Tag Archives: cyber security

Security Never Sleeps- SEC Security, CCleaner Security

SEC admits data breach, suggests illicit trading was key

“Regulator database opened”

The SEC has admitted to being hacked in 2016, with illegal trading potentially at the root of the breach. On Wednesday, SEC Chairman Jay Clayton said one of the financial regulator’s databases, containing corporate announcements, was compromised and may have been used to gain an advantage in stock trading.

CCleaner Hack Carried Out In Order to Target Big Tech Companies

“Group believed to operate out of China”

The CCleaner hack that took place over the summer and came to light this week might have been carried out by an infamous cyber-espionage group, believed to be operating out of China, and which targeted a list of who’s who of western tech companies. Thin lines connect evidence collected from the CCleaner incident to the activity of a cyber-espionage group that goes primarily by the name of Axiom, but is also referenced as APT17, DeputyDog, Tailgater Team, Hidden Lynx, Voho, Group 72, or AuroraPanda.

Attackers Take Over WordPress, Joomla, JBoss Servers to Mine Monero

“Frequency of attacks up about 6 times”

Attacks aimed at delivering cryptocurrency mining tools on enterprise networks have gone up significantly, according to telemetry data collected by IBM’s X-Force team between January and August 2017. A recent report by fellow cyber-security firm Kaspersky found that cryptocurrency mining malware also infected over 1.65 million machines running Kaspersky solutions in the first eight months of the year.

Equifax Sent Breach Victims to Fake Website

“Failure after failure”

Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. Equifax staff advised breach victims on Twitter at least 8 times to access securityequifax2017.com instead of equifaxsecurity2017.com, the website created by the credit reporting agency following the hacker attack that affected as many as 143 million consumers in the U.S., 400,000 in the U.K. and 100,000 in Canada.

Enjoy your read? Check out our other content here.

Cybersecurity in the Boardroom

I had the pleasure of attending Chertoff Group’s Security Series in Palo Alto, CA. The crowd was made up of CISOs, VCs and high ranking officials in government agencies responsible for our country’s cybersecurity. The conversation in the industry has recently been turning toward the fact that cybersecurity is becoming a board level conversation. This is driven by the sophistication and widespread financial impact of ransomware attacks like WannaCry and Petya.  Below are a few pertinent questions discussed at the event that board members should ask as they strive to stay ahead of cyberattacks:

  • Have we prioritized our risk and do we know what’s acceptable and do we know what success looks like?
  • Do we have confidence that we can do the job?
  • Do we have a CEO-led cyber-conscious culture? Is there a linkage between our growth strategy and security?
  • Do we have the right financial incentives to ensure company buy-in?
  • Do we have a healthy appreciation for what we don’t know?

So how do you stay ahead of these threats?  For one, overall board members believe that media coverage is too technical and lacks a clear resolution to security challenges that the non-security experts can easily understand. The Chertoff Group conducted a survey of the top 500 public global enterprises and found that board members learn from sitting on other boards and talking to other CISOs.  “Everyone else” learns from the media and consultants, which makes their decision-making processes more reactive.  While this is a bit frightening, it’s also an opportunity for our clients.  We counsel our clients to move the conversation away from their whiz-bang technology features and more toward how they solve the real-world problems of their customers. It’s both an exciting and challenging time for our clients to help their customers save brand reputation and the negative economic impact of cybercrime.  We’re up for the task and will continue to help our clients focus their messages around influencing the C-suite while also demonstrating how their technology can have a positive business impact.

By Angela Griffo

Special thanks to the Chertoff Group for inviting us to be a part of this conference on security.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 192

GOOGLE FINDS AND BLOCKS SPYWARE LINKED TO CYBERARMS GROUP

“Android spyware blocked”

Google has discovered a new strain of Android malware, Lipizzan, that is able to surveil users text message, emails, calls, and much more. It has yet to appear on many devices, but experts say that it has all the telltale signs signs of a professional, targeted malware intending to attack users in wealthier nations.

Four-Star Kentucky Hotel: Data Breach Could Affect Guests

“Breach threatens customer information”

The Galt House hotel in Louisville, Kentucky has stated that an internal investigation revealed malware has been feeding off the payment processing systems. Any guests staying at the hotel between December 21, 2016 and April 11 are said to have possibly been affected.

Hackers are winning the war as companies worldwide fail on cyber security

“Too many firms are falling short in security”

A new report from Thycotic has shown that most companies worldwide are failing to accurately assess cyber security effectiveness. Survey criteria based on internationally accepted standards in ISO 27001 and best practices from industry experts provides a comprehensive way to define and measure IT security.

Gas Pump Skimmer Sends Card Data Via Text

“Can be detected with mobile devices”

Gas pump card skimming devices most often rely on Bluetooth connectivity to collect the stolen credit card data wirelessly. While often very effective, there is a very apparent downside. Bluetooth-based skimmers can be detected by any user with a bluetooth connected device, and investigators are starting to see these devices send stolen data via text message.

Cyber security not a priority for most sectors, study finds

“Little concern despite huge losses”

A recent study from Savoy Stewart has shown that although data breaches cost UK firms almost £30bn last year, cyber security is still not a big concern for industry sectors. Just 60% of directors or senior managers in finance and insurance consider it a high priority, with data taken from 1,500 firms.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 119

Some Yahoo Employees Knew of Massive Hack in 2014

“Will create more concern in Verizon acquisition”

Yahoo has now admitted that many employees were aware of a state-sponsored hacking attempt that resulted in a critical breach of its network. Personal information from at least half a billion accounts, what is considered to be the largest in history, involved over 200 million usernames and passwords being stolen from users and customers.

Possible Health Data Breach From Employee Laptop

“MGA Home Healthcare notifies patients of possible personal information theft”

Potential data breaches may have occurred with a vendor downloading information in an unauthorized manner while servicing homes. Over 3,000 patient and employee information blocks may have possibly been compromised, left vulnerable in an employee’s vehicle. Law enforcement has been notified and released a statement; “has been conducting a thorough review of the potentially affected records to confirm what information was exposed.”

IoT Worm Can Hack Smart Devices, Prompts Concerns

“Chain reaction can create chain reaction in other devices as well”

A proof-of-concept worm developed by Eyal Ronen, Adi Shamir, and Achi-Or Weingarten of Weizmann Institute of Science, and Colin O’Flynn of Dalhousie that can create insecure web-connected chain reaction hacks is exploiting universal encryption keys over ZigBee networks. This is then capable of moving to other devices via other devices universal keys, able to spread exponentially in what is described as a city-wide basis.

Major Cloud Malware Infested Says Researchers

“Concerns over difficulty identify mount”

Many computer experts are saying that repositories are supplying malware to users, creating a serious epidemic for those using cloud based technologies. Hundreds of buckets have possibly been compromised, says Xiaojing Liao, a graduate student at Georgia Tech who is leading a study that is addressing possible solutions to the issue.

Trump Victory Sparks Fears Over U.S. Encryption, Surveillance Policy

“Donald Trump’s surprise win has brought fears of rights violations, security”

Civil Libertarians and technology companies have voiced serious concern over some of Trump’s potential policies that call for closing down certain parts of the internet to fight Islamic terrorism. Trump won the election Tuesday night, a victory unforeseen by much of the media. The new President-Elect has been a vocal opponent of tech companies being uncooperative with the government on unlocking their technologies to assist with terrorist investigations.

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits £1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over £1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.

10Fold- Security Never Sleeps- 102

J&J Warns Hackers Can Infiltrate Insulin Pump

“Caution advised to patients as cyber vulnerabilities seem possible”

The insulin pumps in question retain a malfunction that could allow hackers to breach its defenses, causing an overdose of insulin. This news breaks while medical security remains of high concern following a series of stories that particular pacemakers and defibrillators exhibited bugs that may signal security vulnerabilities of their own.

Johnson &Johnson describes the potential risk as low as there have been no reported hacking attempts thus far, but is advising patients that there may be certain security flaws they could be subjected to and sharing advice on potential fixes for the issue.

Default Password Danger Shown with Massive Botnet Attack

“IoT devices used to target victims”

Weak default usernames and passwords assigned to internet connected devices seemed to be the target of the Mirai botnet that was responsible for the massive DDoS attack. In contrast to other botnets, this program employs IoT gadgets to select and attack its targets.

This same platform was used to bring down Security reporter Brian Krebs website with another massive DDoS cyber-attack, searching through devices with a list of easily guessable passwords such as ‘12345’ and ‘admin.’

“Zero-day” EMC Console Management Flaws

“Would allow attacker to end malicious programs”

Dell’s vApp manager for Unisphere for VMAX was revealed to have five zero day vulnerabilities, announced by digital security consultants Digital Defense. The web application is used to manage all of EMC’s storage platform, and vulnerabilities breached would allow hackers to send Adobe Flash Action Message Format messages from the server running the program.

Attackers may be able to completely shut down or gain total control of the storage platforms, providing grave cause for concern. EMC has patches available through security advisories on these potential breaches available to Dell EMC customers.