In today’s highly competitive environment, it is extremely important that providers have both the experience to deliver the right solution and the ability to deliver strong customer service. In the security industry, one solution in high demand is the use of mobile apps for critical functions such as credentialing, remote operations and alerts. Mobile credentialing frees the user from having to carry physical credentials such as tokens or ID badges. Further, mobile access control solutions are well-suited to applications that experience numerous spontaneous events such as lockdowns or weather related emergencies, or with a frequent need to activate/ de-activate access card holders. Key points include: Security: Security has always been a fundamental part of mobile operating systems, and the encrypted security of smart credentials and/ or door management apps makes them more secure and difficult to counterfeit. Mobile devices often require multifactor authentication while traditional access control devices do not. Convenience: Mobile users can control their facilities and access timely information from wherever they are. This is important for emergency situations, and convenient for other scenarios such as activating or deactivating credentials. Mobile credentialing provides, even more, convenience, with new readers that can accept both proximity cards and mobile credentials speeding the transition to mobile technology. Increased integration: With mobile technology, one credential allows access to doors, data and cloud applications, with security and tracking incorporated into every user action. This high-level integration can also be used to trigger automated tasks like time and attendance recording. Cost: Maintaining a physical and logical access control system with disparate applications can be costly, particularly when updates are implemented and integration must be performed across all systems. A physical access control system with mobile credentialing can be easily upgraded to add logical access control for network log-on. For card-based credentialing, material costs must be considered as well; digital credentials have no material cost. Still, users may not get the most out of their system if the provider does not have a customer-focused culture. At a minimum, providers should offer flexibility, post-sales support, availability, expertise and training. Flexibility: Recognizing that off-the-shelf solutions are hardly sufficient for addressing the specific requirements of every installation, customer-focused providers are willing and able to accommodate customization. Post-sales support/ training: The reality of access control systems is that – like any solution – they require ongoing service, support, and training to provide customers with the continuous, reliable operation they need. One true measure of a vendor is what they can – and will – do to address and accurately fix any issues in a timely manner. Post sales training is also key to assuring the customer knows how to best manage their system in multiple languages. Availability: In today’s connected world, customers have a wide variety of ways to contact a provider, all of which are irrelevant if they can’t actually connect with the vendor. Delays compromise security, so customers deserve a specific person they can rely on when they need help the most, often when something goes wrong and requires immediate attention. Expertise: The expertise and experience of customer-focused organizations can help end users make better and more confident decisions about an access control installation. When combined, customer service and mobile technology offer tremendous potential for maintaining the safety and security of people, places, and assets. Your chosen provider should be able to deliver to you the latest in mobile technology plus a commitment to the best possible customer service. Robert Laughlin, President, Galaxy Control Systems

Ransomware and banking Trojans dominate the cybercrime mainstream today, and their technical operations are heavily analyzed. But little attention has been given to the business model which plays a large role in dictating their behavior, targets, and tactics. A revolutionary concept in cyber crime is what I call ‘distributed cybercrime,’ a business model in which cyber criminals attack many victims in the same campaign. Like many other inventions now common in modern life, distributed cybercrime may seem trivial today. But this concept emerged little more than a decade ago and has already dominated the threat landscape. Improved ROI and the support of a newly erected ‘dark industry’ has made distributed cyber crime the hottest trend in cybercrime. Most of the professional cyber criminal groups today develop malware with a distributed business model, then use professional platforms, distribution services, and infection experts to attack the world. They don’t know who their victims are nor do they care. They’re not looking to get points on style. They’re just businessmen who built the perfect, automated money-making machine. 6 Reasons why cybercriminals love the new business model Beginning in 2006, innovations in malware, banking Trojans and ransomware created a new type of business model for cybercriminals: rather than concentrating all their efforts on penetrating high-quality targets, they can steal small amounts of money from numerous victims. The business model of distributed cyber crime has made some attackers multi-millionaires in a short amount of time due to its many business benefits: 1.    Attacks require less effort as they target ‘low-hanging fruit’ (i.e., individuals or organizations with sub-par security). 2.    Attack skill level is low compared to techniques such as spear-phishing – regular ol’ phishing is good enough for weak targets. 3.    Highly coveted zero-day vulnerabilities are no longer required for profitable attacks – mainstream CVE vulnerabilities with known exploits and existing patches will do, as many victims don’t patch regularly. 4.    Any standard endpoint is a potential source of revenue, making a lateral movement toward the crown jewels irrelevant. 5.    When you attack the world, the sky is the limit – the amount of potential revenues is endless. 6.    Less effort and more profit mean better ROI. Mass distribution, victim profiling, and outsourcing The new business model presented new challenges for cyber criminals. If you want to become filthy rich through distributed cybercrime, you can’t just attack 100 victims – you need to attack hundreds of thousands of victims. This drove professional cybercriminals to build mass-distribution platforms to spread their malware and automated-infection systems to exploit victims’ machines and run the malware. But the quantity of traffic is not enough. Victims must fit a desirable profile. Cyber criminals want to avoid targeting low-income victims with ransomware as they’re probably less able to pay the ransom, and the ransomware’s language should match the victims’ language to ensure instructions on purchasing bitcoin and paying the ransom are understood. Mass distribution experts and traffic dealers offer their shady customers this very type of targeted services. In addition to victim-specific traffic, infection services are also up for sale (or more commonly, for rent). Rather than coming up with new or unique exploits, pre-packaged exploit kits are readily available to launch the attack of your choosing. These kits supply the distribution and traffic services mentioned above, to use the best exploits available to infect victims’ machines and, if successful, run the customer’s malware. The exploit kit method essentially outsources distribution and infection to reliable, high-quality service providers at an affordable price. Where have all the targeted attackers gone? You may ask yourself: what happened to targeted attacks? The answer: absolutely nothing (and thank you for asking). In fact, targeted attacks today are easier than ever, as demonstrated by cyber attackers who do care about the identity of their victims (like nation-states). Targeted attacks did not disappear – they’ve only been eclipsed by the attractiveness of the ROI of distributed attacks. Only when the profitability of targeted attacks can compete with the distributed cybercrime business model will we see their rise to prevalence again. There are initial signs that cybercriminals are testing targeted attacks with malware more commonly used for distributed attacks, as evidenced by recent ransomware attacks on high-quality targets such as hospitals and hotels. The problem comes back to ROI: while cyber criminals demanded up to $5M ransom from one victim, the highest ransom paid by a single victim (as far as we know) was a meager $28K. The next big thing What’s next for the innovative cybercriminal? My Prediction: a hybrid business model with tailored ransom pricing. Imagine a mass-distribution platform doling out ransomware on a global scale that, when executed, will assess the victim’s environment. If that environment is a consumer’s machine, the calculated ransom will be relatively low; if it’s an enterprise network, considerably higher; if it’s critical infrastructure, astronomical. Whatever the next big thing is in cyber crime, you can be sure it will be driven by ROI – nothing dictates the dark industry more than these three simple letters. Tal Sheffer, CTO, Skybox Security