Archive for the ‘identity theft’ category

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korean Hackers

October 11th, 2017

South Korean ruling party lawmaker Lee Cheol-hee said that North Korean hackers have stole 235 GB of data from South Korea’s Defense Integrated Data Center which includes operational plans created by Seoul and Washington for all-out war with North Korea.

The data includes plans for “decapitating” the North Korean leadership if war breaks out. It also includes contingency plan.

“The Ministry of National Defense has yet to find out about the content of 182 GB of the total [stolen] data,” he said.

As per the Pentagon spokesman Colonel Rob Manning, all key information remains secure. “I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea,” he said.

“We’ll continue to work closely with our partners in the international community in identifying, tracking and countering any cyber threats,” Manning added.

As per the AlienVault threat engineer Chris Doman, hacker group responsible for the attacks is possibly a subgroup of the attackers behind WannaCry, the Sony breach, and the SWIFT hacks. “They are very active, and I continue to see new malware samples from them every week,” he said.

“In Ukraine, the number of cyber attacks, and their level of sophistication, rose with fighting on the ground,” Comodo senior research scientist Kenneth Geers said. “The threat of sudden decapitation via cyber and traditional strikes may force Kim Jong-un into making desperate moves.”

“Cyber is more unpredictable than traditional weaponry, because you may lose control of your assets before you know it,” Geers added. “Given that the risk is international nuclear war, there are no limits on what both sides might do in cyberspace to prepare the battlespace, in an effort to improve the prospects of victory for their side.”

Geers also mentioned that North Korean hackers may plan sabotage operations in case of war. “It is possible that North Korea might receive cyber help from Russia and/or China, who may perceive an interest in undermining U.S. geopolitical goals, as well as testing national cyber capabilities,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Fast Flux Botnets is a Security Risk

October 8th, 2017

Attackers use many techniques which is hidden in nature. Akamai research mentioned that a botnet with over 14,000 IP addresses uses fast flux DNS technique to avoid detection. It is technique which uses Domain Name System (DNS) to hide the source of an attack.

Multiple sets of IP address are rapidly swapped in and out of the DNS records which avoids detection. Most of the attack are coming from eastern Europe.

“No attribution to a specific attacker, but the research shows that the majority of botnet IP addresses are from Ukraine, Romania and Russia,” Or Katz, Principal Lead Security Researcher, Akamai, told eSecurityPlanet.

Botnets have been using fast flux techniques earlier which includes the zBot and Avalanche networks.

It is not a new technique. The focus of the research conducted by Akamai is to show analysis using data science approaches.

“According to the evidence we were able to collect, we assume that the botnet infrastructure is based on compromised machines and the machines that are associated with the botnet are constantly changing,” Katz said. “The fast flux technique being used is abusing the features of DNS in a way that serve their objectives.”

Akamai has not given the specifics of the attack.

“While tracking fast flux botnet is challenging, it is possible to do so by using algorithms that capture the fluxing behavior by looking on the relevant features, and this can lead to detecting such networks out-of-the-box,” Katz said.

One can detect botnets attack by having threat landscape visibility along with DNS and web traffic monitoring.

“Fast flux botnets are using domain names as the way for communication with malware,” Katz said. “Having algorithms that can track those domain names, once they start to become active, can reduce the effectiveness of such botnets.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running IOS and Android are encrypted before access is granted.

Outsourcing Solution for Skill Gap?

October 5th, 2017

A recent survey shows that there is huge skill gap in security staff. Three hundred and fifteen IT security professionals participated. Seventy two percent mentioned that it is difficult to hire skilled staff.

Ninety percent of the participants believe that technology vendors can help to address the skills gap. Ninety six percent believe automation can solve skill gap.

Tripwire sponsored the survey and was conducted by Dimensional Research. Forty seven percent of respondents are worried about losing security capabilities due to skill gap.

Other findings include –

Fifty two percent mentioned that they’re concerned about coping up with vulnerabilities

Twenty nine percent are concerned about keeping track of devices and software on the network

Twenty four percent are concerned about identifying and responding to issues in a timely manner

“Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities,” Tripwire vice president of product management and strategy Tim Erlin said in a statement.

Eight percent believe they need expertise in the cloud.

“Growing adoption of cloud, IoT and DevOps brings about new challenges that security teams with need to keep up with, and if organizations want to bridge a technical skills gap they should look to work with security vendors and managed security providers who can help them address today’s major attack types, while also offering training to their existing IT teams,” Erlin said.

“As security continues to become an even bigger challenge for organizations, we can expect to see more and more businesses outsourcing to gain security expertise in the future,” he added.

Another (ISC)2 survey of more than 3,300 IT professionals stated that there is no adequate  resources for security training.

Only thirty five percent said that there is active action taken on security issues.

“Security is a shared responsibility across any enterprise or government agency,” (ISC)2 CEO David Shearer said in a statement. “Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

New Anti-Malware Engine by BullGuard

September 30th, 2017

London cybersecurity software provider BullGuard launched new anti-malware engine to detect and block advanced threats.

“The new engine is specifically designed to protect against zero-day threats or threats, such as polymorphic malware and file-less attacks, for which traditional signature-based engines are insufficient. The engine monitors a wide array of behaviours across the device and utilizes a comprehensive set of rules to discriminate bad behaviour from good,” explained Paul Lipman, CEO of BullGuard.

“The client-side engine is supported by a cloud-based machine learning system that continually learns from data across our customer base, and from our automated malware research systems, so the ruleset and engine functionality improve on an on-going basis,” continued Lipman.

The company is further branching out from its consumer antivirus roots with a real-time Home Network Scanner feature in BullGuard Premium Protection that continually scans a home’s Wi-Fi networks for internal threats. It also enlists the cloud to scan home networks using external vectors, a similar tactic to that used by security professionals to perform penetration testing.

Home Network Scanner finds cybersecurity problems. There is a rise in the attack on IoT devices.

“Earlier this year BullGuard released an IoT scanner that checks whether your home network is accessible from the open internet. We found that approximately five percent of people using our scanner had open ports that could potentially be compromised by attackers,” revealed Lipman.

“Consumer routers are notoriously hackable, as we’ve seen this year in multiple news stories (most notably the Wikileaks revelation about how the CIA has been pwning consumer routers for over a decade),” he added. “The new home network scanner offered in BullGuard Premium Protection takes this scanning to the next level, utilizing a deeper scan from multiple locations in the cloud, and coupling this with internal network scanning capabilities to ensure that our customers are immediately aware of potential vulnerabilities.”

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

APT33 Attacks US companies

September 29th, 2017

As per the FireEye researchers, Iranian government hacking group is using phishing attacks to target companies in the U.S., Saudi Arabia and South Korea. The group is named as APT33.

In the past year,  the group is able to access to many U.S. organization in the energy sector. It also targeted refining and petrochemicals in South Korean and aviation business in Saudi Arabia.

“We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s military aviation capabilities to enhance Iran’s domestic aviation capabilities or to support Iran’s military and strategic decision-making vis a vis Saudi Arabia,” the researchers wrote.

“Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities,” FireEye director of intelligence analysis John Hultquist said in a statement. “Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world.”

STEALTHbits Technologies CTO Jonathan Sander told eSecurity Planet that this is changing the face of cyber attacks.”When a cyber attack occurs, most still envision some young man in a hoodie or loner in a basement,” he said. “However, most of the bad guys today are professionals working for governments, organized crime, or even private [firms] in countries with lax laws that let cybercrime be a middle-class profession.”

“Organizations tend to focus defense on attacks that would exfiltrate data,” he said. “Many use the common notion that we’ve all been penetrated already as an excuse to only worry about defending against the last stage of most attacks where that data is stolen. When the motivation is destruction, though, the part where the data leaves never happens, and the trap is never sprung.”

Virsec Systems co-founder and COO Ray DeMeo mentioned there is no surprise in such groups. “We’ve seen clear evidence for some time that nation-state funded groups are using systematic, methodical, and innovative techniques to find weaknesses in networks and critical infrastructure systems,” he said.

“Expect ongoing cyber warfare to be the new normal, and it’s critical that all organizations take security much more seriously, improve their detection and protection capabilities, and train all employees to protect their credentials against theft,” DeMeo added.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Deloitte Firm Data Breach

September 26th, 2017

Deloitte firm suffered data breach when it was hit last year by a cyber attack. The incident affected confidential emails and plans of at least six of its clients. Firm mentioned that attack was privileged, unrestricted ‘access to all areas.

Affected information also included usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

As per the statement “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” the company added.

As per the source, the exact duration was not known to the company.

“I think it’s unfortunate how we have handled this and swept it under the rug,” the source told Krebs. “It wasn’t a few emails like reported. They accessed the entire email database and all admin accounts. But we never notified our advisory clients or our cyber Intel clients.”

Raytheon chief strategy officer for cyber services Josh Douglas mentioned that data was not protected properly. “Two-factor authentication … is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” he said.

He added that 2FA alone isn’t enough. “Organizations need to hunt threats to their network proactively and adopt an incident response plan that prevents or limits the exfiltration of sensitive data,” he said. “Comprehensive cybersecurity is especially important in the era of cloud computing, where companies are storing sensitive data remotely. As we tell our clients, cloud computing puts your information on someone else’s computer — so it’s vital to protect the cloud exactly as you would your own servers.”

“Some key elements to such a strategy are an optimally deployed and tuned SIEM platform leveraging machine learning, a combination of internal and external expertise actively engaged in analysis, and the use of deception technology to identify active attackers and suspicious behavior,” Netsurion CISO John Christly said.

VASCO Data Security CMO John Gunn mentioned growing trends among hacker to attack other confidential. ”This was first evidenced by the successful attack on newswire services that yielded hackers more than $100 million of insider trading profits, and more recently with the successful breach of the SEC for confidential information on publicly traded companies,” he said.

“Firms such as Deloitte that have troves of sensitive, non-public information that could be used for illegal trading activity will find themselves increasingly in the cross-hairs of sophisticated hacking organizations,” Gunn added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Attack on Critical Infrastructure

September 2nd, 2017

Symantec researchers recently investigated and published findings of new cyber attacks which targeted the energy sector in Europe and North America. Attack group is known as Dragonfly which is involved in such activities since 2011.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the Symantec researchers wrote in a blog post.

Symantec cyber security researcher Eric Chien mentioned Reuters that many of companies have been targeted which few based in U.S.

“As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software,” the researchers mentioned.

Attackers were trying to gain remote access to the system.

“Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks,” the researchers wrote. “This custom malware is not available on the black market, and has not been observed being used by any other known attack groups.”

RiskVision CEO Joe Fantuzzi mentioned that there is a rise in the attack on the energy sector. “Critical infrastructure is clearly becoming more of a target for hackers as it provides access not only to sensitive information but the ability to dramatically impact and/or harm large numbers of people,” he said.

Fantuzzi added that energy sector company should do risk analysis. “Unfortunately, security defenses protecting these systems have often been neglected or routinely deprioritized, and as a result, are substandard or completely outdated, thus giving cyber criminals an easy entry into these networks,” he said.

 ___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ukraine’s Postal Service Hit

August 11th, 2017

Ukraine’s national postal service website Ukrposhta was hit by DDoS attacks for two days. The facility mentioned that it was able to start the service after the first day attack. On the second day, the service was slowed down by the attack.

Igal Zeifman Imperva director of marketing said that its not unusual to see such repeat attacks. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between attacks,” he said.

“In the first quarter of the year, we saw the number of such repeat assaults reach an all-time high, with over 74 percent of DDoS targets attacked at last twice in the span of that quarter,” Zeifman added.

Ukposhta was attacked earlier by hackers. In the late June it was impacted by NotPetya attacks.

As per Kaspersky Lab Q2 2017 DDoS Intelligence Report this quarter saw a 277-hour DDoS attack and 131 percent longer than the longest DDoS attack in Q1 2017.

It also mentioned that DDoS attacks hit 86 countries, up from 72 countries in Q1 2017. The most affected countries were China, South Korea, the U.S., Hong Kong, the U.K., Russia, Italy, the Netherlands, Canada and France.

Kaspersky also said that there is an increase in Ransom DDoS or RDos attacks

“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS attackers,” Kaspersky Lab head of DDoS protection Kirill Ilganaev said in a statement. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion.”

“These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore can be easily convinced to pay ransom with a simple demonstration,” Ilganaev added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.