Archive for the ‘Security Flaw’ category

IoT Security Skills in Energy Companies

December 5th, 2017

Inmarsat survey of senior IT decision makers from 100 large energy companies worldwide shows that fifty four percent need additional security skills to deliver successful IoT projects. Fifty three percent need to make significant investments to fulfill requirements.

Other findings include-

Only two percent mentioned that IoT do not create new challenges

Thirty percent said they have given special consideration for IoT in security apparatus

Fifty nine percent mentioned that their board has insufficient knowledge of IoT

“The core operations of energy companies have traditionally been insulated from the destructive cyber attacks that have destablized other industries, as they were not connected to the Internet,” Inmarsat senior director for energy Chuck Moseley said in a statement. “But with the advent of IoT, more and more parts of their infrastructure are being connected, creating new vulnerabilities and risks.”

“Worryingly, our research shows that many energy businesses lack the security processes and skills to address these new vulnerabilities,” Moseley added. “This needs to be quickly addressed, and it must be driven by senior leadership within energy businesses, to ensure that they do not miss out on the huge potential value that IoT can bring to the energy sector.”

Another survey conducted by CyberX study of 375 industrial networks worldwide shows that thirty one percent are connected to the public Internet. Seventy six percent are running outdated and unpatchable operating systems like Windows XP and Windows 2000.

“Most of these ICS/SCADA sites were built years ago, long before the proliferation of Internet connectivity and the need for real-time intelligence,” the report states. “The key priorities were performance and reliability rather than security.”

“We don’t want to be cyber Cassandras — and this isn’t about creating FUD — but we think business leaders should have a realistic, data-driven view of the current risk and what can be done about it,” CyberX CEO and co-founder Omer Schneider said in a statement.

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

New Google Patch for Android

December 2nd, 2017

Google released possibly its final Android security update for 2017. The latest patch addresses at least 42 different vulnerabilities which includes 11 flaws in the media framework (five are critical remote code execution issues).

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Libmedia and libstagefright components of the Android media framework is patched in every single security update provided by Google since August 2015. Google provided update every single month after the Stagefright vulnerability which was first publicly disclosed at Black Hat USA 2015.

“The state of the union for Android security is strong and I have spent time making sure it stays strong,” Adrian Ludwig said, the man who runs Android security for Google. “It’s not just about building a safe; it’s about building something that can react and respond to security quickly.”

In this new update, the critical remote code execution flaw in the system component is also addressed.

“We’re updating all Nexus devices — the Nexus 4, 5, 6, 7, 9 and 10 and even the Nexus players — and we’re patching for libstagefright,” Ludwig said. “This is the single largest mobile software update the world has ever seen.”

Security support will extend for three years from a time Nexus device appears in the market.

“The industry has looked at recent events and realized that it needs to move fast, and we need to tell people what we’re doing,” Ludwig said.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Ludwig also mentioned that, “We’re taking an aggressive stance to see if an application is doing something wrong, and we’re working with the developers and the development process to make it right.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.

DDoS Attack

November 29th, 2017

DDoS attack attempts on organizations was 237 per month or eight attack attempts a day in third quarter of 2017.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” Corero CEO Ashley Stephenson said in a statement. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device,” Stephenson added. “Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

In second quarter of 2017, the attack leveraged multiple vendors “Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats,” Stephenson said.

Sapio Research conducted survey on behalf of CDNetworks. It shows that 88 percent of U.S. respondents are confident in their current DDoS mitigation capabilities. Among them 69 percent got affected by DDoS attack within the past 12 months.

“The results show that most U.S. companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response,” CDNetworks Americas managing director Alex Nam said in a statement. “This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency.”

There was increase in attack on gaming services and on platforms offering new financial services such as initial coin offerings (ICOs).

“Entertainment and financial services — businesses that are critically dependent on their continuous availability to users — have always been a favorite target for DDoS attacks,” Kaspersky head of DDoS protection Kirill Ilganaev said in a statement. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.

Ransomware Attack and Phony Websites

November 23rd, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Device Theft Incidents

November 20th, 2017

Brevard Physician Associates

Brevard Physician Associates mentioned that it was burglarized which possibly affected health data for 7,976 patients. The incident came to notice when the company saw tripped security alarm. An employee of the company found that three computers were missing.

Affected information included patient names, the names of patients’ insurance providers, the amount charged for the services provided, and the CPT codes of the services provided. However, patient addresses, dates of birth, telephone numbers, Social Security numbers, insurance ID numbers, and financial information were not included.

“We believe that the information contained on the stolen computers presents a minimal risk of future identity theft or financial fraud,” Brevard stated. “All three computers were password protected with strong passwords. Additionally, all of the data from all three computers will be automatically deleted upon their connection to the internet.”

Brevard also mentioned that it has “enhanced the security” at its office. Additional policies are in place to ensure it is “appropriately secured in the future.”

Martinsville Henry County

Martinsville Henry County (MHC) Coalition for Health and Wellness recently suffered data breach at Bassett Family Practice. The incident involved stolen laptop from the Bassett employee’s car.

Facility believe that the thief was after the laptop and not the information. As per the OCR data breach reporting tool, total 5,806 individuals may have been impacted.

Affected information includes patient names, dates of birth, account numbers, identity of providers, and/or details about patient visits with the practice. There is currently no indication that Social Security numbers or financial information was on the device.

“We are currently upgrading our IT security policies, procedures and related equipment to prevent future information from being stored on a laptop in an unencrypted manner,” Bassett said. “Please understand we value our relationship with you and take the security of your personal information very seriously. We have taken immediate steps and we will continue to evaluate our technology, policies and procedures in our efforts to prevent another occurrence such as this from happening in the future.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

DHS and FBI warns of APTs Targeting

October 27th, 2017

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have recently mentioned in a statement that an advanced persistent threat (APT) campaign is specifically targeting government entities and organizations. The affected entities are energy, nuclear, water, aviation and critical manufacturing sectors.

Attackers are targeting low security networks and third party suppliers.

“Based on malware analysis and observed [indicators of compromise], DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” the alert mentioned

Attackers use public website tor phishing attack.

“As an example, the threat actors downloaded a small photo from a publicly accessible human resources page,” the report states. “The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”

Hackers try to steal login information through security loopholes.

“Although these watering holes may host legitimate content by reputable organizations, the threat actors have altered them to contain and reference malicious content,” the alert mentioned.

“Approximately half of the known watering holes are trade publications and information websites related to process control, ICS, or critical infrastructure.”

Attackers conduct reconnaissance operations after getting into system.

“Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network,” the alert states. “The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.”

In one case hackers got inside energy installation systems.

Virsec Systems CEO Atiq Raza told eSecurity Planet that attack has common pattern “Rather than directly attacking high security networks, hackers are doing careful reconnaissance of connected third parties, staging servers or watering holes for insiders,” he said. “Once hackers steal credentials, or find a less secure backdoor, they can quickly pivot to more secure servers, bypassing traditional network perimeter security.”

“IT security needs to assume the perimeter is porous and focus more directly on guarding sensitive applications and data,” Raza added.

____________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Breaches in US Financial Service Organizations

October 23rd, 2017

As per the 2017 Thales Data Threat Report, forty two percent of U.S. financial services organizations got affected by data breach. Survey saw participation of 1,100 senior security executives worldwide. The findings are as below:

Twenty four percent of the organizations suffered data breach in last year alone

Nineteen percent suffered data breach in 2016

Eighty-six percent of participants believe they are vulnerable to data threats.

Ninety six percent will use sensitive data in an advanced technology environment

“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers,” Thales e-Security vice president of strategy Peter Galvin said in a statement.

“As digitization continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data — wherever it is created, shared or stored,” Galvin added.

A recent survey conducted by ISMG survey of over 250 banking and security leaders found that 38 percent have confidence in threat detection deployed by companies.

“This survey certainly shows that while consumers may shoulder many direct costs and burdens associated with fraud, institutions are also suffering substantially,” NuData Security marketing director Lisa Baergen told eSecurity Planet by email.

“The global uptick in fraud, coupled with ever-increasing amounts of PII available on the black market, makes financial institutions more vulnerable and as a result, their security investments are growing yet their confidence in them isn’t,” Baergen added.

As per Symantec’s Q2 Mobile Threat Intelligence Report: Mobility and Finance found that twenty five percent of mobile devices used by employees at financial services organizations are at risk.

“Since user behavior is such a huge factor in mobile security, user education is one of the most important things an organization can do to… minimize the threat to their organizations through mobile devices,” the report suggests.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korean Hackers

October 11th, 2017

South Korean ruling party lawmaker Lee Cheol-hee said that North Korean hackers have stole 235 GB of data from South Korea’s Defense Integrated Data Center which includes operational plans created by Seoul and Washington for all-out war with North Korea.

The data includes plans for “decapitating” the North Korean leadership if war breaks out. It also includes contingency plan.

“The Ministry of National Defense has yet to find out about the content of 182 GB of the total [stolen] data,” he said.

As per the Pentagon spokesman Colonel Rob Manning, all key information remains secure. “I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea,” he said.

“We’ll continue to work closely with our partners in the international community in identifying, tracking and countering any cyber threats,” Manning added.

As per the AlienVault threat engineer Chris Doman, hacker group responsible for the attacks is possibly a subgroup of the attackers behind WannaCry, the Sony breach, and the SWIFT hacks. “They are very active, and I continue to see new malware samples from them every week,” he said.

“In Ukraine, the number of cyber attacks, and their level of sophistication, rose with fighting on the ground,” Comodo senior research scientist Kenneth Geers said. “The threat of sudden decapitation via cyber and traditional strikes may force Kim Jong-un into making desperate moves.”

“Cyber is more unpredictable than traditional weaponry, because you may lose control of your assets before you know it,” Geers added. “Given that the risk is international nuclear war, there are no limits on what both sides might do in cyberspace to prepare the battlespace, in an effort to improve the prospects of victory for their side.”

Geers also mentioned that North Korean hackers may plan sabotage operations in case of war. “It is possible that North Korea might receive cyber help from Russia and/or China, who may perceive an interest in undermining U.S. geopolitical goals, as well as testing national cyber capabilities,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Deloitte Firm Data Breach

September 26th, 2017

Deloitte firm suffered data breach when it was hit last year by a cyber attack. The incident affected confidential emails and plans of at least six of its clients. Firm mentioned that attack was privileged, unrestricted ‘access to all areas.

Affected information also included usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

As per the statement “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” the company added.

As per the source, the exact duration was not known to the company.

“I think it’s unfortunate how we have handled this and swept it under the rug,” the source told Krebs. “It wasn’t a few emails like reported. They accessed the entire email database and all admin accounts. But we never notified our advisory clients or our cyber Intel clients.”

Raytheon chief strategy officer for cyber services Josh Douglas mentioned that data was not protected properly. “Two-factor authentication … is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” he said.

He added that 2FA alone isn’t enough. “Organizations need to hunt threats to their network proactively and adopt an incident response plan that prevents or limits the exfiltration of sensitive data,” he said. “Comprehensive cybersecurity is especially important in the era of cloud computing, where companies are storing sensitive data remotely. As we tell our clients, cloud computing puts your information on someone else’s computer — so it’s vital to protect the cloud exactly as you would your own servers.”

“Some key elements to such a strategy are an optimally deployed and tuned SIEM platform leveraging machine learning, a combination of internal and external expertise actively engaged in analysis, and the use of deception technology to identify active attackers and suspicious behavior,” Netsurion CISO John Christly said.

VASCO Data Security CMO John Gunn mentioned growing trends among hacker to attack other confidential. ”This was first evidenced by the successful attack on newswire services that yielded hackers more than $100 million of insider trading profits, and more recently with the successful breach of the SEC for confidential information on publicly traded companies,” he said.

“Firms such as Deloitte that have troves of sensitive, non-public information that could be used for illegal trading activity will find themselves increasingly in the cross-hairs of sophisticated hacking organizations,” Gunn added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.