Backdoors, Front Doors and Windows: All give easy access to your assets

backdoor

The upward trend of security breaches involving some of our most well-known and trusted organizations like JPMorgan illustrate the need for continuous cyber security training.

With that in mind, it is worth ensuring that we regularly revisit the basics and keep emphasizing how criminals gain access. More often than not, cyber crime is enabled as a consequence of unintentional human behavior.

Phishing via email is by far the most commonly used tactic by cyber criminals for stealing trade secrets, usernames and passwords, and accessing private information. The majority of intrusions occur as the result of someone clicking on a bad link in an email or on a social site.  Once a bad actor or actors gains access through phishing, they are poised to start harvesting valuable personal information, including banking and health records, which in turn is sold for millions on the black market.

Industry and government are making headway in helping to counter the threat, but the fight is constant and ever evolving.  Adversaries learn and adapt to both policy-based and technical defensive solutions.  An example where policy is achieving positive results is prosecution of organized cyber criminal.  In early June 2014 the Justice Department announced charges against a sophisticated gang of international hackers that implanted viruses on hundreds of thousands of computers, and netted over $100 million from consumers and businesses worldwide.

Technical defensive solutions present a more challenging problem because adversaries are able to counter defensive measures more quickly.  While an international cooperative effort between the FBI, Europol, and security engineers from the private sector under “Operation Tovar” took down the GOZ botnet on May 30, 2014, the solution was temporary. Updated source code to reanimate a botnet is easy to get on the Internet, and new variants of the Trojan are currently active. As long as organizations and individuals at home use computers running older versions of Windows and outdated antivirus programs, these viruses and botnets can continue to be employed.

In the attack on JPMorgan’s systems this summer, hackers went through a public facing web application to obtain customer data that could be used to liquidate accounts. In April JPM stopped a money transfer from a Russian embassy to a sanctioned bank, and this summer’s intrusion was originally thought to be retaliatory. We now know that some other organized criminals have possession of 83 million bank records.

Billions of hits on banks, healthcare organizations, schools, and manufacturers from mass email and web intrusions happen every day. Because there is so much of our personal information in the hands of sophisticated scammers, we can expect to see very specific phishing attempts in the future. We will get email that appears to be from our doctor’s office, our bank or someone who knows details of our daily lives.

EdgeWave EPIC2‘s Cyber Operations Group director Tom Chapman states, “Cyber protection begins by staying current with the threat environment, both with networks and people”. He recommends the following:

  • Be cautious about what links you click. Hackers can craft emails that appear legitimate.  Best to type in the link yourself, especially when conducting financial transactions.
  • Ask yourself if you really need to download a file.  Documents may contain viruses that even a trusted sender may not be aware of.  Ensure you scan documents with AV automatically.
  • If you are using a public network, don’t go to sites that require passwords.  Anyone can see and steal this information.
  • Update everything!  Networks and personal devises should have all the latest software and anti-virus updates checked daily.  More importantly, ensure people are aware of the latest threats.

In the escalating war on cyber crime, preemptive action against phishing scams includes educating employees about malicious email, and a Military-Grade cyber security that combines the strongest artificial intelligence and human analysis on the market.  Register for Mike Walls’ Oct 29, 2014 Military-Grade Cyber Security webinar.


Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft.  Comments and questions for Mike Walls are welcome: blog@edgewave.com

EdgeWave 10/23/14 Cyber Threat Update

EPIC CTU

EdgeWave EPIC2’s Cyber Operations Group constantly monitors trends in email campaigns and website ratings.  Informing the community on the latest happening across platforms helps to prevent threats from adversely effecting networks.  Looking closely at our data and intelligence gathered from multiple sources, we find information to improve awareness for system administrators.

  • From our ePrism email security, we spotted a large campaign targeting pump and dump stocks.  Dexter Davies, our senior ePrism analyst noted over 1.5 million emails containing information to a Canadian penny stock.    Additionally, a plethora of email with phrasing along the lines of “I uploaded a secure document for you using google docs” has appeared from AOL mail servers.   Lastly, we blocked over 800,000 emails from the U.K. with Apple .PNG attachments.
  • Recent news reporting warned of spam campaigns using false Dropbox link and stories on Ebola.  While we did notice a few campaigns, most were very small in number.  Hackers will always try to find inventive ways for you click on their links.  Using current events and popular sites is nothing new but administrators should constantly remind people on the latest tactics in the community.
  • This week, EdgeWave’s iPrism system returned over 7800 new websites to be classified for addition into the iGuard data base.  Of these new URLs, the vast majority cover legitimate business sites at 49%.  Objectionable sites only accounted for 4% of new URLs.  Anti-productivity sites accounted for 13% of all new URLs.   The sports category had a slight uptick in hits, most likely due to the Baseball World Series.
  • As a final note, one of the latest trends in identity theft is the targeting of medical records.  Many people wonder what can be done with this type of information.  Forbes recently published an article which can be found here noting the vast opportunities a hacker may have with your information.  Most nefarious in my opinion is the selling of your condition to marketer who would then target an individual with ads for medications.  Your co-workers should be aware of ads that are a little too on the nose for any conditions they may have.  It could be an indicator your information has been compromised.

EdgeWave EPIC2 is a Military-Grade approach to cyber security that combines expert analyst review, advanced technology and a rigorous cyber operations approach to deliver real-time, active defense against cyber threats. Learn more or watch a short video.

Going Shopping? Bring Cash

cash

Your chances of being held up at gunpoint are greatly less than the chances of having your credit card information stolen, so better just pay cash when you shop at large retailers.

Staples is the latest to announce a breach of their POS systems after Brian Krebs revealed that a pattern of credit card fraud indicates a compromise of Staples POS systems in the northeast. Krebs said that the malware installed on the systems allows thieves to duplicate credit cards and charge them up at other stores.

The FBI says that 110 million, or roughly 50 percent of adult U.S. citizens have had their personal information exposed in some way in the past year.

Once again, we are assured that the company breached “takes the protection of customer information very seriously and are working to resolve the situation.”

Really?

As the first anniversary of the Target breach rolls around, and more beaches involving more people happen every week, it is getting harder to trust that statement. Shoppers all over the globe would like to know what is being done to prevent the next big breach. Every retailer using an older POS system on a network that is not protected from continuously evolving threats will need to upgrade both hardware and software, and include a strong security system with the upgrade.

The numbers in the Staples breach are not yet available, but here are some eye-openers in the news since last fall:

  • Target: 110 million records stolen
  • Home Depot: 56 million cards impacted
  • EBay: 145 million passwords stolen
  • JP Morgan: 83 million customers affected
  • Community Health Systems: 4.5 million patient records stolen
  • Healthcare.gov: Who knows?

The FBI says that nearly 520 million records have been stolen in the last 12 months. While we wait for Congress and the Senate to pass a bill (since when do hackers follow the law?), every enterprise and organization doing business on the Internet needs to ensure that they have the strongest possible defense in place.

EdgeWave’s Military Grade cyber security systems provide the strongest protection from Advanced Persistent Threats on the market. Read how Military Grade defense can keep your network safe at www.edgewave.com.

US-CERT Warns of Ebola Phishing Scam

Cynthia Goldsmith This colorized transmission electron micrograph (TEM) revealed some of the ultrastructural morphology displayed by an Ebola virus virion. See PHIL 1832 for a black and white version of this image. Where is Ebola virus found in nature?The exact origin, locations, and natural habitat (known as the "natural reservoir") of Ebola virus remain unknown. However, on the basis of available evidence and the nature of similar viruses, researchers believe that the virus is zoonotic (animal-borne) and is normally maintained in an animal host that is native to the African continent. A similar host is probably associated with Ebola-Reston which was isolated from infected cynomolgous monkeys that were imported to the United States and Italy from the Philippines. The virus is not known to be native to other continents, such as North America.

Scammers are capitalizing on the Ebola virus scare by sending out phishing email messages with attachments that contain malware or links to bogus websites that direct victims to enter login credentials.

Using emotion and current events to get people to click on bad links is the basis of most, if not all, types of hacking. This week hackers from the “Sandworm Team”targeted NATO servers during the summit held in Wales on the crisis in Ukraine using spear-phishing to exploit a bug in Windows. It is believed that the hackers originate from Russia and their motives are not only to make a political statement and to intimidate, but to steal trade secrets.

A study in June by the Center for Strategic and International Studies put the cost of hacking to consumers and companies between $375 and $575 billion globally.

US-CERT website recommends the following:

EdgeWave’s EPIC2 Military Grade team of engineers and analysts work 24/7 to prevent phishing scams and web attacks from interfering with business operations of over 6,000 companies. This week alone, over 8 million threats were prevented by EPIC2. Visit www.EdgeWave.com or call 1-800-782-3762 to speak with a cyber security professional.

New Email Scam Campaigns Discovered by EdgeWave in October 2014

scam_alert_big

The EdgeWave EPIC2 Cyber Operations Group has detected several email scam campaigns of note in October 2014.

Registering over 8 million catches, EdgeWave found penny stock advertisements at the top of the list for subject matter. These emails can contain malicious links as well as an opportunity for pump-and-dump stock scams.  Pump-and-dump schemes are fraudulent stock deals where small cap stocks are manipulated and investors are urged to make a purchase before the price goes up. This is another variation on the get-rich-quick scheme: think Wolf of Wall Street. The lesson, as always, is to never trust stock advice from an unsolicited message, especially when it is giving you a specific stock as a “strong buy”.

Closely behind, over 7.5 million official looking emails try to lure recipients into clicking on bad links with notices from “courts”.

EdgeWave also continues to note large campaigns for dating sites coming from Russian domains.  “These sites have historically been linked to cyber-criminal activity and malware,” said Tom Chapman, Cyber Operation Group Director.

EdgeWave prevented 1.7 million hits for knock-off Coach Bags. Offers for luxury items such as handbags and watches are common types of spam. “We’ve been seeing a lot of this — in multiple languages — in the past month or two, and it’s not slowing down,” Chapman said.

Threat awareness in all companies and organizations is critical to maintaining a secure network; but humans make mistakes. The bad guys depend on that. EdgeWave EPIC2 advanced threat defense is a unique combination of human and automated review, providing the most accurate threat detection to prevent inappropriate email from landing in employee mailboxes in the first place. Learn how to put EdgeWave EPIC2 to work securing your email with EdgeWave ePrism Email Security. 

Tom Chapman is a retired Naval Intelligence Officer specializing in cyber warfare.  Before coming to EdgeWave, he established and directed the Cyber Analysis Cell supporting the U.S. Navy Fleet Commands responsible for protecting 400,000 personnel, 300 ships and 4,000 aircraft from cyber-attacks.