Archive for the ‘Identity and Information loss’ category

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.

Breach at Italy’s Biggest Bank

July 29th, 2017

The leading bank in Italy, UniCredit mentioned that approximately 400,000 of its customers’ data were affected after third party provider was hacked. The name of the third party is withheld. It is one of the major attack on Italy’s financial institution as per the Reuters.

The bank mentioned that data was stolen in two different breaches.

“UniCredit has launched an audit and has informed all the relevant authorities,” the bank said in a statement. “In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.”

Paul Norris, senior systems engineer for EMEA at Tripwire mentioned that these two breaches occurred in a year.

“Basic security hygiene needs to be adopted by all enterprises, not just financial institutions, and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures, which will reduce the overall risk of future attacks,” Norris said.

Evident.io CEO Tim Prendergast mentioned that customers expect that their information should be secured. “Enterprises, therefore, must demand that their partners operate according to the same security rules and protocols they abide by when it comes to customer data,” he said.

“It should be a requirement that all partners use continuous security monitoring of their cloud environments, and adhere to rigorous security protocols if they want to work with a vendor,” Prendergast added.

Matt Walmsley, EMEA director at Vectra Networks, mentioned that the breach reminds companies to take extra care to handle sensitive data.

“In an effort to save costs, businesses often outsource functions to third-party providers and external contractors,” he said. “However, businesses have a duty of care to protect personal information regardless of whether they manage it in-house or out-of-house.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Corelight Rises Series A Funding

July 21st, 2017

A San Francisco-based technology startup Corelight had raised $9.2 million in a Series A round of funding led by Accel Partners. Other participants include Osage University Partners and Dr Steve McCanne, co-founder of Riverbed Technology.

Corelight Sensor is the company product which uses Bro, an open-source network analysis framework to check even the most advanced or stealthy network attacks. Dr Vern Paxson, a professor of computer science at UC Berkeley, who co-founded the company and serves as its chief scientist.

Corelight mentioned that it uses specialized hardware to provide four times the data processing output. It also features high-performance network interface card to quickly generate results.

“Since all data, no matter what the threat vector, travel over networks, the Corelight Sensor is a powerful tool to understand threats” Alan Saldich, CMO of Corelight, told e-security Planet. Those threats include malware infections port scanning, denial of service attacks, unauthorized access, misconfigurations, abuse, exfiltration of data, insider threats, advanced persistent threats, phishing or other email-based attacks, he said.

“While Bro-Corelight is not always the tool that detects incidents–in many cases, it is end users who detect unusual emails or behaviour, or report ransomware–it is the fastest way to resolve them and get clarity about exactly what happened and why to get to the root cause,” continued Saldich.

Corelight Sensor provides output in easy to understand manner.

“Understanding those alerts is a laborious and time-consuming job because there are many systems involved, each with different data, logs, user interfaces, formats and they are not necessarily correlated or organized in a way that is useful to [incident responders],” said Saldich.

“That means that advanced persistent threats can linger undetected or unresolved for hours, days or weeks because dealing with them is so challenging.”

Corelight present the security threat data in a format so that security personals take the action.

“Corelight helps companies resolve cyber security incidents much faster than they can today. We do that by providing clarity and detailed information about all network traffic, summarized and structured specifically for cybersecurity pros and incident responders,” added Saldich.

____________________________________________________________________________________________

Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Kaspersky Lab Defends Allegations

July 18th, 2017

Kaspersky Lab is accused of deep connections with Russia-based hacking efforts. The U.S. government has removed the firm from its vendor list which can be used for federal government. The step was taken after U.S. officials, including Adm. Mike Rogers, director of the National Security Agency and Cyber Command leader, testified before a Senate committee mentioning potential risks from Kaspersky Lab software.

Kaspersky Lab has denied the accusations.

“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government,” the company stated. “The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”

Allegations were also made against Kaspersky Lab that it took active participation in raids with Russian law enforcement officials and ‘hacked back’ against organizations.

“Hacking back is illegal, and Kaspersky Lab has never been involved in such activities,” the company stated. “Instead we are actively participating in joint shut-down of botnets led by law enforcements of several countries where the company provides technical knowledge.”


Kaspersky Lab mentioned that it only provides technical expertise throughout the investigation to help catch cybercriminals.

“Concerning raids and physically catching cybercriminals, Kaspersky Lab might ride along to examine any digital evidence found, but that is the extent of our participation, as we do not track hackers’ locations,” the company stated.

“I want to reassure you, our valued partner – there is no evidence because no such inappropriate ties exist,” he wrote in reference to the Russian government allegations. “While Kaspersky Lab regularly works with governments and law enforcement agencies around the world to fight cybercrime, the company has never helped nor will help, any government in the world with its cyberespionage efforts.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Breach at Hotel Chains

July 16th, 2017

The Trump, Four Seasons, Loews and Hard Rock hotel chains notified customer due to massive breach of Sabre’s SynXis reservations system. Earlier, Google also notified its employees that their personal information may have been breached due to same reservations system.

Trump Hotel

“This incident occurred on the systems of Sabre Hospitality Solutions, a service provider used by Trump Hotels,” the company noted. “It did not affect Trump Hotels’ systems.”

As per the Sabre’s investigation, the hacking was done on Trump Hotels reservation data. Affected information included cardholder names, payment card numbers, card expiration dates and some security codes, as well as some guest names, email addresses, phone numbers and mailing addresses.

Affected Trump properties includes: Trump Central Park, Trump Chicago, Trump Doonbeg, Trump Doral, Trump Las Vegas, Trump Panama, Trump Soho, Trump Toronto, Trump Turnberry, Trump Vancouver, Trump Waikiki, Trump DC, Trump Rio De Janeiro, and Albermarle Estate.

Four Seasons

Sabre’s investigation also determined that Four Seasons payment card and other reservation information was accessed.

”It is important to note that reservations made on Fourseasons.com, with Four Seasons Worldwide Reservations Office, or made directly with any of Four Seasons 10 hotels or resorts were not compromised by this incident,” the company mentioned.

Hard Rock Hotels

Affected Hard Rock properties includes: the Hard Rock Hotel & Casino Biloxi, Hard Rock Hotel Cancun, Hard Rock Hotel Chicago, Hard Rock Hotel Goa, Hard Rock Hotel & Casino Las Vegas, Hard Rock Hotel Palm Springs, Hard Rock Hotel Panama Megapolis, Hard Rock Hotel & Casino Punta Cana, Hard Rock Hotel Rivera Maya, Hard Rock Hotel San Diego and Hard Rock Hotel Vallarta.

Loews Hotels

“Following an investigation, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some Loews Hotels’ hotel reservations processed through Sabre’s CRS,” the Loews Hotels said.

“Every organization entrusted with PII — both the direct-to-consumer providers such as the hospitality chains and the third parties such as Sabre — should constantly be testing and hardening their defenses, and embracing more proactive and effective levels of security such as consumer behavior analytics solutions to help prevent identity thefts,” Lisa Baergen, director of marketing at NuData Security.

“As cybercriminals continue to evolve their methods and capabilities, the challenge facing cyber security professionals will only grow,” Guidance Software president and CEO Patrick Dennis said in a statement. “We see this reflected in the data on the frequency of attacks, costs of a breach and more. Enterprises are beginning to realize that compromise is inevitable, so they need to ensure that they have a complete strategy that includes costs for prevention and deep detection and response tools.”RiskVision CEO Joe Fantuzzi said.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

AI Security Company Series D Round

July 10th, 2017

Darktrace U.K.-based startup which has offices in San Francisco has recently raised $75 million in a Series D round of funding.

Nicole Eagan, CEO at Darktrace, mentioned that Insight Venture Partners’ participation in the investment “is another strong validation of the fundamental and differentiated technology that the Enterprise Immune System represents,” in a statement. “It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”

Company uses artificial intelligence to tackle security threats. The Enterprise Immune System uses the algorithm in real time to stop the attack. It tracks normal behaviour and security threats. It also detects insider threats and zero-day attacks.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Company mentioned that its contract value has now reached $200 million. Bookings are also increased in the US. The headcount in last year is doubled to 500. It has 450 partners. Most important the software has detected over 48,000 serious threats.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Another AI based security company Attivo Networks has also raised $15 million.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers

Healthcare Industry Most Affected by Data Breach

July 8th, 2017

As per reports, healthcare industry was frequently attacked by cyber hackers. Vectra Networks survey suggests that 164 threats were detected per 1,000 host devices. The education industry has 145 threat detections per 1,000 host devices.

 “The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report mentions.

There is a rise of 265 percent in the average number of reconnaissance, lateral movement and exfiltration detections. Also, 333 percent rise was recorded for reconnaissance detections. Finance and technology received below-average threat detection rates mainly due to stronger policies and good response. Media companies have highest rates of exfiltration.

Healthcare industry now has a significant number of IoT.

 “These unsecured devices are easy targets for cybercriminals,” the report mentions.

As per Synopsys survey, sixty percent of manufacturers and 49 percent of HDOs said that usage of mobile devices in hospitals and other healthcare organizations increase data risk. But only 17 percent are employing steps to prevent attacks.

 “The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

Medical devices are difficult to secure as per the eighty percent of respondents.

 “These findings underscore the cyber security gaps that the healthcare industry desperately needs to address to safeguard the wellbeing of patients in an increasingly connected and software-driven world,” Synopsys global director of critical systems security Mike Ahmadi said in a statement.

“The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe, but also secure,” Ahmadi added.

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

 

Content to Prevent Data Breach

July 3rd, 2017

Egnyte a Calif. based content collaboration and governance specialist has launched a new cloud-based solution which looks after insider threat. The product focus on IT security professionals. Nowadays distributed workspace needs shared information system which uses on-premises collaboration platforms or cloud-based services which may cause data breach.

“As users and organizations are more global and interdependent they need to share more content with each other and then need to do it in a secure way using EFSS [enterprise file synchronization and sharing] solutions not email attachments for instance,” Isabelle Guis, chief strategy officer at Egnyte mentioned.

“But as you hire contractors and have many places where your content resides (on-premises, cloud, cloud apps, etc.) it is very difficult to enforce the security policies at the repository level or even train all your users and new hires to properly handle their content.”

Data leaks can occur due to various loopholes.

“For example, a merger and acquisition folder could be shared via a public link and one of the intended recipients forwards the link to someone who should not see that data,” Guis said. “Or, a very common example – a disgruntled employee downloads all of ‘their’ work, which is actually the company’s IP [intellectual property], right before leaving your company and going to a competitor,” a situation allegedly at the center of the high-stakes Google-Uber lawsuit.

Egnyte product looks for sensitive content in the database.

Then it “provides real–time analysis of all the content within an organization and presents actionable insights to help administrators prevent these types of aforementioned data breaches,” Guis said.

“Egnyte Protect continuously analyzes an organization’s entire content environment and classifies the most sensitive information, such as credit card numbers, social security numbers, sensitive IP, HIPAA information, and much more,” she added. “Then, in real–time, Egnyte Protect identifies vulnerabilities, alerts administrators, and offers actions that can immediately fix any issue that is found across all of the organization’s content repositories.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Kmart Attacked by Hackers Again

July 2nd, 2017

Kmart suffered another data breach when its server was attacked by hackers.

 “Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

 Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

 “All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.”

 This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

 “Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioral analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.