Tag Archives: InfoSec

Security Never Sleeps- FinTech Regulation, Firewall Tech

New York’s Historic FinSec Regulation Covers DDoS, Not Just Data

“Financial sector gets a cybersecurity overhaul”

Starting August 29th, New York banks and and other financial actors must report any security event that has a ‘reasonable likelihood’ of causing material harm to normal operations to authorities with 72 hours. Until now, most organizations have been able to sweep data breaches and other comparable embarrassing incidents under the rug without reporting them, or mitigating the FinSec information that is released that may affect customers.

Next generation firewalls to become last generation firewalls

“Security needs constant updates”

Increased end-to-end encryption and the rise of affordable artificial intelligence means your business’ security systems need to be evolved to meet the threats that today’s cyber criminals present. While next generation firewalls still provide a critical component in a business’ security solutions, but no longer provide a “one box to protect it all” turn-key protection system. Today, hackers, knowing most businesses have a NGFW, focus on application layer attacks and they utilize transport layer security to obscure their connections. This evades the defenses provided by a NGFW and requires businesses to either proxy connections at an edge gateway or move security down to the endpoint in order to remain secure.

Heading to College? Job 1: Lock Down your ‘Directory Information’

“Some tips to keep your information secure on campus”

Colleges in the U.S. give away personally identifying data on millions of students each year, defined as unregulated “directory information” for the institutions faculty. Job 1 when arriving on campus: opt out and protect your data from these directories. Check out the link to learn more about shielding your data when you go to school and protect yourself from many would-be cyber criminals who prey on unsuspecting students.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 196

WILL THE REAL SECURITY COMMUNITY PLEASE STAND UP

“Black Hat 2017 a vocab lesson”

Black Hat 2017 emphasized the importance of vocabulary, and it turns out that yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because current advances matter so much.

Android users: beware ‘Invisible Man’ malware disguised as Flash

“Keylogging steals financial records”

Android users have yet another malware program to watch for. A keylogging malicious software that disguises itself as a Flash update and targets financial data. Needless to say, criminals in possession of your credentials will happily suck your bank accounts dry.

Be on the lookout for fileless malware, warns Trend Micro

“Infosec pros warn of illusive malware”

Security experts have been dealing with many new incoming malware programs, but cybercriminals continue to find new issues that pop up on networks every day in an effort to avoid better detection programs. Fileless malware is the latest in this campaign, which is designed to evade sandbox defenses looking for signatures. TendMicro has detected many examples of this.

Hackers have cashed out on $143,000 of bitcoin from the massive WannaCry ransomware attack

“Online wallets breached”

During the WannaCry ransomware attackshackers were able to withdraw about 52.2 bitcoins, or about $143,000, from online cryptowallets. The withdrawals were concerned by Elliptic, and highlights general security concerns over online currencies.

Enjoy your read? Check out our other content here.

My First Trendjack Experience at 10Fold

As a new addition to the 10Fold team, as well as being new to the cybersecurity practice in general, it has been important for me to monitor the news on a daily basis in order to get familiar with trending topics and identify what it is my clients can speak to with authority. Although many stories have caught my eye in the last two months since I started these daily news sweeps, the NotPetya cyber attack stood out to me above all others.  

Peyta/NotPetya/ExPetr/GoldenEye is an ongoing cyberattack that started Tuesday, June 26. It began with a cyberattack in Kiev, Ukraine, where this malware went on to hit around 2,000 computer systems, specifically targeting computers running the Microsoft Windows Operating system. While many people originally believed it to be a form of ransomware similar to the recent ‘Petya’ attacks, this malicious software has been categorized as a  “wiper.” It’s designed to cause mayhem and wipe computers – and is not actually ransomware – which is why this ongoing attack has adopted so many names. It’s similar, but also different in a lot of ways.

Although there were corporations and public sector agencies affected in more than 65 countries all over the world, Ukraine and Russia were hit the hardest, including Ukraine government ministries, banks, utilities, telecom operators, an airport and other major companies. Also attacked were Russian oil giant Rosneft and Russian web security firm group-IB. Computers at the Chernobyl nuclear plant were compromised as well, forcing workers to manually monitor radiation levels, which have their own inherent security and safety challenges. Others hit include companies in the UK, Germany, China and U.S., British advertising giant WWp, French Industrial group Saint-Gobain, Shipping giant A.P. Moller-Maersk, Cadbury, pharmaceutical companies, hospitals and many more.

What was interesting about Petya was that after encrypting files on the PC, it demanded $300 worth of Bitcoin Cryptocurrency in order to supposedly unlock them. It turned out that as the story evolved, the ransomware was later categorized as a wiper, as previously stated, and the computer’s’ files were completely destroyed. Some security experts claim that this attack is more harmful than WannaCry, because rather than spreading only via a weakness in Windows’ SMB, the NotPetya malware can also spread by finding passwords on the infected computer to move from system to system. It extracts passwords from memory and local filesystem. Once inside a corporate network, it works its way from computer to computer, destroying the infected machines’ filesystems.

There has yet to be a solid explanation on the attackers’ motive and what they were after. Researching the attack, NATO said it was likely launched by a state actor or by a non-state actor with support and approval from a nation state since the operation was extremely complex and likely very expensive. The Russian government has been suspected as a possible origin for NotPetya. The latest rumors suggested that it spread by accident by a Ukrainian tax software company, named MeDoc.

NotPetya is continually evolving and more information is exposed every day. As one of the more significant organized attacks in 2017, it should bring awareness to the fact that many are unprotected. Even though large-scale attacks like this are not new, they are important to watch because each time around they are getting stronger and more sophisticated.   

It will be fun keeping an eye on more of these trends as they pop up. The next one I’ll dive into is the recent disclosures of public cloud leaks from organizations using the popular AWS services!

By Kory Buckley

Enjoy your read? Read our other blog content here.

 

Sources:

http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future

https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P

http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231

https://www.theverge.com/2017/7/2/15910826/nato-response-petya-attack-state-actor-russia-ukraine

http://www.csoonline.com/article/3204547/security/petya-wannacry-and-mirai-is-this-the-new-normal.html

https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5f709ac86cf9

10Fold- Security Never Sleeps- 182

The 15 biggest data breaches of the 21st century

“Highlights need for infosec upgrades”

Data breaches are, unfortunately, daily occurrences that end up exposing millions to undue risk. CSO have compiled a list of the 15 biggest breaches of this century, with criteria that includes damage to companies, insurers, and customer account holders. In many cases, passwords and other information were protected via encryption so a password reset eliminated.

New Malware Threatens to Send Users’ Pictures, Internet History and Messages to Friends

“LeakerLocker threatens privacy”

A new type of malware that can access and distribute pictures, browsing history and messages in a users device. The program, LeakerLocker, can be downloaded inadvertently through applications on Google Play, and will lock your phones screen and then claims your sensitive information has been stored.

Hospitals to receive £21m to increase cybersecurity at major trauma centres

“Huge beefing up of infosec”

Hospitals that treat patients for major incidents will receive over £21m for cybersecurity upgrades in the wake of the WannaCry ransomware attacks on NHS IT systems. Helath Secretary Jeremy Hunt pledged the funds in an attempt to shield the healthcare sector from the disruptions of malware events in the future.

Cyber security industry believes GDPR is stifling innovation

“Looked skeptically upon by the community”

A recent poll of Infosecurity Europe 2017 attendees showed that almost half think that the EU General Data Protection Regulation is stifling innovation by making companies nervous about cloud services. There are several concerns respondents named as issues with the regulations, including the perceived inability to find and/or report a data breach within 72 hours.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 181

IoT Devices Plagued by Lesser-Known Security Hole

“Massive exposure for IoT devices”

IoT device security is often challenged on the public internet. Most recently, MQTT communications have been found by researchers at Black Hat that the 90’s era protocol can be easily manipulated to access many sensitive machines. In the past, these processes have been used to sabotage or snoop on power plants, ATM’s, and other devices.

Cyber security training must reflect real risks, warns the IISP

“False sense of security likely”

The IISP is warning businesses that in the rush to ‘skill-up’ on cyber security processes could lead to firms resting at ease under false pretenses. The Institute of Information Security Professionals advises firms to invest wisely in training and consider the quality and applicable benefits.

Malware scam zeroes in on ANZ customers

“Fake email plaguing ANZ customers”

Clients of the ANZ bank are receiving fake emails loaded with malware intending to steal their sensitive data. Email filtering company MailGuard has stated that a type of ‘highly convincing’ fraudulent ANZ bank invoices have begun to circulate in the morning of July 11th.

How a data breach can negatively impact your company’s stock price

“Lasting effects not typically discussed”

We all know that company data breaches can lead to lost records, IP theft, and much more. However what is not discussed as often is the focus of the Comparitech report released Tuesday. The report detailed the lasting impact of a data breach, including effects on stock price, that can last for years after the fact.

Enjoy your read? Check out our other content here.