enforce computer technology jump to another generation computer world with big data and digitization technology. Cyber attack wreak havoc recently. In order to avoid any mistake given by antivirus program. The antivirus vendor enforce their defensive technique. They keep track your daily activities simultaneously. Perhaps you and me do not empower to 3rd party doing similar of jobs. But what we can do today protect your personal data privacy?
The Data Privacy Day 2018-Live From LinkedIn. Data Privacy Day 2018 Livestream on 28th Jan 2018 (see below url for reference)
Cloud computer platform looks like a fight carrier in the data world. Meanwhile, the data stored inside the cloud are under cloud protection. However different country implement different data protection law and data custodian policy. Perhaps development countries unaware this topics last decade. However big data upgrade his political position progressively. It looks that government enforcement unit not easy get the data in cloud farm easier. At least they must apply the key escrow or search warrant through official channel. Or you may say sometimes ask president approval can evade all the official channel. But how to monitor billion of mobile phones & computers? Perhaps it is not a secret, wikileak became a whistleblower since 2014 (see below url for reference). A strange issue draw my attention this year? There are more antivirus vendor detected finfisher malware this month (see attached detail in picture left hand corner).FinFisher customers include law enforcement and government agencies in the world. Do you think there is a new round of hostile country surveillance program being engaging at this year?
2014 – wikileaks SpyFiles 4
2014 – Wikileaks releases FinFisher files to highlight government malware abuse (by theguardian.com)
We frequently heard smartcity project and usage of big data. Such key terms for the 1st impression to people is that it is a advanced technique and techology trend in future. In fact it was not possible to say we are keen to enjoy the benefits of smart city and big data analytic but we just ignore the peripherals. How does a city approiate to do such setup on start from strach situation. For example HKSAR issued the smart City blue print mid of last year. But it got whole bunch of unkown answer waiting for queries(public or quires with industries)? Perhaps the objectives of smart city goal to ehance public safty and governance of the city. The career oppuntunities is the side products which carry by this project. If the key items of city not been resolve yet. For instance: population, immigation policy and land use. Even though you enforce this project it may far away from their original design objectives.
Below url is the smart city blueprint for HKSAR for your reference.
We are going to say goodbye to 2017. What is your expectation in the new year? Cyber World activities especially cyber attacks looks intensive this year. Perhaps we cannot imagine ransomware threat which contain powerful destruction power last decade.The crypto worm (WANNACRY) break the Cyber incident world records which suspended huge volume of workstations and servers operations in the world on May 2017. A shock to the world that the only way to recover your system or data is pay the ransom. Apart from that an alert to the business world is that how does the open source software provides the IT security assurance to the company. The data breach incident occurred in Equifix was awaken everybody. However the data breach incidents continuous exposed to the world caused by misconfiguration instead of vulnerabilities. It such a way discredit the cloud services provider. On the banking environment, the ATM malwares are wreak havoc. A speculation by expert that DDOS attack will be replaced by ransomware. It looks that DDOS looks running strong this year. My opinion is that application security will be the focus of IT people next year. By the way, I wish you Happy New Year.
Layer 7 (application layer) – What is the information security key factors?
We all aware that our activities in cyber world are under surveillance. But do you alert that even though there is no any surveillance, malware to sniff your data. Your loyal and data protection guard install on your workstation and server keep track of you daily. Perhaps you have the basic understanding on how antivirus vendor make use of your data. It is so called meta data. From on going computer cyber trend, artificial intelligence and Big data analytic intend to collect the data. But take oversight over the world. It looks that there are gap of the data collection policy. For instance, we are chosen Brand A antivirus band this year. But next year, we would like to use another brand of antivirus program. As far as I know, the disclaimer of antivirus vendor do not mention in detail how they are going to disposal the meta data belongs to you. To be honest, it is hard to erase your workstation meta data in their repository. Perhaps the vendor told you no personal information will be collected on this function. They are only keep track the antivirus or malware attack behavior. If such monitor not running in 24 hours. How does the monitor and detect functions work well. You may aware that your loyal antivirus program also keep track of your activities!