6-13-14 Podcast References

“Vigilance is not only the price of liberty, but of success of any sort.”

-Henry Ward Beecher


P.F. Chang’s Confirms Credit Card Breach

http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/

Article Resources

P.F. Chang’s Security Compromise Update

http://pfchangs.com/security/


 

PLXsert warns Fortune 500 companies of evolving Zeus threat

http://www.scmagazine.com/plxsert-warns-fortune-500-companies-of-evolving-zeus-threat/article/355543/

http://www.infosecurity-magazine.com/view/38832/zeus-used-to-mastermind-ddos-and-attacks-on-cloud-apps/

C-IT Recommendation

  1. Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
  2. Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
  7. Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.
  8. Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including
    1. Not having have total control
    2. Having your data protected by someone else
    3. Having your security managed by someone else
    4. Not having information about the cloud providers infrastructure
  9. As a result, Ensure your legal department has a strong SLA and breach accountability agreement with the cloud provider in case critical company or customer data is compromised

Prolexic Mitigation Recommendation

  1. Users are tricked into running programs that infest their devices, so organizational security policies and user education can help. Enforce security policies for system security and patches and updates. Educate users about how this type of attack is executed from email clients and web browsers.
  2. Clean-up effort by the security community is fundamental. Initiatives such as ZeuS Tracker are necessary to contain and manage this threat. Takedown follow-up efforts must also be implemented to reduce the number of infected command and control centers.
  3. Learn how to prevent, detect and remove Zeus infections. Symantec Security Response provides extensive information to help you do this.
  4. Write Snort rules for Zeus traffic. Sourcefire VRT Labs has an excellent source for writing Snort rules based on Zeus traffic.

Article Resources

Prolexic Zeus Crimeware Breaches Cybersecurity Defenses of Fortune 500 Advisory

http://www.prolexic.com/knowledge-center-ddos-threat-advisory-zeus-zbot-malware-crimeware-kit-cybersecurity.html

ZeuS Tracker (tracks ZeuS Command&Control servers around the world and provides you a domain- and a IP-blocklist)

https://zeustracker.abuse.ch/


 

Ransomware “Svpeng” strikes US, leaves Android devices unusable

http://www.scmagazine.com/ransomware-svpeng-strikes-us-leaves-android-devices-unusable/article/355530/

C-IT Recommendation

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit non business related sites on company issued phones. Also, instruct employees not to download apps from unofficial stores

**If you do not have a mobile device management solution in a BYOD model, Stronly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

Article Resources

Details of Sveng Mobile malware

http://www.securelist.com/en/blog/8227/Latest_version_of_Svpeng_targets_users_in_US

 

Leave a Reply

Your email address will not be published. Required fields are marked *