eBay Hack Hijacks Customer Browsers

ebay2

The BBC reported that an eBay PowerSeller discovered another eBay exploit yesterday. Malicious Javascript code planted in product pages redirects users from listings for an iPhone to a spoofed site trolling for credentials. Simply clicking on one of the listings allows hackers to commandeer the shopper’s browser. The redirect takes the shopper to a fake eBay log-in page requiring a username and password.

The PowerSeller who caught the hack was an alert IT professional who noticed the suspicious URL he was being led to. He reported it to eBay, but the company delayed acting on the tip for 12 hours. The pages were taken down only after the BBC called the company to inquire what security measures were implemented. eBay’s delayed response could have cost its users who are less alert their online security and privacy.

“eBay is a large company and it should have a 24/7 response team to deal with this —and this case is unambiguously bad,”said Dr Steven Murdoch from University College London’s Information Security Research Group.

eBay does not need any more brand damage. Earlier this year eBay customers were locked out of their accounts and received false password change notifications. In May an eBay database containing encrypted passwords and other data was hacked, and users were required to change passwords again. In July eBay’s StubHub customers were relieved of $1 million by an international hacking scheme.

With a team of analysts on watch 24/7, exploits like this can be prevented before customers are compromised and the press notified. You can’t put a price on preventative security. Visit EdgeWave.com to learn more about how a military-grade security system can prevent hackers from compromising your business.

Chain Reaction: Global Supply Chain at Risk

global_supply

It has only been nine years since cyber insurance first emerged as a product.  A very lucrative sub-specialty, it is now underwritten by over 60 insurance companies and will produce an estimated $2 billion in premium income this year, according to a new report from New York-based insurance brokerage Guy Carpenter LLC.

“Today, organizations, through their interconnectedness and participation in global supply chains, are subject to an increasingly complex network of networks. A cyber attack may put an entity’s entire supply chain at risk. Cyber risks pose a set of aggregations/accumulations of risk that spread beyond the corporation to affiliates, outsourcers, counter-parties and supply chains,”the report says.

Most corporate insurance policies cover business interruption, but not infrastructure and Internet service failure. Insurance providers do not stay in business by paying out on large claims. Target only recovered $38 million of $148 million in losses from last year’s breach. The total spent by all institutions involved in that breach is more than $350 million. Clearly, insurance covers just a fraction of the cost of a cyber disaster.

A network intrusion can send aftershocks throughout the entire business world. Malware can reside on a network for years, so devices that have long been in operation in the field but never secured have likely been compromised in some way. Does anyone know how secure all of their affiliates’devices are?

Increased connectivity creates opportunities for more efficient asset and supply management. But the growing and unfathomable number of devices connected to each other creates infinite possibilities for operational disruption.

To make your supply chain less vulnerable, the Wall Street Journal recommends:

“Update supply chain risk plans to mitigate the increased exposure to cyber attacks brought when OT (Operational Technology) is now connected to the Internet and enterprise supply chain systems. Resolve any differences in accountability or governance structures between IT and OT that can result in risk exposure.”

EdgeWave specializes in enterprise security, providing email and web filtering, data encryption, and protection against zero-day vulnerabilities. An award-winning combination of military grade cyber defense, leading edge technology, and human analytics prevents malware from infecting devices connected to networks large and small. EdgeWave will create a customized plan to mitigate supply chain risks for any type of business. Download your free Cyber Security Guide at www.edgewave.com.

Salesforce.com Breach Reinforces Need for Vulnerability Assessment

VulnerabilityAssessment

On Friday September 5, Salesforce.com sent an email to administrative users of the CRM provider notifying them of a vulnerability to malware infection. Specific Salesforce.com users who have been compromised have not been identified yet. Salesforce.com’s rapid response and notification of customers are commendable and is an example for other companies who experience breaches.

“On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce.com users. We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation. If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance.”

The banking trojan attack vector uses a phishing email to lure users to click on a link to a fake Salesforce.com website, which then performs a Man-in-the-Middle attack, intercepting data and log-in credentials.

Salesforce.com advises IT professionals to:

•       Activate IP Range Restrictions to allow users to access Salesforce.com only from your corporate network or VPN

•       Use SMS Identity Confirmation to add an extra layer of login protection when Salesforce.com credentials are used from an unknown source

•       Implement Salesforce.com#, which provides an additional layer of security with 2-step verification. The app is available via the iTunes App Store or via Google Play for Android devices.

•       Leverage SAML authentication capabilities to require that all authentication attempts be sourced from your network.

The only way the trojan can be launched is with permission from a user. All it takes is one person in an organization to click on a link in a bad email message to unleash crime ware that can cause significant security and financial devastation.  That’s why  implementing a continuous vulnerability assessment cycle into your cyber security plan is so critical.

Vulnerability Assessment is one of the key elements of a Military-Grade approach to cyber operations.  In my prior role ensuring the cyber security readiness for the US Navy, I implemented a continuous assessment cycle using a number of methods including “Red Teaming” which simulated cyber adversaries attempting to penetrate Navy networks.  Red Teaming ensures the highest standards of network defense and end user behavior.  Now, at EdgeWave, I’m bringing a similar capability to the civilian sector with the EdgeWave EPIC2 Vulnerability Evaluation Tool™(VET).

The VET directs malicious emails, already caught by the EdgeWave EPIC2 advanced threat capability, to a target email account, recording the number of malicious messages that successfully penetrate the existing email security system.  EdgeWave has tested the VET against a number of widely used security systems with compelling results.  Test results against McAfee, Proofpoint, Barracuda, Google Apps and Office 365, resulted in 60% penetration rates.  In other words, 60% of malicious email messages caught by EPIC2 advanced threat capability penetrated some of the most renowned email security systems.  This is the sort of real-time data that IT and Security & Risk Managers can use to fill gaps in their existing cyber security systems.

Every day we continue to see fraudulent emails penetrating systems commonly thought to be strong enough to identify and block Internet threats. Put EdgeWave’s EPIC2 Vulnerability Evaluation Tool™ to work in your organization.  Remember the “Rule of 1’s”; It only takes 1 bad email containing 1 bad link, clicked on by 1 unsuspecting employee to execute malware that can cause serious damage to your Company’s operations and reputation.


 

Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft.

iCloud Burst: Preparing for El Nino of Exploits

iCloud Security BreachWired Magazine first broke the news last week of a hole in two-step verification system in Apple’s iCloud service that allowed hackers to obtain private celebrity photos.  In a broader perspective, this demonstrated iCloud and other cloud storage services could be raining down your personal photos and stored information.  Vladimir Katalova of Russia originally sold his ElcomSoft forensic backdoor program to law enforcement, but it is now in the hands of criminals, and is being used to download iCloud and other cloud-stored data. Continue reading

Healthcare.gov Server Breach

Healthcare.gov Server Breach

Last week the Wall Street Journal was the first to report that malware intended to launch Distributed Denial of Service (DDoS) attacks was discovered on a server used to test code for Healthcare.gov.

DDoS malware attempts to crash web servers by overwhelming them with an avalanche of traffic and communication requests.  These types of attacks are relatively common and incredibly bothersome, but not designed to steal data. Continue reading