Hiding in Plain Sight: Rogue Employees and Sensitive Information

IT Department_Mobile_Shelving_Storage_04

The 2014 SailPoint Market Pulse Survey, conducted by an independent research firm, was issued this week, showing how cloud apps increase inside security risks. Titled “Employees Going Rogue with Corporate Data,” the survey of 1,000 employees at large companies (over 3000 employees) from six major economies world wide, revealed that 70 percent of employees use personal mobile devices for work, 63 percent of which access corporate data with the same devices.

The survey says that one in five office employees use cloud apps to share sensitive corporate data outside the premises of their company, and without the knowledge of their IT staff. Cloud apps such as Dropbox, SalesForce, WorkDay, DocuSign, and others, are used by former employees to continue to access corporate data, and a quarter of respondents say they would take corporate data when they leave their jobs, even while aware of corporate policies prohibiting removal of assets.

The survey reflects the danger in the big business, manufacturing, healthcare and educational environments where seemingly infinite access points create the potential for data exfiltration.

The FBI highly recommends a robust security system to protect businesses and organizations from threats to intellectual property, valuable financial data and sensitive trade secrets.

EdgeWave offers an easy-to-use Military Grade multi-layered threat-protection system that detects circumvention attempts, with 100% human review iGuard service, with powerful offsite web security for all mobile endpoints. Visit www.edgewave.com to learn more.

Recent insider theft cases on the FBI website are enough to inspire organizations from all sectors to take immediate action: http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat

The Sony Breach — is it Cyber Terrorism?


Lately, many media outlets have labeled the attack on Sony “cyber terrorism.”  However, one important piece is missing to truly describe this event as terrorism. In the military, we define terrorism as “The unlawful use of violence or threat of violence, often motivated by religious, political, or other ideological beliefs, to instill fear and coerce governments or societies in pursuit of goals that are usually political.” (Joint Publication 1-02).  The question is, what are the political goals for an attack on Sony?

There is no doubt that this action is an unlawful use of violence.  Destruction of the network by wiping the system provides the evidence of a malicious attack, and threatening to release confidential information with the intent to cause harm to individuals constitutes cyber terrorism.  What is unclear is the motivation for the attack. It doesn’t appear to be religious.  Labeling the breach as politically motivated doesn’t seem right either.  Even with the North Korean theory, the political objectives aren’t obvious.  Nor is there strong ideological belief that is being espoused.  It might be different if the attackers wanted to support an open society, or expose corruption in the industry, but neither of these seem to be the objective.

What makes this attack so different from others, is the fact the attackers continue to publicize the event, and even openly mock law enforcement’s efforts to reveal the perpetrators.  By contrast, in both the Saudi Aramco attack and Dark Seoul attacks, the hackers remained anonymous to avoid reprisal.  The criminals responsible for the Sony breach seem to have have no fear of being caught.  Unlike most hacking groups, this set continues to promote the attack and enjoy the publicity.  The same gang may soon be exploiting another ripe target to stay in the news. Stay tuned for updates.

Possible CIA Report Retaliation? Anything New on Sony?

While Sony is still in hot water, the CIA published it’s report about techniques used during interrogation. Could there be a retaliation against the CIA and government agencies? And what has Sony taught us about our vulnerabilities?

“You don’t store passwords in Word files or in Excel spreadsheets.” — infoRiskToday, Dec. 9, 2014

“I expect there to be some sort of retribution” Computerworld, Dec. 10, 2014

“Based on FBI alerts related to the Sony attack, furthermore, the attackers had access ports associated with Active Directory, NetBIOS and remote-desktop control” BankInfoSecurity, Dec. 10, 2014

“There capabilities are just not that great … Of the attacks we know, almost all were denial-of-service attacks.” Computerworld, Dec. 11, 2014

“I highly doubt Sony is doing this … And I highly doubt this would work. As for the legality, [it's] probably highly illegal.” -infoRiskToday

12/11/14 Cyber Threat Update


Holidays and calendar-based events are opportune times for hackers to get us to click on bogus links. We are busy and in a hurry to get it all done. We want to track shipping of online purchases, take advantage of special email offers, and check out a holiday e-greeting card sent by an acquaintance on social media. Don’t be so quick to click on anything sent in an an email, whether it is web address, tracking confirmation, coupon, or e-card, even if it looks kosher.

This week, we picked up a large URL (malicious website) malware set.  1,251 new malware sites have been blocked by iGuard.  Most of these URLs follow a predictable pattern of a .com followed by a dash and two letters and two numbers and then .net.  Cyber criminals try to trick people into visiting legitimate looking counterfeit URLs, which follow the normal convention with a slight variation, often difficult to see. All of these sites are Trojan droppers based on weight loss programs.

From the ePrism side, Christmas shopping scams are topping the charts.  We blocked 1.4 million emails linking to a spoofed Amazon site that looks real enough to convince unsuspecting users to enter login credentials–something like www[dot]AmazonHolidayDeals[dot]com.  Other campaigns direct recipients to paste links into their browser. Antivirus filters often deactivate links inside emails, and spammers will direct users to copy paste a URL into a browser if clicking on the  link doesn’t work. If the user does this as instructed, they are directed to a website that could launch malware into the user’s computer.

This holiday season, keep in mind what you click.  Scammers will play the Grinch to your Whoville if you are not careful.

Security Expert Says Sony Wasn’t Hacked By North Korea


“Their capabilities are just not that great,” said Tom Chapman, director of cyber operations at Edgewave, a San Diego-based security firm, in an interview earlier this week. Chapman is a former U.S. Navy cyber-warfare commander. “Of the hacks we know [launched by North Korea], almost all were denial-of-service attacks.”

Unit 121, as the North Korean military’s cyber warfare group is known, certainly has the capabilities to conduct denial-of-service attacks, said Chapman. But he was dubious it could do more than that. “We haven’t seen [Unit 121] do this before, we haven’t seen it do a crippling attack.”

Chapman also wondered why North Korea would risk an attack during one of its periodic attempts at slightly warmer relations with the West. “They just released three hostages,” said Chapman, talking about the freeing of three Americans — two of them in early November — who had been imprisoned on spying charges. “[A hack] would be counter-productive in the eyes of the [North Korean] government at this point.”

The full article can be found HERE

Article by: Greg Keizer, Computerworld