information security

New Phishing Attack

August 19th, 2017

Comodo researchers found a new ransomware campaign which targeted tens of thousands using simple email which contained only attachment and no text. The file name is E 2017-08-09 (xxx).xxx with the number in parentheses and different file extension with each email.

After the click on the attachment, a new Locky ransomware variant called IKARUSdilapidated is downloaded.

“Named for the appearances of ‘IKARUSdilapidated’ in the code string, it is clearly related to the ‘Locky’ Trojan and shares some of its characteristics,” the researchers note. “As a new malware variant, it is read as an ‘unknown file’ and is allowed entry by organizations not using a ‘default deny’ security posture (which denies entry to all unknown files until it is verified that they are ‘good’ files and are safe to have enter the IT infrastructure).”

The attachment is unreadable having the following phrase-

“Enable macro if data encoding is incorrect,” a social engineering technique which runs  run a binary file that downloads an encryption Trojan.

Comodo-protected endpoints found out more than 62,000 phishing emails on Aug 9,10 and 11. Eleven thousand IP address where used from one thirty-three different countries.

“This quantity of servers can only be used for a specific task if they are formed into a large bot network (or botnet), and have a sophisticated command and control server architecture,” the researchers note.

As per the Kaspersky, Locky and its variants were the most profitable form of ransomware.

“Ransomware is here to stay, and we will have to deal with it for a long time to come,” Google senior strategist Kylie McRoberts said.

Tripwire principal security researcher Travis Smith told that sending such email is a profitable method.

“For ransomware, the attacker just needs one low-level employee to click a link or open an attachment,” he said.

“That one click then allows them to immediately be paid hundreds, if not millions, of dollars in nearly anonymous cryptocurrency,” Smith added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Staff Shortage for Cyber Security

August 15th, 2017

The findings of recent Tripwire survey of 108 people at Black Hat USA 2017 has below findings-

Eighty-five percent of cyber security pros mentioned that they need more people

Eighty four percent mentioned that they need new technology

Twenty-eight percent mentioned that they need vendor services

Seventy percent mentioned that hiring experienced professionals is on priority

Thirty percent mentioned that they are willing for on job training

“Tools alone can’t solve the challenges in cyber security,” Tripwire vice president Tim Erlin said in a statement. “Organizations need talented staff to drive process improvements, administer tools and push for continuous improvement.”

“If you think the answer to the problems that keep you up at night is a new cyber security tool, it’s time to reassess,” Erlin added. “Security is built on strong foundations, and the best practices need to adapt to the changing threat landscape, but the core of what’s necessary for defense remains consistent.”

As per the research firm Gartner,  information security spending will climb to $86.4 billion in 2017

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” Gartner principal research analyst Sid Deshpande mentioned in a statement.

Sid also mentioned that investing on new tech is not the complete solution “As seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said.

“Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening.”

“Cyber attacks and data breaches are on the rise and being broadcast in the media, and with it a need for more security professionals, services and tools to protect organizations,” AsTech chief security strategist Nathan Wenzler said.

“Further, if we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and towards applications and people,” Wenzler added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.

Qualys CEO mentions that WannaCry a “Godsend” for his Business

August 5th, 2017

Security vendor Qualys CEO Philippe Courtot mentioned that the WannaCry ransomware and the planned General Data Protection Regulations (GDPR) are “godsends” that will help the company to grow further. He said this during company’s second quarter fiscal 2017 earnings call.

Qualys revenue saw 14% increase compared to previous year. This year revenue is $55.3 million.  Company is now estimating growth of 17 to 18%.

“Recent attacks like WannaCry and Petya have made it clear that the days of scanning the network perimeter and a few critical servers are over,” Courtot said during his company’s earnings call. “Enterprises now require scalability, accuracy and speed in order to identify assets that are vulnerable and ensure they are rapidly and properly remediated, which is something traditional enterprise IT and IT security solutions cannot deliver effectively and at which Qualys excels.”

Qualys’ cloud platform consists of a host of expanding capabilities that help enterprises with vulnerability and security management tasks. It has also announced new SSL/TLS certificate and cloud visibility technologies which will further augment the cloud security platform.

Upcoming GDPR regulation is also the main contributing factor for the company growth. It will come into effect in May 2018 across the European Union (EU). GDPR makes it compulsory to take all possible efforts for the companies to ensure the security and the privacy of customer data.

“We see that GDPR is in fact a godsend for Qualys and we see the effect of that because specifically, it is now accelerating the digital transformation of many of the large European companies,” Courtot said.

The recent breaches due to WannaCry has boosted Qualys business prospect.

“WannaCry has been also a godsend for Qualys,” Courtot said. “People finally realize that instead of having to buy solutions that supposedly protect them, that in fact they better try to identify all of their assets and also identify the vulnerabilities on those assets because this is what WannaCry and then NotPetya absolutely demonstrated.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

IoT Security Bill

August 2nd, 2017

This week the Internet of Things Cybersecurity Improvement Act of 2017 was introduced by a bipartisan group of U.S. senators. The rules sets minimum conditions and requirements for the security of Internet-connected devices purchased by the U.S. government. It also provides legal protections to security researchers.

Features:

(1) Devices which are connected to the internet should be patchable

(2) Industry standard protocols should be implemented

(3) Hard-coded passwords that can’t be changed should be leveraged

(4) Security vulnerabilities should not be present

It also asked the Office of Management and Budget to create alternative security conditions for devices with limited data processing and software functionality.

As per the bill, the definition of an Internet-connected device “is capable of connecting to and is in regular connection with the Internet,” and “has computer processing capabilities that can collect, send, or receive data.”

“While I’m tremendously excited about the innovation and productivity that Internet of Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” Sen. Mark Warner said in a statement.

“This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices,” Warner added. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

Arxan Technologies VP EMEA Mark Noctor hopes that other government will also follow “While there has been useful work in the area from bodies such as ENISA in Europe, it appears that an act of law is the best way to get vendors to ensure security,” he said.

“While the focus on basic measures such as password management is a good starting point, we’d also like to see future legislation build on this to require more advanced security measures, such as using code hardening to protect a connected device’s software from being broken into and reverse engineered for malicious purposes,” Doctor said.

Security research is also provided legal protections.

“I’ve long been making the case for reforms to the outdated and overly broad Computer Fraud and Abuse Act and the Digital Millennium Copyright Act,” Sen. Ron Wyden said in a statement.

“This bill is a bipartisan, common-sense step in the right direction.”

“This bill is designed to let researchers look for critical vulnerabilities in devices purchased by the government without fear of prosecution or being dragged to court by an irritated company,” Wyden added. “Enacting this bill would also help stop botnets that take advantage of Internet-connected devices that are currently ludicrously easy prey for criminals.”

____________________________________________________________________________________________

No server, IT knowledge or training is needed as everything is included in an Alertsec subscription.

Cyber Insurance and Cloud Cyber Attacks

July 31st, 2017

According to the insurer Lloyd’s, a large cyber attack could cause $53 billion in economic losses which is almost same estimation as per 2012’s Superstorm Sandy. The report mentions the two possibilities. One where a disruptive attack which can lead to losses of $53 billion. Other includes an attack on computer operating systems which could lead to losses of $28.7 billion.

As per Lloyd’s estimation, the range of losses can vary between $15.6 billion to $121.4 billion. Average loss range is from $620 million for a large loss to $8.1 billion for an extreme loss.

“Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economy, trigger multiple claims and dramatically increase insurers’ claims costs,” Lloyd’s CEO Inga Beale mentioned

“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality,” Beale added. “We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence.”

As per the RiskIQ study, cybercrime led to global economy $454 billion loss last year. it also mentioned that $858,153 is lost to cybercriminals every minute. Companies spent $142,694 per minute to protect.

“Today, an organization’s digital assets are subject to malware, malvertising, and phishing efforts on a scale never before seen, while rogue apps, domain and brand infringement, and social impersonation cause business disruption and material loss,” RiskIQ manager of content strategy Mike Browning wrote in a blog post examing the findings.

The report also mentioned that 818 pieces of unique malware are injected in the system per minute.

“As companies innovate Web, social, and mobile means to engage with their customers, partners and employees, threat actors will prey on business exposures and brands to capture users’ trust, access credentials, and sensitive data,” RiskIQ chief marketing officer Scott Gordon said in a statement. “This requires organizations to extend their security programs to monitor and mitigate threats outside the firewall.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Breach at Italy’s Biggest Bank

July 29th, 2017

The leading bank in Italy, UniCredit mentioned that approximately 400,000 of its customers’ data were affected after third party provider was hacked. The name of the third party is withheld. It is one of the major attack on Italy’s financial institution as per the Reuters.

The bank mentioned that data was stolen in two different breaches.

“UniCredit has launched an audit and has informed all the relevant authorities,” the bank said in a statement. “In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.”

Paul Norris, senior systems engineer for EMEA at Tripwire mentioned that these two breaches occurred in a year.

“Basic security hygiene needs to be adopted by all enterprises, not just financial institutions, and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures, which will reduce the overall risk of future attacks,” Norris said.

Evident.io CEO Tim Prendergast mentioned that customers expect that their information should be secured. “Enterprises, therefore, must demand that their partners operate according to the same security rules and protocols they abide by when it comes to customer data,” he said.

“It should be a requirement that all partners use continuous security monitoring of their cloud environments, and adhere to rigorous security protocols if they want to work with a vendor,” Prendergast added.

Matt Walmsley, EMEA director at Vectra Networks, mentioned that the breach reminds companies to take extra care to handle sensitive data.

“In an effort to save costs, businesses often outsource functions to third-party providers and external contractors,” he said. “However, businesses have a duty of care to protect personal information regardless of whether they manage it in-house or out-of-house.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Series A round for Security Startup

July 23rd, 2017

The San Francisco-based cyber security startup Insight Engines recently raised $15.8 million in a Series A round of financing for its threat intelligence gathering tool Splunk also known as called Cyber Security Investigator.

August Capital led the funding round which was backed by Real Ventures, Data Collective, Splunk and its co-founder, Erik Swan. Simon Crosby, co-founder and CTO of Bromium, is also part of an investor group.

Company makes big data easy to explore and work with natural-language processing technologies. Cyber Security Investigator can detect and understand cyber threats by asking questions.

“In today’s day and age, advisories are always changing their patterns of attack, making static alerts ineffective defense,” Grant Wernick, co-founder and CEO of Insight Engines, told e-security Planet. “CSI [Cyber Security Investigator] levels the playing field, allowing the good guys to be dynamic in ways they never imagined possible.”

This technology can help fill the IT companies with the workforce gap.

“CSI helps bridge the hiring chasm between the need for talented individuals and the work force available,” said Wernick. “CSI is a force multiplier for the most advanced security teams who can now achieve more effective results in a fraction of the time. With CSI we have been able to transform physical security staff to augment cyber security operations, which has resulted in both significant cost savings and fresh perspectives for the enterprise.”

It also reduces time to zero in on cyber security issues.

“CSI empowers analysts to escape search fatigue by helping them analyze more of their data and spend less time searching,” he said. They can “spend more time focused on mitigating real threats and significantly less time focused on crafting esoteric queries. Using CSI, analysts no longer need to be big data specialists and can focus back on defending against an ever-increasing threat landscape.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers. 

Corelight Rises Series A Funding

July 21st, 2017

A San Francisco-based technology startup Corelight had raised $9.2 million in a Series A round of funding led by Accel Partners. Other participants include Osage University Partners and Dr Steve McCanne, co-founder of Riverbed Technology.

Corelight Sensor is the company product which uses Bro, an open-source network analysis framework to check even the most advanced or stealthy network attacks. Dr Vern Paxson, a professor of computer science at UC Berkeley, who co-founded the company and serves as its chief scientist.

Corelight mentioned that it uses specialized hardware to provide four times the data processing output. It also features high-performance network interface card to quickly generate results.

“Since all data, no matter what the threat vector, travel over networks, the Corelight Sensor is a powerful tool to understand threats” Alan Saldich, CMO of Corelight, told e-security Planet. Those threats include malware infections port scanning, denial of service attacks, unauthorized access, misconfigurations, abuse, exfiltration of data, insider threats, advanced persistent threats, phishing or other email-based attacks, he said.

“While Bro-Corelight is not always the tool that detects incidents–in many cases, it is end users who detect unusual emails or behaviour, or report ransomware–it is the fastest way to resolve them and get clarity about exactly what happened and why to get to the root cause,” continued Saldich.

Corelight Sensor provides output in easy to understand manner.

“Understanding those alerts is a laborious and time-consuming job because there are many systems involved, each with different data, logs, user interfaces, formats and they are not necessarily correlated or organized in a way that is useful to [incident responders],” said Saldich.

“That means that advanced persistent threats can linger undetected or unresolved for hours, days or weeks because dealing with them is so challenging.”

Corelight present the security threat data in a format so that security personals take the action.

“Corelight helps companies resolve cyber security incidents much faster than they can today. We do that by providing clarity and detailed information about all network traffic, summarized and structured specifically for cybersecurity pros and incident responders,” added Saldich.

____________________________________________________________________________________________

Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.