Archive for October, 2017

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korean Hackers

October 11th, 2017

South Korean ruling party lawmaker Lee Cheol-hee said that North Korean hackers have stole 235 GB of data from South Korea’s Defense Integrated Data Center which includes operational plans created by Seoul and Washington for all-out war with North Korea.

The data includes plans for “decapitating” the North Korean leadership if war breaks out. It also includes contingency plan.

“The Ministry of National Defense has yet to find out about the content of 182 GB of the total [stolen] data,” he said.

As per the Pentagon spokesman Colonel Rob Manning, all key information remains secure. “I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea,” he said.

“We’ll continue to work closely with our partners in the international community in identifying, tracking and countering any cyber threats,” Manning added.

As per the AlienVault threat engineer Chris Doman, hacker group responsible for the attacks is possibly a subgroup of the attackers behind WannaCry, the Sony breach, and the SWIFT hacks. “They are very active, and I continue to see new malware samples from them every week,” he said.

“In Ukraine, the number of cyber attacks, and their level of sophistication, rose with fighting on the ground,” Comodo senior research scientist Kenneth Geers said. “The threat of sudden decapitation via cyber and traditional strikes may force Kim Jong-un into making desperate moves.”

“Cyber is more unpredictable than traditional weaponry, because you may lose control of your assets before you know it,” Geers added. “Given that the risk is international nuclear war, there are no limits on what both sides might do in cyberspace to prepare the battlespace, in an effort to improve the prospects of victory for their side.”

Geers also mentioned that North Korean hackers may plan sabotage operations in case of war. “It is possible that North Korea might receive cyber help from Russia and/or China, who may perceive an interest in undermining U.S. geopolitical goals, as well as testing national cyber capabilities,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Fast Flux Botnets is a Security Risk

October 8th, 2017

Attackers use many techniques which is hidden in nature. Akamai research mentioned that a botnet with over 14,000 IP addresses uses fast flux DNS technique to avoid detection. It is technique which uses Domain Name System (DNS) to hide the source of an attack.

Multiple sets of IP address are rapidly swapped in and out of the DNS records which avoids detection. Most of the attack are coming from eastern Europe.

“No attribution to a specific attacker, but the research shows that the majority of botnet IP addresses are from Ukraine, Romania and Russia,” Or Katz, Principal Lead Security Researcher, Akamai, told eSecurityPlanet.

Botnets have been using fast flux techniques earlier which includes the zBot and Avalanche networks.

It is not a new technique. The focus of the research conducted by Akamai is to show analysis using data science approaches.

“According to the evidence we were able to collect, we assume that the botnet infrastructure is based on compromised machines and the machines that are associated with the botnet are constantly changing,” Katz said. “The fast flux technique being used is abusing the features of DNS in a way that serve their objectives.”

Akamai has not given the specifics of the attack.

“While tracking fast flux botnet is challenging, it is possible to do so by using algorithms that capture the fluxing behavior by looking on the relevant features, and this can lead to detecting such networks out-of-the-box,” Katz said.

One can detect botnets attack by having threat landscape visibility along with DNS and web traffic monitoring.

“Fast flux botnets are using domain names as the way for communication with malware,” Katz said. “Having algorithms that can track those domain names, once they start to become active, can reduce the effectiveness of such botnets.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running IOS and Android are encrypted before access is granted.

Outsourcing Solution for Skill Gap?

October 5th, 2017

A recent survey shows that there is huge skill gap in security staff. Three hundred and fifteen IT security professionals participated. Seventy two percent mentioned that it is difficult to hire skilled staff.

Ninety percent of the participants believe that technology vendors can help to address the skills gap. Ninety six percent believe automation can solve skill gap.

Tripwire sponsored the survey and was conducted by Dimensional Research. Forty seven percent of respondents are worried about losing security capabilities due to skill gap.

Other findings include –

Fifty two percent mentioned that they’re concerned about coping up with vulnerabilities

Twenty nine percent are concerned about keeping track of devices and software on the network

Twenty four percent are concerned about identifying and responding to issues in a timely manner

“Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities,” Tripwire vice president of product management and strategy Tim Erlin said in a statement.

Eight percent believe they need expertise in the cloud.

“Growing adoption of cloud, IoT and DevOps brings about new challenges that security teams with need to keep up with, and if organizations want to bridge a technical skills gap they should look to work with security vendors and managed security providers who can help them address today’s major attack types, while also offering training to their existing IT teams,” Erlin said.

“As security continues to become an even bigger challenge for organizations, we can expect to see more and more businesses outsourcing to gain security expertise in the future,” he added.

Another (ISC)2 survey of more than 3,300 IT professionals stated that there is no adequate  resources for security training.

Only thirty five percent said that there is active action taken on security issues.

“Security is a shared responsibility across any enterprise or government agency,” (ISC)2 CEO David Shearer said in a statement. “Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Oracle CEO Promises Autonomous Security Technology

October 2nd, 2017

Oracle’s founder Larry Ellison mentioned Equifax mistakes while mentioning that new Oracle technology would help to prevent Oracle customers from the data breach.

Due to vulnerability in the Apache Struts framework, there was data breach which exposed personally identifiable information on 143 million Americans.

“The biggest threat by far in cybersecurity is data theft,” Ellison said. “Preventing data theft is all about securing your data.”

As per the Oracle CEO, Oracle database is the safest database. Its new Oracle 18c database has autonomous capabilities. It has auto-tuning as well as automatic patching capabilities.

Ellison plans on announcing a new cyber-security service.

“You have to know when you’re being attacked and as they come in and you better detect that during reconnaissance phase,” Ellison said. “The attacker’s goal is to take your data and send it someplace else.”

The new system will automatically detect threats when they first appear. It will immediate defend and remediate against the detected problem.

He also mentioned that automated patching is key to the cyber defense.

“We have to automate our cyber-defences and you have to be able to defend yourself without taking your systems offline or shutting down your database,” Ellison said.

The new system makes use of machine learning and has the same underlying technology foundation as the Oracle 18c database.

“No human error means no opportunities for human malicious behaviour,” Ellison said.

“After your database’s been notified by your security system it has to be able to patch itself immediately while running,” he explained.

“There was a patch available for Equifax [but] somebody didn’t apply it. It’s a clean sweep; directors aren’t safe, nobody’s safe when something like that happens. People are going to get better at stealing data and we have to get a lot better at protecting it.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.