Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

December 2013 - Posts

Malware - Cryptolocker ransomware infects 250,000 PCs

Crytolocker is highly destructive and emerged as one of top threats of 2013, as it holds users hostage to pay for unencrypting and returning data back to user

http://www.bbc.co.uk/news/technology-25506020
http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/

QUOTE: A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers. Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock. Dell Secureworks said that the US and UK had been worst affected.

It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals. The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day. Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible. "Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI," said the report.

New CryptoLocker variant spreads using USB devices

Cryptolocker is highly destructive as once data is encrypted, the system can usually only be recovered from backups (or one must pay the bad guys for keys to decrypt data).  This new variant improves the capability to spread from system to system.

http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker-spreads-via-removable-drives/

http://www.symantec.com/connect/blogs/cryptolocker-qa-menace-year

QUOTE:  We recently came across a CryptoLocker variant that had one notable feature—it has propagation routines. Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants.   Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages.

DDOS Attacks – expected to increase in 2014

Distributed denial of service attacks are likely to increase in 2014 based on current trends.

http://www.scmagazineuk.com/2014-ddos-attacks-can-only-get-worse/article/326782/

QUOTE: 2013 will go down in IT security history as the year when a large number of high-profile organisations were very publicly hacked. And in parallel with this, the integrity of tens of millions of debit and credit card holders’ accounts around the world were put at risk because of these breaches.

Walker said that one of the key issues he has seen CSOs and CISOs express their concern about is the problem of DDoS attacks – which he predicts will only get worse in 2014, owing to the lack of defensive systems that most organisations have in place to guard against this type of attack.  The problem with denial of service attacks, he said, is not so much that people are not able to visit the company’s web site or conduct business – bad though this issue is in revenue terms – but that brand reputation is damaged in the longer run.

Security Awareness - 18 percent lack security training

An effective corporate security approach uses sophisticated technical defense systems as well as emphasizing the important of security to their workers.  This recent study notes that while some companies are not actively involved, many now use online training resources.

http://www.scmagazineuk.com/18-of-office-workers-have-no-security-training/article/326250/

QUOTE: Delving into the research – which was conducted in late November – reveals that companies seem to be letting the side down on the security training front, with 18.7 percent of office workers polled in the late November survey admitting their employers did not provide them with security training, and just 5.1 percent saying their company conducted phishing testing as part of their training. It’s not all doom and gloom on the anti-phishing front, however, as the survey found that 27% of employers are conducting online security training for their staff. With 27.4% integrating some form of security training in their employee induction courses, and 11.8 percent using the traditional approach of classroom security training to get the message across.

Phishing Attacks - Popular holiday-themes

The PhishMe blog was recently discovered and highlights key attack methods used during the holidays 

http://phishme.com/popular-holiday-themed-phishing-attacks/

http://phishme.com/category/blog/

QUOTE: The holidays are a busy time for everyone… especially for hackers trying to phish your employees. Phishing is most effective when it exploits human emotions—fear, greed, anxiousness, curiosity, compassion, getting a good deal—and the holidays tend to bring these emotions out more than other times of the year. Which tactics should you train your employees look out for?

Holiday e-card
Product or Service Online Discounts
Holiday sales/discounts/deals
Spoofed holiday party invitations
Holiday party info/registration
Fake Package Delivery Notifications
Package delivery/update notification
Year end: PTO balance notification
Unfiled expense reports
Urgent year-end deadline/requirements
Fake Charity fundraisers
Travel notifications

Financial Trojan Attacks - 300 percent increase during 2013

The ZBOT family and other related malware are still actively circulating and use highly sophisticated botnet command-and-control techniques. Usually, after one malware family diminishes, a more sophisticated attack is launched in it's place.   

http://securitywatch.pcmag.com/security/319042-financial-trojans-taking-over-the-world

http://www.symantec.com/connect/blogs/state-financial-trojans-2013

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_state_of_financial_trojans_2013.pdf

QUOTE: Money talks big. The industry of financial Trojans has been steadily growing as money is moving to online banking applications. In its latest blog post and whitepaper, security software company Symantec looks at this year's state of financial threat. Within the first nine months of this year, infections by the most common financial Trojans rose by 337 percent. This means almost half a million computers that are infected every month are susceptible to fraud. Symantec analyzed eight online banking Trojans' recent configuration files to better understand which URLs the Trojans attack and the perpetrators' strategies. The study reveals the wide reach of Trojans; they can and will target anything that the attacker can get a monetary profit from.

PCI/DSS version 3.0 introduced during November 2013

During recent research saw that version 3.0 of PCI/DSS standards were finalized during NOV 2013.  Some key links are noted below:

PCI/DSS HOME PAGE

https://www.pcisecuritystandards.org/

PCI/DSS OVERVIEW

https://www.pcisecuritystandards.org/security_standards/index.php

DOCUMENT LIBRARY

https://www.pcisecuritystandards.org/security_standards/documents.php

FIVE KEY CHANGES

http://searchsecurity.techtarget.com/tip/PCI-DSS-version-30-The-five-most-important-changes-for-merchants

QUOTE: The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents

Target Data Breach - Part Two Encrypted PIN Data Stolen

Hackers are already launching targeted attacks and are likely performing brute force attacks on the encrypted PIN numbers. Once both credit card and PIN# information is disclosed, hackers can register charges as desired. As shared earlier affected Target customers should change their PIN# immediately to reduce risks.

http://bits.blogs.nytimes.com/2013/12/27/targets-nightmare-goes-on-encrypted-pin-data-stolen/

QUOTE: Target said criminals had made off with customers’ encrypted PIN information as well. But Target said the company stored the keys to decrypt its PIN data on separate systems from the ones that were hacked.  Target customers’ credit and debit card data on the black market, where a single card is selling for as much as $100. Criminals can use that card data to create counterfeit cards.  But PIN data is the most coveted of all. With PIN data, cybercriminals can make withdrawals from a customer’s account through an automatic teller machine. And even if the key to unlock the encryption is stored on separate systems, security experts say there have been cases where hackers managed to get the keys and successfully decrypt scrambled data.

PC Magazine - Five security prediction articles for 2014

PC Magazine has issues 5 separate prediction articles based on emerging trends seen during past year

http://securitywatch.pcmag.com/security/319183-predictions-cyber-security-in-2014

http://securitywatch.pcmag.com/security/319244-predictions-securing-protecting-the-internet-of-things

http://securitywatch.pcmag.com/business-financial/319224-predictions-more-retail-breaches-bitcoin-will-crash

http://securitywatch.pcmag.com/security/319195-predictions-android-ransomware-mobile-banking-fraud

http://securitywatch.pcmag.com/security/319190-predictions-rise-of-national-internet-tor-s-popularity-boom

BBC Server - briefly compromised on Christmas Day

Reuters shares that BBC server was briefly compromised on Christmas Day

http://www.reuters.com/article/2013/12/29/us-bbc-cyberattack-idUSBRE9BS06K20131229

QUOTE: A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort. Reuters could not determine whether the hackers stole data or caused any damage in the attack, which compromised a server that manages an obscure password-protected website. It was not clear how the BBC, the world's oldest and largest broadcaster, uses that site, though ftp systems are typically used to manage the transfer of large data files over the Internet.

Facebook - Recommended Restrictions for Friends List

Facecrooks security shares informative article "How to Edit Your Facebook Friends List and Why You Should"

http://facecrooks.com/Internet-Safety-Privacy/How-Edit-Your-Facebook-Friends-List-Why-You-Should.html/

QUOTE: Facebook is well known for having confusing and obscure and privacy controls. The little things do make a difference, and this is especially true when it comes to your online privacy and security. Facebook gives users the ability to control who sees their friends list. We recommend setting this feature to ‘Only Me.’ When cyber criminals hijack a Facebook account, they often extract as much data as possible. This information can be used for identity theft , fraud and the search for more victims.

Just leaving your friends list open to ‘Friends,’ can expose all of your Facebook friends to hackers and scammers. A popular scam involves creating cloned profiles and then targeting everyone on that person’s friends list. If the scammer doesn’t know who a person is friends with, then it’s virtually impossible for them to run this socially engineered scam successfully. They go for the easy money and prey and will likely move on.  Now that we have covered the ‘Why’ – follow the instructions below to lock down your friends list from would-be scammers: Navigate to your Timeline and click the link to your friends list. Next, click the ‘Edit’ icon located on the far right below your cover photo. Finally, click the ‘Edit Privacy’ option and set the Friend List option to “Only Me.”

Symantec - 2013 Internet Security Threat Report v18

Excellent analysis of developments during 2013

http://www.symantec.com/security_response/publications/threatreport.jsp

QUOTE: Highlights from 2013 Internet Security Threat Report, Volume 18

Key Findings

42% increase in targeted attacks in 2012.
31% of all targeted attacks aimed at businesses with less than 250 employees.
One waterhole attack infected 500 organizations in a single day.
14 zero-day vulnerabilities.
32% of all mobile threats steal information.
A single threat infected 600,000 Macs in 2012.
Spam volume continued to decrease, with 69% of all email being spam.
The number of phishing sites spoofing social networking sites increased 125%.
Web-based attacks increased 30%.
5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems

Windows XP - Support ends on April 8, 2014

F-Secure highlights end of support on April 8, 2014. A new Windows 8.1 system with it's hardened kernel will be more reliable and new interface can be learned in just a few days. 

http://www.f-secure.com/weblog/archives/00002648.html

QUOTE: Christmas! It's approaching quickly. And something else is looming on the horizon… the end is nigh for Windows XP! If you're still using XP, please do yourself a big favor this Christmas shopping season and buy yourself a new PC.

Adobe Security Updates – December 2013

Major Adobe products are often updated on Patch Tuesday and critical updates were issued during December

http://isc.sans.org/diary/Adobe+Updates+today+as+well./17201

http://helpx.adobe.com/security.html

QUOTE: Adobe also has published updates today for Flash Player and Shockwave Player on the Windows and Mac platforms.  With this update applied, hese exploits also result in remote execution, so if you have Shockwave Player installed today is a good day to update, either right before or right after the Microsoft reboot.

APSB13-29: Security update available for Adobe Shockwave Player

APSB13-28Security updates available for Adobe Flash Player

Credit Card Crime - Weaknesses in current system

This informative NBC news article shares weaknesses in current CC system

http://www.nbcnews.com/technology/online-hacks-plastic-fakes-strange-life-stolen-credit-card-2D11803344

QUOTE: If there is a weakness in a system, opportunistic hackers will find it. In 2007, criminals exploited the lax Wi-Fi security used with hand-held price-checking devices at multiple Marshalls locations. That resulted in 45.7 million credit card numbers being stolen from the store's parent company, TJX. Criminal outfits also go after third-party payment processors, like Heartland Payment Systems, which suffered a massive breach in 2009 when SQL injection attacks (a common technique used by hackers) resulted in 130 million exposed card numbers.

Who is buying this stuff? - Massive breaches are usually the work of large, organized outfits spread across multiple countries. In July, five men were indicted in connection with the Heartland Payment Systems attack — four were located in Russia, with the other based in the Ukraine.

How much do credit card numbers sell for? - It varies wildly depending on the quality of the information stolen. You can score 10,000 bottom-of-the-barrel cards — which could include canceled and other high-risk cards — for as little as $10 or $20 total.

Microsoft Security Updates - December 2013

During December 2013, critical security patches were released for Windows, IE, Office, and other products. ISC rates two of these as PATCH NOW (highest rating). All corporate and home users should install these updates to ensure best levels of protection.

http://isc.sans.org/diary/Microsoft+December+Patch+Tuesday/17198

http://technet.microsoft.com/en-us/security/bulletin/ms13-dec

Website Defacement Attack - OpenSSL.org

The Internet Storm Center documents website defacement that was quickly repaired and is being investigated by authorities.

https://isc.sans.edu/forums/diary/OpenSSL+suffers+apparent+defacement/17309

https://www.openssl.org/news/

QUOTE: Update 29 DEC: Per OpenSSL.org, re: web site defacement, "Investigation in progress, more details to follow." While now recovered and seemingly back to normal, http://www.openssl.org appears to have been defaced. As soon as root cause (aside from malfeasance from TurkGuvenligi) is deteremined and announced, we'll update the diary.

Target Data Breach - Highly Sophisticated and Planned Attack

As articles below note this may be one of most well planned and sophisticated attacks of all time, where highly advanced malware was secretly implanted within POS register systems. The timing of attacks was also conducted at peak of e-commerce season. Impacted users should immmediately change CC# & PIN# plus carefully monitor future statements closely.

http://www.nbcnews.com/technology/massive-target-credit-card-breach-new-step-security-war-hackers-2D11778083

http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/

QUOTE: Not only was the digital heist huge — up to 40 million consumers might have had their data stolen — but the degree of difficulty indicates another step in the security arms race between criminals and merchants.The hack affected customers who shopped at U.S. Target retail stores between Black Friday, Nov. 27, and Dec. 15. Criminals don't have to go through the trouble of manufacturing counterfeit credit cards, Dave Lott, retail payments risk expert at the Federal Reserve Bank of Atlanta, told NBC News. For only about $100, criminal outfits can buy equipment that allows them to print out cards for people to use at cash registers anywhere, and never be bothered for a CVV code.

Target Stores - Data Breach impacts up to 40 million credit cards

The holiday season is an active time for cybercrime as it is a peak time of the year for ecommerce activities

http://www.nbcnews.com/business/40-million-credit-debit-card-accounts-may-be-hit-data-2D11775203
 
http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
 
http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores
 
QUOTE: Target said Thursday that the credit and debit card information of as many as 40 million customers was compromised over three weeks of the holiday shopping season — one of the largest breaches ever of American consumer data. The breach, which extended to almost all Target stores in the United States, captured data stored on the magnetic stripes of the cards that customers swipe at the cash register, according to Krebs on Security, a respected data security blog.

Cybercrime – Twelve scams to avoid during Christmas 2013

The BBC has published an excellent article on attacks to avoid, as this is a peak season of year for scams and ecommerce crime

http://www.bbc.co.uk/news/technology-25200338

QUOTE: This Christmas looks like being a bumper one for online shopping but not everyone is filled with the festive spirit and some have already set online traps they hope you will fall into. Here are twelve cyber-scams to watch out for this Christmas:

The first scam of Christmas is phishing
The second scam of Christmas is the fake virus checker
The third scam of Christmas is the fake upgrade
The fourth scam of Christmas is the "current news scam"
The fifth scam of Christmas is the illegal "cracked" download
The sixth scam of Christmas is the drive-by download
The seventh scam of Christmas is the fake free wi-fi
The eighth scam of Christmas is the wi-fi probe
The ninth scam of Christmas is a combination of the last two
The 10th scam of Christmas is the insecure website
The 11th scam of Christmas is the Man In The Middle
The 12th scam of Christmas is the nastiest of them all: the phone call

More Posts Next page »