cyber security

Webinar: UK Market Financial Challenges 2020

We hosted on July 9th the webinar ‘UK Market Financial Challenges 2020’. In case you missed it, you can find below the recording.

Thanks to our speakers:

Otni Oron, Fintech Sector Manager – UK Israel Tech Hub at British Embassy Israel
Guy Israel, VP at MV Credit
Shterny Isseroff – Freelance writer and Journalist

Hub Security Releases First-of-its-kind Quantum-proof Programmable HSM

TEL AVIV, Israel, June 22, 2020 Following the close of its $5 million Series A funding round in late April, cybertech company Hub Security today unveiled its next-gen programmable Hardware Security Module (HSM), the first to offer quantum-proof capabilities to enterprises. The new solution includes hardware-embedded support for quantum-resistant algorithms as well as quantum source of randomness –– features designed to protect against the next generation of cyber threats and attacks.

Quantum computing is rapidly advancing. IBM predicted in 2018 that quantum computing would be mainstream by 2023. IDC predicted in 2019 that “25% of the Fortune Global 500 will gain competitive advantage from quantum computing” by 2023. When quantum computing comes of age, today’s encryption standards will no longer be secure and any data protected by them will no longer be private. That could usher in a wave of cyberattacks targeting organizations’ most sensitive information.

Hub Security’s newest flexible HSM will help organizations weather the coming evolution of cyberattacks and threats related to quantum computing. While current industry-standard HSMs are equipped to run quantum computing algorithms, many of them provide these capabilities purely on a software level, making them low-performing and unsuitable for cloud and payment processing and other real-world applications.

“Within five to 10 years, quantum computing will be ubiquitous, and many companies that have heavily invested in cybersecurity will need to toss their current HSMs in exchange for high-performing quantum-proof devices,” says Hub Security CTO, Andrey Iaremenko. “It’s going to be a stark wake-up call for many industry leaders and enterprise organizations when they realize their investments in cyber protection don’t go far enough to secure their company’s––and customers’––most sensitive digital assets.”

Hub Security’s customizable HSM offers high-performance military-grade key management and cryptographic solutions built on FPGAs. Now coupled with its latest quantum-proof release, the company will enable cloud and enterprise industries to safeguard against massive attacks by novel and critical cyber threats.

As a growing number of industries turn to cloud and data storage, there is an increasing demand for cybersecurity solutions that can combat the unique threats they face. Hub Security’s miniHSM is the first-of-its-kind pocket-sized HSM solution coupled with an ultra-secure HSM-to-HSM communication layer built uniquely for cloud, banking, healthcare, and government enterprises with scalable, air-tight security that can support any cloud-based or digital asset.

Hub Security utilizes military-grade cybersecurity principles for its customizable HSM and handheld miniHSM devices’ architecture that is designed for FIPS140-2 Level 4 protection (pending) –– the highest protection level currently available on the market for mobile cryptographic security.

The company’s combination of hardware and software solutions includes ultra-secure internal signing and authorization flow with a multi-signature vault, hardware firewall, access control, rules, policy engines and an AI-learning system designed to anticipate unique cyberattacks.

About Hub Security

Hub Security is a top-tier, military-grade provider of HSM and key management solutions for fintech, cloud, and blockchain security. Leveraging military-grade cybersecurity tactics and utilizing cutting-edge innovations, Hub Security has developed a family of products that provide the highest level of enterprise security available on the market today. https://hubsecurity.io/

Aviation Industry Grapples with Basic Cyber Protection

 

EasyJet, one of UK’s largest budget airlines disclosed to its customers in March that a massive data breach had taken place, affecting nine million of its customers and involving over 2,000 credit-card details.

EasyJet now reports it has been the target of a “highly sophisticated” attack, which provided hackers with access to customers’ email addresses and 2,208 credit-card details.

EasyJet’s data breach dwarfs a 2018 British Airways data breach, which was fined $225m last year by the Information Commissioner’s Office under Europe’s General Data Protection Regulation (GDPR).The airline industry is already facing major challenges as many aircraft carriers are facing service disruptions due to the pandemic. Additionally, there is a legal battle being fought in courts by the directors of the carriers over business strategy approaches.

The latest hack signals how imperative it is for enterprise airlines to ensure Infosecurity best practices are put in place in order to avoid future devastating data breaches from taking place. The industry as a whole lacks strict requirements to prevent such incidents or even adhere to specific cybersecurity standards.

Aviation Security Challenges

With one of the most integrated and complex information and communications technology (ICT) systems, the aviation industry faces threats on a number of fronts with its increasing interconnectivity. From data theft to national and political motivations, today’s aviation industry faces multiple cyber risks on a multi-front war.

Common threats to the aviation industry include, but are not limited to:

1. Phishing Attacks

Last year the Center for Internet Security reported that 75 US airports were the targets of advanced persistent threats.

2. Jamming Attacks

Jamming attacks occur when an attacker injects a ghost flight into the air traffic control system.

3. Remote Hijacking

Security flaws in the software and hardware used for communication in the aviation industry allows hackers to remotely attack or control in-flight and on-board systems.

4. DDoS and Botnet Attacks

Distributed-denial-of-service attacks utilize botnets of compromised networks to flood air traffic control and other critical systems, resulting in the platform crashing.

5. WiFi-based Attacks

Vulnerabilities in a plane’s onboard system could allow hackers to use the onboard WiFi signal or in-flight entertainment systems to hack into the plane’s avionics equipment.

HSM for Aviation

The increased wave of security concerns for airlines has continued to ripple across the aviation industry. The growing consensus among security experts outlines the need for air-tight security solutions that will address the threat of malicious hacking attempts and data theft.

Hub Security’s next-gen HSM offers excellent performance military-grade key management and cryptographic solutions built on FPGAs which can handle more data per second than traditional CPU based  HSMs.  enabling  safeguard against massive attacks of novel and critical cyber threats in cloud and enterprise industries.

Hub Security’s combination of hardware and software solutions includes ultra-secure internal signing authorization flow. Designed with a multi-signature vault, hardware firewall, access control, and a deep neural network learning system, Hub Security’s Hsm is built to anticipate and prevent unique aviation attacks.

Join Hub Security’s TokenSoft’s CEO Mason Borda and CRO David Hochhauser online this Thursday, June 18th for a discussion on Real Estate Tokenization.

What is Homomorphic Encryption

 

Technology is changing rapidly around us daily and a growing number of organizations are implementing service to improve their security and levels of productivity. However, as we enter the new generation of connectivity and exponential growth of personal data generation and collection, we must re-examine the entire idea of security and the ecosystem that connects all its moving parts.

Many common services, such as cloud data storage, are not as secure as they may seem. These vulnerable endpoints leave companies at high-risk for any number of cyberattacks, ranging from data breaches to ransomware schemes with far-reaching consequences for entire organizations. That’s where homomorphic encryption comes in.

Homomorphic Encryption

Homomorphic encryption is a method of encryption that allows computations and queries to be performed upon fully encrypted data, making it possible to analyze or manipulate encrypted data without decrypting it.

Since most data theft occurs while data is being temporarily decrypted for us or stored as plain text, homomorphic encryption allows anyone to perform operations on data without the need to first decrypt it –– making the entire system safer from data theft and privacy violations.

The risk of privacy leakage of sensitive information in complex IT systems can’t be ignored, and there is a growing interest in applying homomorphic technology to provide data privacy and decentralized access to organizational data.

Applications of Homomorphic Encryption

In the real-world, homomorphic encryption has a number of practical, industry-relevant applications. From electronic voting systems to protecting information on the cloud to enabling private queries in search engines. Real-world applications for homomorphic encryption can include:

1. Securing Cloud Storage

Whether your organization uses a third-party cloud storage service or has only some data offloaded to the cloud, it’s critical to never fully trust the security of your cloud software-as-a-service (SaaS) provider.

It’s already well known that cloud storage isn’t always as secure as we’d like it to be. The remnants of which can still be seen from The Wall Street Journal’s investigation into the global hacking campaign called ‘Cloud Hopper.’

Not only does homomorphic encryption have the potential to secure data stored on the cloud, but it also retains the ability to calculate and search ciphered information that you can later decrypt. This is super important to safeguarding the integrity of your data as a whole –– a win-win scenario for security experts, organizations and customers.

2. Enabling Data Analytics

Homomorphic encryption allows safe and secure access to data for researchers. Without the need to decrypt, data can be encrypted and outsourced to commercial cloud environments for research purposes — all while keeping patient data secure.

Homomorphic encryption can be used for businesses and organizations across a number of industries, including but not limited to, finance, retail and healthcare. By allowing predictive analytic service providers to safely analyze medical data without putting data privacy at risk, homomorphic encryption is empowering research teams worldwide and the advancement of new technological developments.

3. Improving Election Security and Transparency.

It’s been a hot topic lately, but researchers are now looking into how to use homomorphic encryption to make democratic elections more secure and transparent. The Paillier encryption scheme, for example, uses additional operations and would be best suited for voting-related applications.

By allowing users to add various values in an unbiased manner, homomorphic encryption has the ability to keep these values private. This kind of technology has huge potential to not only protect data from unwanted manipulation, but also allow it to be used to independently verify results by authorized third-parties.

Hub Security’s Flexible miniHSM

Hub Security’s programmable HSM is a high-performance key management and cryptographic KMS solution built on FPGAs –– designed to protect against unique cyberattacks. Hub Security’s miniHSM is the first of its kind to offer a pocket-sized customizable HSM solution coupled with an ultra-secure HSM-to-HSM communication layer for air-tight security that can support any cloud-based or digital asset.

Learn More

AXA Ventures Leads $5 Million Investment in Hub Security

FPGA-based cyber platform closes Series A funding round with additional investment from OurCrowd
Tel Aviv, May 7, 2020Hub Security, a startup that offers military-grade cybersecurity solutions for fintech, cloud, blockchain and data storage, announced today it has closed a $5 million Series A funding round led by AXA Ventures, with participation from Jerusalem-based OurCrowd.

The company said the investment will be used to strengthen Hub Security’s team, expand their technology and offer enhanced products to fintech companies, focusing on enabling access to credit, corporate banking solutions, cross-border payments and providing ultra-secure banking solutions.

Hub Security offers a solution to growing security concerns related to cloud and enterprise organizations that are raising alarm bells across industries struggling to combat rising levels of cyberthreats and attacks.

There is consensus among security experts of the need for military-grade security solutions that can address the threat of data theft and exploitation –– especially in the era of COVID-19.

“We believe this round of funding is crucial to helping us continue our mission of providing military-grade level cybersecurity solutions to top cloud and digital asset management providers,” said Eyal Moshe, Hub Security’s CEO.
“Hub Security’s end-to-end approach to the development and delivery of its hardware and software components ensures the highest level of security throughout the entire product lifecycle –– something that’s critical now more than ever in the era of COVID-19. We don’t take for granted the trust we’ve seen from investors, especially in the current financial climate,” said Moshe.As a growing number of industries turn to cloud and data storage solutions, there is an increasing demand for cybersecurity solutions that can combat emerging threats.Hub Security boasts an expanding portfolio of fintech, cloud, and insurance clientele.

In February 2020, the company announced its strategic partnership with Seagate® Technology as part of its new LyveTM Labs.

The initiative was launched in order to provide methods for safe and secure data management solutions, both on and off the cloud.“Hub Security’s miniHSM is the first of its kind to offer a pocket-sized HSM solution, which provides an ultra-secure HSM-to-HSM communication layer built uniquely for cloud, banking, healthcare, and government enterprises with scalable, air-tight security that can support any cloud-based or digital asset,” said Moshe.HUB Security utilizes military-grade cybersecurity tactics for its HSM architecture that is designed for FIPS140-2 Level 4 protection (In advanced stage process) –– the highest protection level available for mobile cryptographic security solutions on the market to date. HUB Security’s combination of hardware and software solutions include ultra-secure internal signing and authorization flows with a multi-signature vault, hardware firewall and an AI-learning system designed to anticipate unique cyberattacks.“On our FPGA-based HSM, we have an innovative approach,” Moshe said. “This is in sharp contrast to HSMs relying on legacy architecture, where you have to connect your source via PCIe — and depend on the operating system to deliver the data to your application.

HUB Security approach  gives very high bandwidth, as well as low latency.”“I was actively looking for a ‘software-defined HSM’ platform company in Israel for the past 12 months and I was very pleased when I met Hub Security and learned about their unique offering. We agreed very quickly to partner and invest,” said Moshe Raines, Partner at OurCrowd and Labs/02 managing partner.

About Hub Security: Hub Security is a top-tier, military-grade provider of HSM and key management solutions for fintech, cloud and blockchain security. Leveraging military-grade cybersecurity tactics and utilizing cutting-edge innovations, HUB Security has developed a family of products that provide the highest level of enterprise security available on the market today. https://hubsecurity.io/

Cybersecurity Fireside: Coronavirus and Cloud Vulnerabilities

We held a fireside chat with our very own, Andrey Iaremneko, Hub Security CTO and Shterny Isseroff discussing urging cyber security matters

Hub Security Partners with Seagate Technology Lyve Labs Tel-Aviv

Hub Security is proud to announce its partnership with Seagate as part of its new initiative to explore ways to create safe and secure data management solutions.

Global ‘Cloud Hopper’ Hacking Campaign Reveals Major Security Gaps in Cloud Security

The Wall Street Journal recently wrote a full-fledged report on their investigation into the state-sponsored Chinese global hacking campaign called ‘Cloud Hopper.’ Its investigation reveals the true depth of the risks associated with compromised cloud data in one of the largest-ever global corporate espionage efforts.

Cybersecurity investigators first identified aspects of the hack in 2016, revealing that cyber-attackers allegedly working for China’s intelligence services stole volumes of intellectual property, security clearance details and other records from dozens of international companies over the past several years.

Hackers, known as APT10 to Western officials and researchers, gained access to cloud service providers where companies believed their data was being safely stored and protected. Once in, the hackers freely and anonymously hopped from client to client, evading investigator’s attempts to eliminate them. For years.

Now the WSJ is reporting that the attack was actually much worse than initially reported –– going far beyond the 14 yet to be named companies listed in the indictment. While most names are still hidden, it’s reported that the hack stretched across at least a dozen cloud providers, including CGI Group Inc., Tieto Oyj, and International Business Machines Corp. (IBM)

Some of the companies targeted include mining company Rio Tinto PLC (RIO), and health-care giant Philips NV. Both had highly-sensitive data compromised in the attack, including mining prospects and sensitive medical data and research. The Journal also uncovered hundreds of firms that had relationships with breached cloud providers, including Philips, American Airlines Group Inc., Deutsche Bank AG, Allianz SE and GlaxoSmithKline PLC.

The Journal found that Hewlett Packard Enterprise Co. (HPE), also compromised in the attack, was so overwhelmed that the cloud company didn’t see the hackers re-enter their clients’ networks –– even as they gave customers the all-clear. Even worse, it’s still unknown if the hackers remain in the companies’ network today. The Journal reviewed data provided by Security Scorecard, a cybersecurity firm, and identified thousands of IP addresses globally still reporting back to APT10’s network between April and mid-November.

FBI Director Chris Wray said that access gained through cloud providers provided hackers with the equivalent of a master key to an entire apartment complex.

What made it worse, was investigators in and out of government said many of the major cloud companies attempted to stonewall clients about what was happening inside their networks. Officials at the Department of Homeland Security grew so frustrated that they’re now reportedly working to revise federal contracts that would force them to comply with future probes.

The Rise of Blockchain Banking

As the financial industry begins its long-awaited move to adaptive blockchain technology, many banks are becoming increasingly open to the use of crypto-based solutions for digitizing assets. It’s no secret the future of banking is digital for many financial institutions looking to modernize their product offerings. It even appears likely we’re headed toward an era of national digital currencies backed by central banks. Hats off to Mike Orcutt.

But HSBC’s decision to be the first financial institution to move $20 billion worth of assets to a blockchain platform is possibly enormously rewarding––– or risky. While the future of blockchain-based platforms such as HSBC’s Digital Vault looks promising, security experts voice growing concerns over the management of such large amounts of digital assets.

While the rise in usage of blockchain technology has made financial asset management more transparent and accessible, the crypto world has seen its fair share of threats over the past decade. From Binance to Bitpoint to Quadriga’s wild story, the industry’s shift in reliance on the blockchain has its own perils.

Blockchains are particularly attractive to hackers since once they gain access to the private keys it’s game over and fraudulent transactions are very difficult to reverse(if at all). While blockchains have unique security features, they also have their unique vulnerabilities. As banks expand their digital solution, they will continue to face continuous ongoing threats to their blockchain infrastructure. As long as vulnerabilities as these exist, banks must learn to embrace innovative solutions that can keep their most sensitive assets secure.

Today we know that marketing tactics which branded blockchain technology as unhackable were simply misleading ––– and wrong. In total, since the beginning of 2017, hackers have stolen nearly $2 billion worth of cryptocurrency, mostly from exchanges, and that’s just what’s revealed publicly. Contrary to popular belief, these attackers aren’t just lone opportunists either, they’re sophisticated cybercrime organizations. According to Chainalysis, just two of these groups, both of which are still active today, have stolen a combined $1 billion from exchanges.

Whether the future of banking relies on the blockchain or paper-tracking is still up for debate. But if history teaches us anything, it’s that we’re still not out of the woods when it comes to protecting our most sensitive piece of data. Even if we’re HSBC.

To learn more and schedule a live demo with Hub Security, Click here.

Request a Demo





Do One-size-fits-all Key Management Solutions Really Work?

We wrote earlier this week about key management, and how today’s solutions fail the little guy. On top of their high price points, inaccessible installation and overly complex management –– today’s cyber solutions from giants like Amazon, Microsoft and Google often fall short for mid-tier companies. Which doesn’t really make them solutions at all. As Biggie would say, just mo’ problems. For many 2nd and 3rd tier players, what they really need is pretty straightforward: a simple, affordable way to protect their most valuable digital assets.

In the (really) tiny corner of the world that is key management, most products out there are designed as one-size-fits-all solutions. Like those pants you bought on Alibaba, there’s just no guarantee they will fit. Maybe your hips are a bit wider, your legs a bit longer –– whatever it is, they were obviously not designed for you. So why wear them?

Without coming down too hard on the big retail, my point is: you still need pants. That’s kind of what it’s like for most mid-tired companies. Except in this scenario, many of these businesses also losing out on a ton of money on lost profitability. With products they can’t protect without losing an arm and a department, they sit unused –– a lost revenue stream that won’t ever see the light of day.

It’s almost revolutionary to think that a solution should be simpler. Like when Steve Jobs packed over 10,000 mp3 filed into a handheld iPod Mini. It killed the walkman. And that’s what our team at Hub Security has set out to do: be revolutionary. We’ve built a solution that is accessible, affordable and adaptable to any-sized business.

With the HUB platform, administrators can define customer policies and permissions and custom build an internal key management system that works for them. Like Lego pieces, HUB’s platform is built to grow at scale –– developing with you, as you develop your business. See? Like I said, revolutionary. With a low-barrier of entry, a relatively low price-point and 24/7 support, first-tier cloud providers have nothing on us.

Want to learn more? Check out the HSM device for yourself? Reach out to us at sales@hubsecurity.io or leave your details below





Request a Demo






Scroll to top

JOIN OUR NEWSLETTER

Keep up with cyber security news!