8-25-14 An attack targeting JP Morgan and Chase Customers in the United States

“Diligence is the mother of good fortune and idleness, its opposite never brought a man to the goal of any of his best wishes.”

-Miguel De Cervantes


JPMorgan Chase customers targeted in massive phishing campaign

http://www.scmagazine.com/jpmorgan-chase-customers-targeted-in-massive-phishing-campaign/article/367615/

http://www.darkreading.com/jp-morgan-targeted-in-new-phishing-campaign/d/d-id/1306589?

C-IT Recommendation

  1. Provide social engineering awareness for your customers. Ensure you communicate specifically how your organization will communicate with them. Post your communication policy on your company’s website.  Warn them that any other forms of communication should be held in suspicion.
  2. Ensure your organization has a contact number on your website to reference so customers can validate contact numbers provided in correspondence that appear to come from your organization.
  3. Establish fraud monitoring services for your customers that baselines his/her account activity and alerts the customers when activity is out of bounds of their normal habits with your organization

Article Resources

Proofpoint’s Analysis of J.P Morgan and Chase Attack

http://www.proofpoint.com/threatinsight/posts/smash-and-grab-jpmorgan.php

 

8-20-14

“Out there in some garage is an entrepreneur who’s forging a bullet with your company’s name on it.”

-Gary Hamel


Cybercriminals Deliver Point-of-Sale Malware to 51 UPS Store Locations

http://www.securityweek.com/cybercriminals-deliver-point-sale-malware-51-ups-store-locations

http://www.scmagazine.com/ups-announces-breach-impacting-51-us-locations/article/367257/

C-IT Recommendation

  1. Create new non-intuitive usernames for POS accounts.  Disable  the default usernames.
  2. Use Strong password for Terminal log in accounts and change them regularly
  3. Keep POS operating systems and POS Software Applications updated with the latest patches:
  4. Install a Firewall
  5. Ensure a solid Antivirus solution is running on the POS terminals
  6. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  7. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  8. Disallow Remote Access so that attackers cannot remotely access terminals
  9. Encrypt traffic between terminals, servers and payment card processor

Article Resources

UPS Stores impacted by the breach

http://www.theupsstore.com/security/Pages/default.aspx

US CERT- New Point of Sale Malware

https://www.us-cert.gov/sites/default/files/publications/BackoffPointOfSaleMalware.pdf

US-CERT Alert Malware Targeting Point of Sale Systems

https://www.us-cert.gov/ncas/alerts/TA14-002A

Protecting PoS Environments Against Multi-Stage Attacks

http://www.symantec.com/content/en/us/enterprise/white_papers/b-protecting-pos-environments-against-multi-stage-attacks-WP-21327754.pdf

 

8-18-14 The problem with former employees retaining access to companies they no longer work for

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey

http://www.securityweek.com/bulk-ex-employees-retain-access-corporate-apps-survey

http://www.infosecurity-magazine.com/news/uk-smbs-manage-exemployee-risk/

C-IT Recommendation

  1. Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization.
    1. Use Role based Access Control. Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
    2. Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
      1. ex: Database Administrator should not have the rights of the Operating System Administrator
  2. Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have  unnecessary access should have privileged access be immediately removed.

Article Resources

Intermedia Report on Rogue Access

http://www.multivu.com/players/English/7281751-intermedia-s-2014-smb-rogue-access-study-security-threat-posted-by-former-employees/

Role Based Access Control (has links to other resources including the  “Economic Benefits of Role Based Access Control”)

http://csrc.nist.gov/groups/SNS/rbac/

 

8-13-14 A tech support scam targeting trusting users, a report describing 2014 as the year of the data breach, Microsoft’s plan to stop supporting older versions of Internet Explorer

“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.”

– Charles Darwin


Windows tech support scammers take root in the U.S.

http://www.csoonline.com/article/2464030/security-leadership/windows-tech-support-scammers-take-root-in-the-u-s.html

aredwarning

Article Resources

Malwarebytes blog on the scare tactic

https://blog.malwarebytes.org/fraud-scam/2014/08/beware-of-us-based-tech-support-scams/


 

2014 So Far: The Year of the Data Breach

http://www.infosecurity-magazine.com/news/2014-the-year-of-the-data-breach/

C-IT Recommendation

  1. Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National Institute of Standards and Technology Framework, International Organization for Standardization 27001, and Information System Audit and Control Association’s Control Objectives for IT.
    1. Ensures your organization has a plan for Information Security
    2. Provides direction for developing information security policies, procedures, standards and guidelines
    3. Ensures organizations have administrative, physical and technical controls to deter, detect and/or prevent malicious behavior

Article Resources

Trend Micro Security Report

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-turning-the-tables-on-cyber-attacks.pdf

NIST Cyber Security Framework

http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

ISO\IEC 27001 Framework

http://www.iso.org/iso/catalogue_detail?csnumber=54534

ISACA COBIT

http://www.isaca.org/COBIT/Pages/default.aspx?cid=1003566&Appeal=PR


 

Microsoft to End Support for Old Versions of Internet Explorer

http://www.securityweek.com/microsoft-end-support-old-versions-internet-explorer

Microsoft’s Internet Explorer Support Information

http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx

 

8-12-14 The PCI Council publication advising companies how to ensure security compliance with third party service providers, New malware that hides in media files, Microsoft patch Tuesday bulletins

“It doesn’t take great men to do things, but it is doing things that make men great.”

-Arnold Glasow


PCI Council Publishes Guidance on Working With Third-party Providers

http://www.securityweek.com/pci-council-publishes-guidance-working-third-party-providers

http://www.scmagazine.com/pci-council-releases-third-party-security-assurance-guidance/article/365658/

C-IT Recommendation

  1. Require your third party service provider to provide a report of compliance and require the entity to conform to conducting a risk analysis
  2. Ensure your legal department has a strong SLA and breach accountability agreement with the service provider in case critical company or customer data is compromised.
  3. Read the PCI-DSS Third-Party Security Assurance Special Interest Group PCI Security Standards Council

Article Resources

PCI-DSS Third-Party Security Assurance Special Interest Group PCI Security Standards Council Document

https://www.pcisecuritystandards.org/documents/PCI_DSS_V3.0_Third_Party_Security_Assurance.pdf


 

Click Fraud Malware Found Lurking Inside Image Files

http://www.infosecurity-magazine.com/news/click-fraud-malware-inside-images/

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes
  7. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes

Article Resources

Dell SecureWorks Malware Analysis of the Lurk Downloader

http://www.secureworks.com/cyber-threat-intelligence/threats/malware-analysis-of-the-lurk-downloader/


 

August Patch Tuesday Addresses Critical IE Flaw

http://www.infosecurity-magazine.com/news/august-patch-critical-ie-flaw/

http://www.informationweek.com/software/operating-systems/microsoft-to-patch-2-critical-bugs/d/d-id/1297920

C-IT Recommendation

  1. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  2. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  3. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  4. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.

Article Resources

Microsoft Security Bulletin Advance Notification for August 2014

https://technet.microsoft.com/library/security/ms14-aug

8-11-14 A letter issued to Automotive CEOs to beef up automobile security, New bank malware activity in the United States, a website vulnerability that your company may need to fix

“Great men undertake great things because they are great; fools, because they think them easy.”

-Luc de Vauvenargues


Hackers Demand Automakers Get Serious About Security

http://www.securityweek.com/hackers-demand-automakers-get-serious-about-security

http://www.darkreading.com/application-security/automakers-openly-challenged-to-bake-in-security/d/d-id/1297902

C-IT Recommendation

  1. Find out if your organization has Security embedded into the Product Development Life Cycle. There should be no new systems released to the public or deployed in your organization that has not undergone a security review.
  2. Verify your IT organization has controls to protect the integrity of the software products you are selling to or using on behalf of your customers.
  3. Verify your organization has a Release management process that requires input from the information security organization. Release management is the process intended to oversee the development, testing, deployment and support of software releases.
  4. Verify your organization has a Change management process that requires approvals from the information security organization. Change management is the process of ensuring no one can make system modifications without the modifications being reviewed and approved by a group of authorized individuals who have vetted the change and identified the risks associated with the changes to be acceptable.

Article Resources

Letter to Automotive Company Executive Leadership

https://www.iamthecavalry.org/wp-content/uploads/2014/08/IATC-Open-letter-to-the-Automotive-Industry.pdf

Five Star Automotive Cyber Safety Program

https://www.iamthecavalry.org/domains/automotive/5star/

MP3 of Two Researches Who Hacked Modern Vehicles

http://www.securityweek.com/podcast-car-hacking-charlie-miller-and-chris-valasek

Microsoft Updated Cybersecurity Papers on Supply Chain Security and Critical Infrastructure Protection

http://blogs.technet.com/b/security/archive/2014/05/06/revised-cybersecurity-papers-on-supply-chain-security-and-critical-infrastructure-protection.aspx


 

Thousands of U.S. Devices Infected With New Gameover Zeus Variant: Report

http://www.securityweek.com/thousands-us-devices-infected-new-gameover-zeus-variant-report

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
  2. Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
  7. Perform an asset inventory of all computers running Windows XP Operating system.
  8. Develop a deployment plan to upgrade all Windows XP OS systems to a Microsoft supported OS or purchase additional support for your Windows XP machines from Microsoft to receive Microsoft XP patch releases.
  9. Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.

Article Resources

US-CERT GameOver Zeus P2P Malware Alert

https://www.us-cert.gov/ncas/alerts/TA14-150A


 

Critical Vulnerability Found in Popular WordPress Contact Form Plugin

http://www.securityweek.com/critical-vulnerability-found-popular-wordpress-contact-form-plugin

http://www.infosecurity-magazine.com/news/wordpress-vulnerability-affects/

C-IT Recommendation

  1. Maintain a configuration management database of all software and add ons in your organization.
  2. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  3. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  4. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.

Article Resources

Custom Contact Forms Download to latest version

https://wordpress.org/plugins/custom-contact-forms/


 

 

8-7-14 A report by Cisco Systems alleging most enterprises are exposed to browser attack, 1.2 Billion email accounts globally hacked by a Russian attack group

“The purpose of business is to create and keep a customer.”

― Peter F. Drucker


Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco

http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco

http://www.csoonline.com/article/2459954/data-protection/cisco-patches-traffic-snooping-flaw-in-operating-systems-used-by-networking-gear.html

C-IT Recommendation

  1. Perform regular security assessments in your organization
  2. Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly to understand internal security risks. CSO/CISO’s should then meet with  CFOs, CEOs, CIOs monthly or bi-weekly to communicate priority risks to the business. Executives should be prepared to provide feedback and decisions to the information security organizations.
    1. Material to be covered
      1. Current Risks (including potential severity and probability)
      2. Emerging Risks (including potential severity and probability)
      3. Plan to address Risks (Avoidance, Mitigation, Transfer, Acceptance)
      4. Monitoring Progress of Risk Handling
  3. Use Out-of-band transaction detail confirmation, followed by one-time-passcode generation: this technique leverages devices such as mobile phones that are already being carried by the intended end-users, and enables review of transaction details outside the influence of malware on the user’s PC.
  4. Fraud detection technology that monitors user behavior: this server-side monitoring of a user’s movement through a banking Web site, inclusive of transaction execution steps as well as the steps leading there, provides flexibility for financial institutions to adapt to constantly evolving malware features, and detect suspicious patterns of activity for immediate intervention. SafeNet eToken/Mobile Pass, ThreatMatrix

Article Resources

Cisco’s Midyear Security  Report

http://www.cisco.com/web/offer/grs/190720/SecurityReport_Cisco_v4.pdf

Entrust WhitePaper on Preventing Man in the Browser Attacks

http://www.bankinfosecurity.com/whitepapers/defeating-man-in-the-browser-how-to-prevent-latest-malware-attacks-w-315#dynamic-popup


 

Reported Theft of 1.2B Email Accounts

http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/

http://www.holdsecurity.com/news/cybervor-breach/

C-IT Recommendation

  1. Ensure your company is using a strong Web Code review process before publishing sites
  2. Use a software code security analysis tool to check your website for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your externally facing websites.
  4. If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved.
  5. Ensure your organization has a password policy that requires privileged accounts to differ between various  including not utilizing the same passwords on multiple systems.
  6. Ensure your  password policy require complex passwords and that systems are configured to enforce the requirement. Require passwords to expire on systems within 30-90 day window. Do not allow users to use the same passwords for privileged accounts consecutively after the passwords expire.

Article Resources

The Value of a Hacked Email Account

http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/


 

 

8-5-14 Data thieving software posing as a security application on Android Devices, a report explaining that most top free and paid mobile apps pose threats to organizations

“Genius is one percent inspiration and ninety–nine percent perspiration.”

– Thomas A. Edison


Android malware SandroRAT disguised as mobile security app

http://www.scmagazine.com/android-malware-sandrorat-disguised-as-mobile-security-app/article/364455/

Article Resources

McAfee Blog Post

http://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing

Emory Libraries Information Security Awareness covering Phishing

http://it.emory.edu/security/security_awareness/phishing.html


 

Most Top Free and Paid Mobile Apps Pose Threat to Enterprises: Report

https://www.securityweek.com/most-top-free-and-paid-mobile-apps-pose-threat-enterprises-report

C-IT Recommendation

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit malicious sites. Also, instruct employees not to apps from unofficial stores.

**If you do not have a mobile device management solution in a BYOD model, Strongly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

Article Resources

Appthority App Reputation Report

https://www.appthority.com/app-reputation-report/report/AppReputationReportSummer14.pdf

US CERT Security Tip Cybersecurity for Electronic Devices

https://www.us-cert.gov/ncas/tips/ST05-017

8-4-14 A report that shows many c-level executives have little respect for their Information Security Leaders, a social engineering campaign that takes advantage of Microsoft Word weaknesses, The US Department of Homeland Security’s report on Point of Sales system attacks

“If you work just for money, you’ll never make it, but if you love what you’re doing and you always put the customer first, success will be yours.”

– Ray Kroc


C-Level Execs to CISOs: No Seat for You!

https://www.securityweek.com/c-level-execs-cisos-no-seat-you

http://www.scmagazine.com/study-ciso-leadership-capacity-undervalued-by-most-c-level-execs/article/364231/

C-IT Recommendation

  1. Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly to understand internal security risks. CSO/CISO’s should then meet with  CFOs, CEOs, CIOs monthly or bi-weekly to communicate priority risks to the business. Executives should be prepared to provide feedback and decisions to the information security organizations.
    1. Material to be covered
      1. Current Risks (including potential severity and probability)
      2. Emerging Risks (including potential severity and probability)
      3. Plan to address Risks (Avoidance, Mitigation, Transfer, Acceptance)
      4. Monitoring Progress of Risk Handling

Article Resources

Threat Track “Chief Information Security Officers Misunderstood and Underappreciated by Their C-Level Peers” Report

http://media.scmagazine.com/documents/89/threattrack_study_on_cisos_22034.pdf


 

PittyTiger spearphishing campaign speaks multiple languages

http://www.scmagazine.com/pittytiger-spearphishing-campaign-speaks-multiple-languages/article/363978/

https://www.securityweek.com/pitty-tiger-threat-actors-possibly-active-2008-fireeye

pittytiger2 pittytiger1

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes
  7. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes

Article Resources

Airbus Defense & Space Pitty Tiger Report

https://bbuseruploads.s3.amazonaws.com/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf?Signature=DFJkN2347ctUHMcTesVVtd6Dcto%3D&Expires=1407137473&AWSAccessKeyId=0EMWEFSGA12Z1HF1TZ82

FireEye Blog Detailing Pitty Tiger

http://www.fireeye.com/blog/technical/threat-intelligence/2014/07/spy-of-the-tiger.html

Emory Libraries Informationh Security Awareness covering Phishing
http://it.emory.edu/security/security_awareness/phishing.html


 

Hackers Turn Remote Desktop Tools Into Gateways for Point-of-Sale Malware Attacks

https://www.securityweek.com/hackers-turn-remote-desktop-tools-gateways-point-sale-malware-attacks

http://www.darkreading.com/attacks-breaches/backoff-malware-time-to-step-up-remote-access-security/a/d-id/1297731?

http://searchsecurity.techtarget.com/news/2240226048/US-government-warns-of-point-of-sale-malware-campaign

C-IT Recommendation

  1. Create new non-intuitive usernames for POS accounts.  Disable  the default usernames.
  2. Use Strong password for Terminal log in accounts and change them regularly
  3. Keep POS operating systems and POS Software Applications updated with the latest patches:
  4. Install a Firewall
  5. Ensure a solid Antivirus solution is running on the POS terminals
  6. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  7. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  8. Disallow Remote Access so that attackers cannot remotely access terminals
  9. Encrypt traffic between terminals, servers and payment card processor

Article Resources

US Department of Homeland Security Report on New Point of Sale Malware

http://www.us-cert.gov/sites/default/files/publications/BackoffPointOfSaleMalware.pdf

Protecting PoS Environments Against Multi-Stage Attacks

http://www.symantec.com/content/en/us/enterprise/white_papers/b-protecting-pos-environments-against-multi-stage-attacks-WP-21327754.pdf