EdgeWave 10/29/14 Cyber Threat Update

EPIC CTU

Of the new iPrism Web Security rated websites, this week we noticed two new trends that may be related to the changing seasons.  Almost 5% of all new rating linked to automotive websites.  With the advent of winter, many users may be trying to get a jump on snow tires.  Additionally, since its fall, we notice an increase in hunting and archery sites.  Deer season must be in full swing.

From the ePrism Email Security side, we saw over 8 million hits on two campaigns that tried to use either an email link or attachment for penetration.  An additional 4 million hit came from emails with “hello” type headers.  Most interesting, I’ve seen over 70,000 hits for “Dropbox” links.  Last week,  there were reports of Dropbox being hacked.  These emails seek to exploit this story.

Earlier this week, US-Cert released a warning on the Dyre banking malware.  Spam and Phishing attacks are most commonly used in order to steal user names, passwords, client certificates and browser cookies.  With this type of information, a hacker can take complete control of an account.  Dyre is typically loaded in a PDF file that loads the malware on a system.  A search of the ePrism data base shows no hits for the most common subject line.  ePrism personnel are aware of this threat an continue to vigilantly monitor for it.


EdgeWave EPIC2 is a Military-Grade approach to cyber security that combines expert analyst review, advanced technology and a rigorous cyber operations approach to deliver real-time, active defense against cyber threats. Learn more or watch a short video.

Poverty of Protection from Cyber Crime in the Financial Sector

cybercrime

A third-quarter “Systemic Risk Barometer” report by New York-based Depository Trust and Clearing Corporation, which provides settlement services to financial markets, found that 33% of 202 financial institutions surveyed rate cyber attacks as the number one systemic risk to the broader economy as opposed to 24% in the first quarter of this year.

DTCC recommends that financial firms define what constitutes critical infrastructure within their organization, research cyber security systems, and change the way cyber security is approached from “check the box” security to “ actively hunting for threats.”

The survey says that 76% of participants have increased staff and budgets for detection and mitigation of systemic risks in the past year. It also suggests that in the probable event of a network intrusion, financial institutions should “plan ahead to identify ways to deal with a unique blow to your network and systems.”

Commercial general liability insurance policies do not usually cover the loss or damage to “electronic media and records”. Insurers, businesses and banks will continue to wrestle with who is responsible for exorbitant costs of major security breaches. A comprehensive systemic defense is required in order to avoid litigation and mitigation costs that can run in the billions.

EdgeWave EPIC2 is a Military-Grade approach to cyber security that combines expert analyst review, advanced technology and a rigorous cyber operations approach to deliver real-time, active defense against cyber threats. Learn more or watch a short video.

Backdoors, Front Doors and Windows: All give easy access to your assets

backdoor

The upward trend of security breaches involving some of our most well-known and trusted organizations like JPMorgan illustrate the need for continuous cyber security training.

With that in mind, it is worth ensuring that we regularly revisit the basics and keep emphasizing how criminals gain access. More often than not, cyber crime is enabled as a consequence of unintentional human behavior.

Phishing via email is by far the most commonly used tactic by cyber criminals for stealing trade secrets, usernames and passwords, and accessing private information. The majority of intrusions occur as the result of someone clicking on a bad link in an email or on a social site.  Once a bad actor or actors gains access through phishing, they are poised to start harvesting valuable personal information, including banking and health records, which in turn is sold for millions on the black market.

Industry and government are making headway in helping to counter the threat, but the fight is constant and ever evolving.  Adversaries learn and adapt to both policy-based and technical defensive solutions.  An example where policy is achieving positive results is prosecution of organized cyber criminal.  In early June 2014 the Justice Department announced charges against a sophisticated gang of international hackers that implanted viruses on hundreds of thousands of computers, and netted over $100 million from consumers and businesses worldwide.

Technical defensive solutions present a more challenging problem because adversaries are able to counter defensive measures more quickly.  While an international cooperative effort between the FBI, Europol, and security engineers from the private sector under “Operation Tovar” took down the GOZ botnet on May 30, 2014, the solution was temporary. Updated source code to reanimate a botnet is easy to get on the Internet, and new variants of the Trojan are currently active. As long as organizations and individuals at home use computers running older versions of Windows and outdated antivirus programs, these viruses and botnets can continue to be employed.

In the attack on JPMorgan’s systems this summer, hackers went through a public facing web application to obtain customer data that could be used to liquidate accounts. In April JPM stopped a money transfer from a Russian embassy to a sanctioned bank, and this summer’s intrusion was originally thought to be retaliatory. We now know that some other organized criminals have possession of 83 million bank records.

Billions of hits on banks, healthcare organizations, schools, and manufacturers from mass email and web intrusions happen every day. Because there is so much of our personal information in the hands of sophisticated scammers, we can expect to see very specific phishing attempts in the future. We will get email that appears to be from our doctor’s office, our bank or someone who knows details of our daily lives.

EdgeWave EPIC2‘s Cyber Operations Group director Tom Chapman states, “Cyber protection begins by staying current with the threat environment, both with networks and people”. He recommends the following:

  • Be cautious about what links you click. Hackers can craft emails that appear legitimate.  Best to type in the link yourself, especially when conducting financial transactions.
  • Ask yourself if you really need to download a file.  Documents may contain viruses that even a trusted sender may not be aware of.  Ensure you scan documents with AV automatically.
  • If you are using a public network, don’t go to sites that require passwords.  Anyone can see and steal this information.
  • Update everything!  Networks and personal devises should have all the latest software and anti-virus updates checked daily.  More importantly, ensure people are aware of the latest threats.

In the escalating war on cyber crime, preemptive action against phishing scams includes educating employees about malicious email, and a Military-Grade cyber security that combines the strongest artificial intelligence and human analysis on the market.  Register for Mike Walls’ Oct 29, 2014 Military-Grade Cyber Security webinar.


Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft.  Comments and questions for Mike Walls are welcome: blog@edgewave.com

EdgeWave 10/23/14 Cyber Threat Update

EPIC CTU

EdgeWave EPIC2’s Cyber Operations Group constantly monitors trends in email campaigns and website ratings.  Informing the community on the latest happening across platforms helps to prevent threats from adversely effecting networks.  Looking closely at our data and intelligence gathered from multiple sources, we find information to improve awareness for system administrators.

  • From our ePrism email security, we spotted a large campaign targeting pump and dump stocks.  Dexter Davies, our senior ePrism analyst noted over 1.5 million emails containing information to a Canadian penny stock.    Additionally, a plethora of email with phrasing along the lines of “I uploaded a secure document for you using google docs” has appeared from AOL mail servers.   Lastly, we blocked over 800,000 emails from the U.K. with Apple .PNG attachments.
  • Recent news reporting warned of spam campaigns using false Dropbox link and stories on Ebola.  While we did notice a few campaigns, most were very small in number.  Hackers will always try to find inventive ways for you click on their links.  Using current events and popular sites is nothing new but administrators should constantly remind people on the latest tactics in the community.
  • This week, EdgeWave’s iPrism system returned over 7800 new websites to be classified for addition into the iGuard data base.  Of these new URLs, the vast majority cover legitimate business sites at 49%.  Objectionable sites only accounted for 4% of new URLs.  Anti-productivity sites accounted for 13% of all new URLs.   The sports category had a slight uptick in hits, most likely due to the Baseball World Series.
  • As a final note, one of the latest trends in identity theft is the targeting of medical records.  Many people wonder what can be done with this type of information.  Forbes recently published an article which can be found here noting the vast opportunities a hacker may have with your information.  Most nefarious in my opinion is the selling of your condition to marketer who would then target an individual with ads for medications.  Your co-workers should be aware of ads that are a little too on the nose for any conditions they may have.  It could be an indicator your information has been compromised.

EdgeWave EPIC2 is a Military-Grade approach to cyber security that combines expert analyst review, advanced technology and a rigorous cyber operations approach to deliver real-time, active defense against cyber threats. Learn more or watch a short video.

Going Shopping? Bring Cash

cash

Your chances of being held up at gunpoint are greatly less than the chances of having your credit card information stolen, so better just pay cash when you shop at large retailers.

Staples is the latest to announce a breach of their POS systems after Brian Krebs revealed that a pattern of credit card fraud indicates a compromise of Staples POS systems in the northeast. Krebs said that the malware installed on the systems allows thieves to duplicate credit cards and charge them up at other stores.

The FBI says that 110 million, or roughly 50 percent of adult U.S. citizens have had their personal information exposed in some way in the past year.

Once again, we are assured that the company breached “takes the protection of customer information very seriously and are working to resolve the situation.”

Really?

As the first anniversary of the Target breach rolls around, and more beaches involving more people happen every week, it is getting harder to trust that statement. Shoppers all over the globe would like to know what is being done to prevent the next big breach. Every retailer using an older POS system on a network that is not protected from continuously evolving threats will need to upgrade both hardware and software, and include a strong security system with the upgrade.

The numbers in the Staples breach are not yet available, but here are some eye-openers in the news since last fall:

  • Target: 110 million records stolen
  • Home Depot: 56 million cards impacted
  • EBay: 145 million passwords stolen
  • JP Morgan: 83 million customers affected
  • Community Health Systems: 4.5 million patient records stolen
  • Healthcare.gov: Who knows?

The FBI says that nearly 520 million records have been stolen in the last 12 months. While we wait for Congress and the Senate to pass a bill (since when do hackers follow the law?), every enterprise and organization doing business on the Internet needs to ensure that they have the strongest possible defense in place.

EdgeWave’s Military Grade cyber security systems provide the strongest protection from Advanced Persistent Threats on the market. Read how Military Grade defense can keep your network safe at www.edgewave.com.