6-30-14 Podcast References

“I knew that if I failed I wouldn’t regret that, but I knew the one thing I might regret is not trying.”

—Jeff Bezos


Rare SMS worm targets Android devices

http://www.csoonline.com/article/2369336/rare-sms-worm-targets-android-devices.html

C-IT Recommends

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit pornographic sites. Also, instruct employees not to apps from unofficial stores

**If you do not have a mobile device management solution in a BYOD model, Stronly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

Article Resources

Adaptive Mobile Detail Analysis on

http://www.adaptivemobile.com/blog/selfmite-worm

US CERT Defending Cell Phones and PDAs Against Attack

https://www.us-cert.gov/ncas/tips/ST06-007


 

Most health care vendors earn ‘D’ in data protection, study finds

http://www.scmagazine.com/most-health-care-vendors-earn-d-in-data-protection-study-finds/article/358280/

C-IT Recommendation

  1. Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National Institute of Standards and Technology Framework, International Organization for Standardization 27001, and Information System Audit and Control Association’s Control Objectives for IT.
    1. Ensures your organization has a plan for Information Security
    2. Provides direction for developing information security policies, procedures, standards and guidelines
    3. Ensures organizations have administrative, physical and technical controls to deter, detect and/or prevent malicious behavior
  2. Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly to understand internal security risks. CSO/CISO’s should then meet with  CFOs, CEOs, CIOs monthly or bi-weekly to communicate priority risks to the business. Executives should be prepared to provide feedback and decisions to the information security organizations.
  1. Material to be covered
    1. Current Risks (including potential severity and probability)
    2. Emerging Risks (including potential severity and probability)
    3. Plan to address Risks (Avoidance, Mitigation, Transfer, Acceptance)
    4. Monitoring Progress of Risk Handling

Article resources

The Unlocked Back Door to Healthcare Data Report

http://www.vendorsecurityrm.com/resources/healthcare-vendor-intelligence-report/

NIST Cyber Security Framework

http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

ISO\IEC 27001 Framework

http://www.iso.org/iso/catalogue_detail?csnumber=54534

ISACA COBIT

http://www.isaca.org/COBIT/Pages/default.aspx?cid=1003566&Appeal=PR


 

PlugX RAT Armed With ‘Time Bomb’ Leverages Dropbox In Attack

http://www.darkreading.com/cloud/plugx-rat-armed-with-time-bomb-leverages-dropbox-in-attack/d/d-id/1278946?

C-IT Recommendation

  1. Evaluate the organizational risks for allowing users in your organization to use online document sharing sites such as dropbox, Google drive, Microsoft One Drive. Understand once the information leaves your organization you no longer have controls. This evaluation should include input from your core business leaders, the legal department and the information technology and security leadership.
  2. Make an organizational decision to whether or not you will allow users to store files on online document sharing sites.
  3. Ratify a data storage policy that explicitly addresses your directives for storing files on online document sharing sites.
  4. If you decide to disallow users to use online document sharing sites, you may want to consider blocking those sites on your web content filter appliance.
  5. Evaluate the total cost of ownership and return on investment for deploying tools that manage ShadowIT

Article Resources

Shadow IT Definition

http://searchcloudcomputing.techtarget.com/definition/shadow-IT-shadow-information-technology

CIO Magazine “How to Bring Shadow IT Under Control” Article

http://www.cio.com/article/746441/How_to_Bring_Shadow_IT_Under_Control

Trend Micro Blog Detailing PlugX RAT

http://blog.trendmicro.com/trendlabs-security-intelligence/plugx-rat-with-time-bomb-abuses-dropbox-for-command-and-control-settings/

6-27-14 Podcast References

“Anything that is measured and watched, improves.”

—Bob Parsons


US airports compromised during major APT hacking campaign, says CIS

http://www.csoonline.com/article/2369043/us-airports-compromised-during-major-apt-hacking-campaign-says-cis.html

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes
  7. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes

Article Resources

Center for Internet Security 2013 Annual Report

http://www.cisecurity.org/about/documents/2013AnnualReportspreads.pdf


 

Insider Threats Top Infosecurity Europe Attendees’ Cyber Fears

http://www.infosecurity-magazine.com/view/39035/insider-threats-top-infosecurity-europe-attendees-cyber-fears/

http://www.csoonline.com/article/2385000/security-awareness/security-awareness-and-concern-are-both-on-the-rise-among-it-professionals.html

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
  2. Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
  7. Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.

Article Resources

Emory Technology Education on Phishing
http://it.emory.edu/security/security_awareness/phishing.html

Lancope Survey Results

http://www.lancope.com/files/Blog/Lancope-Infosecurity-Europe-2014-Survey-Results.pdf

Lancope Combating Insider Threat Webinar

http://www.lancope.com/resource-center/recorded-webinars/insider-threat-hunting-for-authorized-evil/


 

US Oil & Gas Industry Establishes Information Sharing Center

http://www.infosecurity-magazine.com/view/39024/us-oil-gas-industry-establishes-information-sharing-center/

http://www.darkreading.com/analytics/threat-intelligence/oil-and-natural-gas-industry-forms-isac/d/d-id/1278885?

Article Resources

http://www.momentumpress.net/books/protecting-industrial-control-systems-electronic-threats

6-26-14 Podcast References

“Every day that we spent not improving our products was a wasted day.”

—Joel Spolsky


Montana Notifying 1.3 Million After State Health Agency Server Hacked

http://www.securityweek.com/montana-notifying-13-million-after-state-health-agency-server-hacked

http://www.csoonline.com/article/2367661/montana-data-breach-exposed-13-million-records.html

C-IT Recommendation

  1. Verify your company has an effective and enforced access control standard and policy which defines roles and baselines for system administrators. Ensure the standard and policy expresses that access should be removed when an employee transfers within the organization or leaves the organization.
    1. Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
    2. Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
      1. ex: Database Administrator should not have the rights of the Operating System Administrator
  2. Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have  unnecessary access should have privileged access be immediately removed.
  3. Utilize job rotation, and mandatory vacations for all privileged roles. Job rotation allows administrators to
    1. understand that someone else is stepping in to perform the job responsibilities and may be able to detect malicious behavior and consequently deter the administrator’s malicious behavior
  4. Utilize dual control (separation of duties)  for highly sensitive activities.
    1. Ex: The individual  who makes changes in production source code hand off their changes to someone else for installation control.
    2. This deters malicious behavior as each individual knows an honest employee may detect the behavior
  1. Validate your organization has an efficient Security Operations Center (SOC) of which trained analysts are trained to alert on potential malicious events or malicious sources.
  2. Ensure your organization has a security incident investigation process that includes discovering breach, and disclosing the breach. Validate your process aligns with the requirements of your regions regulations.
  3. Consult your Risk Management team to see if your company has any cybersecurity insurance.
  4. If you have coverage, ensure the organization has performed an information security risk assessment to see if the current coverage is adequate for your company’s risk appetite. If you do not have coverage, consider performing an information security risk assessment to transfer potential financial loss in case there is a need to pay for forensic investigations, credit monitoring, reputation management, business interruption, and compliance with state breach notification laws in the case of a data breach.

Article Resources

Role Based Access Control (has links to other resources including the  “Economic Benefits of Role Based Access Control”)

http://csrc.nist.gov/groups/SNS/rbac/

Separation of duty definition

http://www.pcmag.com/encyclopedia/term/51110/separation-of-duties

NIST Computer Security Incident Handling Guide

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf


 

‘Luuuk’ Cybercrime Operation Steals €500,000 From Bank

http://www.securityweek.com/luuuk-cybercrime-operation-steals-%E2%82%AC500000-bank

http://www.darkreading.com/luuuk-stole-half-million-euros-in-one-week/d/d-id/1278845?

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
  2. Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
  7. Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.

Article Resources

Man in the browser attack definition

http://searchsecurity.techtarget.com/definition/man-in-the-browser

Securelist technical description of Luuuk attack

http://www.securelist.com/en/blog/8230/Use_the_force_Luuuk


 

‘Havex’ malware strikes industrial sector via watering hole attacks

http://www.scmagazine.com/havex-malware-strikes-industrial-sector-via-watering-hole-attacks/article/357875/

http://www.securityweek.com/attackers-using-havex-rat-against-industrial-control-systems

C-IT Recommendation

From the end-user perspective

  1. Ensure your organization has a strong asset inventory with an accurate configuration management database.
  2. Identify all devices which have the vulnerable versions of Adobe Flash Player
  3. Deploy the Adobe security update to test machines in your environment
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted
  6. Finally, as always it is good practice to run a vulnerability scan against the devices to ensure the vulnerability has been addressed.

From the Website Perspective

  1. Ensure your company is using a strong Web Code review process before publishing sites
  2. Use a software code security analysis tool to check your website for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your externally facing websites.
  4. If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved

6-25-14 Podcast References

“Your reputation is more important than your paycheck, and your integrity is worth more than your career.”

— Ryan Freitas


Caphaw trojan being served up to visitors of AskMen.com, according to Websense

http://www.scmagazine.com/caphaw-trojan-being-served-up-to-visitors-of-askmencom-according-to-websense/article/357631/

http://www.securityweek.com/askmen-compromised-distribute-financial-malware-report

C-IT Recommendation

From the end-user perspective

  1. Ensure your organization has a strong asset inventory with an accurate configuration management database.
  2. Identify all devices which have Windows Operating Systems
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Finally, as always it is good practice to run a vulnerability scan against the devices to ensure the vulnerability has been addressed.

From the Website Perspective

  1. Ensure your company is using a strong Web Code review process before publishing sites
  2. Use a software code security analysis tool to check your website for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your externally facing websites.
  4. If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved

 

Content Widget Maker Taboola Is Hacked On Reuters

http://www.darkreading.com/content-widget-maker-taboola-is-hacked-on-reuters/d/d-id/1278792?

http://www.scmagazine.com/taboola-hack-allows-sea-to-redirect-reuters-site-visitors/article/357375/

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them. Additionally educate your users not to use the same username and passwords across multiple systems. Encourage the use of a strong password manager to keep passwords distinct and manageable.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes

Article Resources

Taboola’s Breach Disclosure

http://taboola.com/blog/update-taboola-security-breach-identified-and-fully-resolved-0

PC Magazine’s Review of the Best Password Managers

http://www.pcmag.com/article2/0,2817,2407168,00.asp


 

HackingTeam tool makes use of mobile malware targeting all major platforms

http://www.scmagazine.com/hackingteam-tool-makes-use-of-mobile-malware-targeting-all-major-platforms/article/357652/

http://www.csoonline.com/article/2367682/data-protection/hackingteam-mobile-pc-spyware-for-governments-spans-many-countries.html

 

6-17-14 Podcast References

“ Progress is the activity of today and the assurance of tomorrow. ”

— Ralph Waldo Emerson


Domino’s extortion breach highlights rise in ransom-based attacks

http://www.scmagazine.com/dominos-extortion-breach-highlights-rise-in-ransom-based-attacks/article/355997/

http://www.csoonline.com/article/2364323/cyber-attacks-espionage/domino-s-pizza-large-breach-with-a-side-of-ransom.html

http://www.securityweek.com/dominos-pizza-refuses-extortion-demand-after-customer-data-stolen

http://www.infosecurity-magazine.com/view/38876/dominos-pizza-customers-exposed-after-massive-data-breach/

C-IT Recommendation

  1. Ensure your company is using a strong Web Code review process before publishing sites
  2. Use a software code security analysis tool to check your website for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your externally facing websites.
  4. If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved
  5. Consider purchasing a web application firewall

 

New Remote Access Trojan  Bypasses SSL Protection, Targets Bank Credentials

http://www.securityweek.com/new-rat-bypasses-ssl-protection-targets-bank-credentials-phishme

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes
  7. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes

Phishme Recommendations

1. Remove above emails from inboxes

2. Check your proxy logs for traffic to Cubby, downloading zip files containing the name “documents” or “invoice”

3. Search for traffic / block the IPs 85.25.148.6, 217.12.207.151, and 192.99.6.61

4. IDS rules looking for double POST within a short period of time (this will catch copy cats, too)

5. Look for zip files containing .exe or .scr files (web, IDS, host-based, etc)

Article Resources

Phishme article detailing Project Drye Malware

http://phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/


 

Why businesses should use caution with HTML5-based mobile apps

http://www.csoonline.com/article/2364322/data-protection/why-businesses-should-use-caution-with-html5-based-mobile-apps.html

C-IT Recommendation

  1. Ensure your company is using a strong Web Code review process before publishing mobile apps
  2. Use a software code security analysis tool to check your mobile apps for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your mobile apps.
  4. If apps are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved

Article Resources

Mobile Security Conference Paper on HTML5 Attacks

http://mostconf.org/2014/papers/s3p5.pdf

Mobile Security Conference Slides on HTML5 Attacks

http://mostconf.org/2014/slides/s3p5-slides.pptx

Gartner report on Hybrid Mobile Apps

http://www.gartner.com/newsroom/id/2324917

 

 

 

6-16-14 Podcast References

“People will forget what you said, people will forget what you did, but people will never forget how you made them feel.”

– Maya Angelou


Target top security officer reporting to CIO seen as a mistake

http://www.csoonline.com/article/2363210/data-protection/target-top-security-officer-reporting-to-cio-seen-as-a-mistake.html

C-IT Recommendation

  1. Analyze the reporting structure of your organization
    1. Interview your CISO and ask him or her where it is optimal in your organization to report. Ask questions such as “Do you believe security priorities have been bottlenecked by the current reporting structure?”
  2. If necessary, move CISO’s reporting structure directly into a top level officer or directly to a top level board

Article Resources

Who should the CISO report to?

http://www.csoonline.com/article/2131227/infosec-staffing/who-should-the-ciso-report-to-.html

The Global State of Information Security® Survey 2014

http://www.pwc.com/GX/EN/CONSULTING-SERVICES/INFORMATION-SECURITY-SURVEY/INDEX.JHTML


 

Android ‘SMS Stealer’ hides in World Cup-themed apps

http://www.scmagazine.com/android-sms-stealer-hides-in-world-cup-themed-apps/article/355717/

C-IT Recommendation

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit pornographic sites. Also, instruct employees not to apps from unofficial stores

**If you do not have a mobile device management solution in a BYOD model, Strongly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

 

6-13-14 Podcast References

“Vigilance is not only the price of liberty, but of success of any sort.”

-Henry Ward Beecher


P.F. Chang’s Confirms Credit Card Breach

http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/

Article Resources

P.F. Chang’s Security Compromise Update

http://pfchangs.com/security/


 

PLXsert warns Fortune 500 companies of evolving Zeus threat

http://www.scmagazine.com/plxsert-warns-fortune-500-companies-of-evolving-zeus-threat/article/355543/

http://www.infosecurity-magazine.com/view/38832/zeus-used-to-mastermind-ddos-and-attacks-on-cloud-apps/

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
  2. Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
  7. Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.
  8. Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including
    1. Not having have total control
    2. Having your data protected by someone else
    3. Having your security managed by someone else
    4. Not having information about the cloud providers infrastructure
  9. As a result, Ensure your legal department has a strong SLA and breach accountability agreement with the cloud provider in case critical company or customer data is compromised

Prolexic Mitigation Recommendation

  1. Users are tricked into running programs that infest their devices, so organizational security policies and user education can help. Enforce security policies for system security and patches and updates. Educate users about how this type of attack is executed from email clients and web browsers.
  2. Clean-up effort by the security community is fundamental. Initiatives such as ZeuS Tracker are necessary to contain and manage this threat. Takedown follow-up efforts must also be implemented to reduce the number of infected command and control centers.
  3. Learn how to prevent, detect and remove Zeus infections. Symantec Security Response provides extensive information to help you do this.
  4. Write Snort rules for Zeus traffic. Sourcefire VRT Labs has an excellent source for writing Snort rules based on Zeus traffic.

Article Resources

Prolexic Zeus Crimeware Breaches Cybersecurity Defenses of Fortune 500 Advisory

http://www.prolexic.com/knowledge-center-ddos-threat-advisory-zeus-zbot-malware-crimeware-kit-cybersecurity.html

ZeuS Tracker (tracks ZeuS Command&Control servers around the world and provides you a domain- and a IP-blocklist)

https://zeustracker.abuse.ch/


 

Ransomware “Svpeng” strikes US, leaves Android devices unusable

http://www.scmagazine.com/ransomware-svpeng-strikes-us-leaves-android-devices-unusable/article/355530/

C-IT Recommendation

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit non business related sites on company issued phones. Also, instruct employees not to download apps from unofficial stores

**If you do not have a mobile device management solution in a BYOD model, Stronly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

Article Resources

Details of Sveng Mobile malware

http://www.securelist.com/en/blog/8227/Latest_version_of_Svpeng_targets_users_in_US

 

6-12-14 Podcast References

“If you really want to do something, you’ll find a way. If you don’t, you’ll find an excuse.”

–Jim Rohn


P.F. Chang’s Investigates Possible Breach of Customer Credit Cards

http://www.securityweek.com/pf-changs-investigates-possible-breach-customer-credit-cards

http://www.infosecurity-magazine.com/view/38818/pf-changs-may-have-leaked-info-on-thousands-of-credit-cards-/

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/


 

Survey respondents praise, but neglect, continuous monitoring

http://www.scmagazine.com/survey-respondents-praise-but-neglect-continuous-monitoring/article/355322/

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list.
  2. Verify your security appliances are reporting to a Security Information and Event Management tool (SIEM) that correlates events and displays intelligible information to security analysts.
  3. Validate your organization has an efficient Security Operations Center (SOC) of which trained analysts are trained to alert on potential malicious events or malicious sources.
  4. Verify your company has an effective and enforced data classification standard which requires data owners to seriously assess data sensitivity and requires data custodians to properly secure the information to need-to-know only basis.
  5. Ensure your organization has a solid data storage policy which requires confidential data to be stored in secure, encrypted locations
  6. Perform periodic access reviews for data stores and applications housing highly classified or confidential information to ensure appropriate access is enforced. Any users or groups who are discovered to have access and don’t have a need to have access should be immediately removed.
  7. Confirm network segmentation in your environment so that only required devices are able to access networks where highly classified or confidential data resides.

Article Resources

Ponemon Institute SQL Injection Threat Study

http://www.dbnetworks.com/pdf/ponemon-the-SQL-injection-threat-study.pdf


 

Small businesses running cloud-based POS software hit with unique ‘POSCLOUD’ malware

http://www.scmagazine.com/small-businesses-running-cloud-based-pos-software-hit-with-unique-poscloud-malware/article/355301/

C-IT Recommendation

  1. Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including
    1. Not having have total control
    2. Having your data protected by someone else
    3. Having your security managed by someone else
    4. Not having information about the cloud providers infrastructure
  2. As a result, Ensure your legal department has a strong SLA and breach accountability agreement with the cloud provider in case critical company or customer data is compromised
  3. Use Strong password for Terminal log in accounts and change them regularly
  4. Keep POS operating systems and POS Software Applications updated with the latest patches:
  5. Install a Firewall
  6. Ensure a solid Antivirus solution is running on the PoS terminals
  7. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  8. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  9. Disallow Remote Access so that attackers cannot remotely access terminals
  10. Encrypt traffic between terminals, servers and payment card processor

Article Resources

IntelCrawler Cloud-Based POS Software – “New Target for Hackers?”

http://intelcrawler.com/intel/webpos.pdf

US-CERT Common Risks of Using Business Apps in the Cloud

http://www.us-cert.gov/sites/default/files/publications/using-cloud-apps-for-business.pdf

 

6-10-14 Podcast References

 “An amazing thing, the human brain. Capable of understanding incredibly complex and intricate concepts. Yet at times unable to recognize the obvious and simple.”

-Jay Abraham


Cybercrime Costs Businesses More than $400 Billion Globally: Report

http://www.securityweek.com/cybercrime-costs-businesses-more-400-billion-globally-report

http://www.csoonline.com/article/2361011/security0/annual-cost-of-cybercrime-hits-near-400-billion.html

http://www.darkreading.com/worldwide-cost-of-cybercrime-estimated-at-$400-billion/d/d-id/1269527?

C-IT Recommendation

  1. Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National Institute of Standards and Technology Framework, International Organization for Standardization 27001, and Information System Audit and Control Association’s Control Objectives for IT.
    1. Ensures your organization has a plan for Information Security
    2. Provides direction for developing information security policies, procedures, standards and guidelines
    3. Ensures organizations have administrative, physical and technical controls to deter, detect and/or prevent malicious behavior
  2. Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly to understand internal security risks. CSO/CISO’s should then meet with  CFOs, CEOs, CIOs monthly or bi-weekly to communicate priority risks to the business. Executives should be prepared to provide feedback and decisions to the information security organizations.
    1. Material to be covered
      1. Current Risks (including potential severity and probability)
      2. Emerging Risks (including potential severity and probability)
      3. Plan to address Risks (Avoidance, Mitigation, Transfer, Acceptance)
      4. Monitoring Progress of Risk Handling

Article Resources

Center for Strategic and International Studies (CSIS) Report “Net Losses:Estimating the Global Cost of Cybercrime”

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf


 

Chinese cyberspies targeting U.S, European defense, space sectors

http://www.csoonline.com/article/2361425/cyber-attacks-espionage/chinese-cyberspies-targeting-u-s-european-defense-space-sectors.html

http://www.infosecurity-magazine.com/view/38785/second-chinese-pla-hacking-unit-unmasked-in-putter-panda-report/

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list.
  2. Verify your security appliances are reporting to a Security Information and Event Management tool (SIEM) that correlates events and displays intelligible information to security analysts.
  3. Validate your organization has an efficient Security Operations Center (SOC) of which trained analysts are trained to alert on potential malicious events or malicious sources.
  4. Verify your company has an effective and enforced data classification standard which requires data owners to seriously assess data sensitivity and requires data custodians to properly secure the information to need-to-know only basis.
  5. Ensure your organization has a solid data storage policy which requires confidential data to be stored in secure, encrypted locations
  6. Perform periodic access reviews for data stores and applications housing highly classified or confidential information to ensure appropriate access is enforced. Any users or groups who are discovered to have access and don’t have a need to have access should be immediately removed.
  7. Confirm network segmentation in your environment so that only required devices are able to access networks where highly classified or confidential data resides.

Article Resources

Crowdstrike putter Panda report

http://resources.crowdstrike.com/putterpanda/

Countering Adversaries Part 1: Espionage and Stolen Credentials

https://www.brighttalk.com/webcast/5385/104705


 

Scammers Trick Thousands of Twitter Users with ‘Follower’ Bait

http://www.infosecurity-magazine.com/view/38776/scammers-trick-thousands-of-twitter-users-with-follower-bait/

http://www.darkreading.com/attacks-breaches/tweetdeck-scammers-steal-twitter-ids-via-oauth/d/d-id/1269503?

C-IT Recommendation

  1. Evaluate your organizations social media presence. If your social media department is using Tweetdeck to manage its twitter account, uninstall TweetDeck and reauthorize it.
  2. run a security scan to check for malware on any devices they used to log into Twitter.

Article Resources

BitDefender Blog  on the Twitter Scam

http://www.hotforsecurity.com/blog/scammers-abuse-twitter-features-trick-thousands-with-follower-scheme-9202.html

 

6-9-14 Podcast References

“We can evade reality but we cannot evade the consequences of evading reality.”

–Ayn Rand


RIG Exploit Kit Used to Deliver “Cryptowall” Ransomware

http://www.securityweek.com/rig-exploit-kit-used-deliver-cryptowall-ransomware

http://www.infosecurity-magazine.com/view/38751/malvertising-and-cryptowall-mark-the-appearance-of-the-rig-exploit-kit-/

C-IT Recommendation

  1. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  2. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates. Consider visiting the Cisco systems site to add the identified sites to your web content filters blacklist, which will block the malicious sites.
  3. Thoroughly educate your end users on safe website browsing. Communicate to them that they should only be utilizing the internet to access legitimate sites which support the accomplishing of their job responsibilities.
  4. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes.
  5. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit.
  6. Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
  7. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  8. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  9. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  10. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
  11. Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.
  12. If you are using WordPress, enforce strong password policy requiring login to be complex with at least eight characters, lower case, uppercase and symbols.

Article Resources

Cisco Systems RIG Exploit Kit Strikes Oil Blog

https://blogs.cisco.com/security/rig-exploit-kit-strikes-oil

US-CERT Alert (TA13-309A): CryptoLocker Ransomware Infections

http://www.us-cert.gov/ncas/alerts/TA13-309A

McAfee Blog: What is a “Drive-By” Download?

https://blogs.mcafee.com/consumer/drive-by-download

US-CERT Alert (TA14-150A): GameOver Zeus P2P Malware (Tools for Removal)

https://www.us-cert.gov/ncas/alerts/TA14-150A


 

What to avoid in Dropbox-related phishing attack

http://www.csoonline.com/article/2360670/malware-cybercrime/what-to-avoid-in-dropbox-related-phishing-attack.html

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes
  7. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes
  8. Evaluate the organizational risks for allowing users in your organization to use online document sharing sites such as dropbox, google drive, Microsoft One Drive. Understand once the information leaves your organization you no longer have controls. This evaluation should include input from your core business leaders, the legal department and the information technology and security leadership.
  9. Make an organizational decision to whether or not you will allow users to store files on online document sharing sites.
  10. Ratify a data storage policy that explicitly addresses your directives for storing files on online document sharing sites.
  11. If you decide to disallow users to use online document sharing sites, you may want to consider blocking those sites on your web content filter appliance.

Article Resources

Phishme Blog “An inside look at Dropbox phishing: Cryptowall, Bitcoins, and You”

http://phishme.com/inside-look-dropbox-phishing-cryptowall-bitcoins/

US- CERT Security Tip (ST04-014): Avoiding Social Engineering and Phishing Attacks

http://www.us-cert.gov/ncas/tips/ST04-014


 

Microsoft preps seven fixes, two critical, for Patch Tuesday release

http://www.scmagazine.com/microsoft-preps-seven-fixes-two-critical-for-patch-tuesday-release/article/351559/

C-IT Recommendation

  1. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  2. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  3. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  4. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.