Cyber Security Institute

Monday, February 25, 2013

New RSA Solutions To Help Bring Faster Incident Response That’s Better Aligned to Business Risk

The newly released RSA(®) Advanced Incident Management for Security (AIMS), RSA(®) Asset Criticality Intelligence (ACI) and RSA(®) Data Discovery for Security Analytics software solutions are designed to provide organizations with deep context and content awareness of IT assets to help security analysts prioritize and focus threat and incident management. The combination of these solutions with the RSA Security Analytics platform is engineered to provide unmatched solution breadth and depth and helps enable organizations to become more proactive, targeted and effective in critical asset protection, threat detection and incident response.


The security threat of evasive malware

Lastline has released a new report that looks at how malware authors are able to exploit the limited visibility of automated malware analysis systems (sandboxes) and ensure that targeted attacks and zero day exploits remain successful. While environmental checks have been well documented, stalling code is the latest technique being utilized to spread malware.  It delays the execution of a malicious code inside a sandbox and instead performs a computation that appears legitimate.


Sourcefire anti-malware appliance aims to stop APTs in their tracks

The AMP appliance is built on the firm’s FirePower platform, and is designed to add further continuous file analysis, retrospective security, malware detection and blocking features. Sourcefire claimed the tool does this by adding forensic fingerprints to files that can be used to track file movements and identify the targets of advanced attacks. This network collates and shares information about known malware between the company’s clients to offer a fast alert and cyber response service. Sourcefire claimed the network is connected to millions of end points, making it one of the most comprehensive security information services in the world.


Next-Generation Threat Protection From FireEye

FireEye®, Inc., the leader in stopping today’s new breed of cyber attacks, today announced its threat protection platform designed to help enterprises deploy new security models to counter modern cyber attacks.The FireEye platform creates a cross-enterprise threat protection fabric using a next-generation threat detection engine, dynamic threat intelligence, and interoperability with a broad ecosystem of more than two dozen technology alliance partners to secure all major threat vectors and enable rapid detection, validation, and response to cyber attacks. 


New Java 7 security flaws emerge as old one lands in crime kits - java 7, software vulnerabilities,

Less than a week after Oracle released its latest Java critical patch update, researchers have found two previously unknown security issues affecting Java 7. The issues are specific to Java SE 7 and affect Update 11 and Update 15 of the software, according to Security Explorations’ CEO Adam Gowdiak.  Oracle only released Java SE 7 Update 15 last week, patching five additional CVEs to the fifty in an unscheduled release on February 1 to address a zero day flaw being exploited by attackers.


Fresh evidence on IT security threat

Analysis suggests that social, video and file sharing are not the top IT security threats, according to Palo Alto Networks In the 10th edition of its Application Usage and Threat report Palo Alto Networks the network security company, for the first time compiles and correlates data on application usage and threat activity.  While 339 social networking, video, and filesharing applications represent 20% of network bandwidth use, they account for less than 1% of threat logs. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55% of malware logs, yet they are consuming less than 2% of network bandwidth.


Friday, February 22, 2013

Urgency grows to blend cyber, physical combat

Cybersecurity’s prominence has skyrocketed in recent months, and as focus ramps up in Congress, the executive branch and the military, that trend will only continue.  Dealing with it requires a change in approach that fuses what have until now been distinct lines of operation. “Right now we’re being asked to look at potential consequences of attacks on [critical infrastructure] and prioritize…from a cyber perspective,” said Suzanne Spaulding, deputy undersecretary for the National Protection and Programs Directorate at the Homeland Security Department. 22 AFCEA DC cybersecurity symposium in Washington, pointed out that at DHS, this idea already is under way in the form of integrated task forces for assessing risks and implementing policies.


Thursday, February 21, 2013

Employees May Be a Company’s Greatest Cybersecurity Vulnerability

Apple Inc, disclosed a cyber attack Tuesday, which started when employees visited a website for software developers and inadvertently picked up malicious software that infected their computers. ...  And in a recent report about hackers infiltrating systems at The New York Times, investigators came to suspect that employees opened malicious links or attachments contained in emails. In these and other cyber attacks on corporations and government agencies, employees often serve as gateways for intruders—underscoring the need for better employee education about digital security, according to a new report by the data security solutions firm Trustwave.


Wednesday, February 20, 2013

Radware to Present at 2013 RSA Conference: Stock Exchanges in the Line of Fire - Morphology of Cyber

Radware® (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, announces it will discuss several real-life cyber attacks on stock exchanges, during a presentation which is being held at the 2013 RSA Conference, February 25 to March 1st, in San Francisco, California.  In a presentation titled, Stock Exchanges in the Line of Fire - Morphology of Cyber-Attacks, Ziv Gadot, Radware’s Security Operations Center (SOC) team leader, will discuss how stock exchanges are constantly targeted by cyber attacks and why they are an ideal target for hacktivists who try to cause even the slightest service disruption, which may result in heavy financial losses and penalties to the financial sector.


Pakistan and Iran sign security cooperation agreement | Business Recorder

Highlighting the scope of co-operation, Rehman Malik said under this agreement both the countries will cooperate in the prevention and combating of organised crimes in the region including smuggling of goods and properties as well as cultural and historical objects and the restitution of such items.  The other areas are crime of forgery of state securities, travel documents, money, credit cards and any other papers of value, illegal economic activities such as money laundering and utilisation of income from such activities and illicit trade in weapons, ammunition and explosive materials.


RSA estimates 2012 global losses from phishing at $1.5 bn

RSA, the Security Division of EMC announced the findings of its January 2013 Fraud Report, estimating the global losses from phishing at $1.5 bn in 2012. ...  The total number of phishing attacks in 2012 was 445,004 while in 2011 was 258,461.  The overall trend in attack numbers showed a steady rise in volume throughout the year, reaching an all-time high in July with 59,406 attacks detected in a single month. The most prominent market trends relevant to the mobile channel have to do with the growth in mobile device usage in personal and work life and pivotal role of mobile apps.


Wombat Launches SmishGuru to Combat Phishing Attacks

Cyber-security software developer Wombat Security Technologies announced the launch of SmishGuru, a simulated attack service to target the growing problem of text-message phishing, also known as “smishing.” An expansion of the company’s family of social engineering assessment products, SmishGuru can also help companies mitigate bring-your-own-device (BYOD) risks by teaching employees to defend against popular mobile device attacks and training how to recognize and avoid the more subtle smishing attacks. Similar to Wombat’s PhishGuru and USBGuru solutions, security officers can select and customize the type of attack they want to send and select and customize the training the employee will receive if they fall for the simulated attack.


Ponemon Institute Research Reveals Cyber Attacks on Trust Can Cost Every Global Enterprise Up to $39

Ponemon Institute and Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today announced the 2013 Annual Cost of Failed Trust Report: Threats & Attacks.  This new annual report provides the first extensive examination of how failure to control trust in the face of new and evolving security threats places every global enterprise at risk. The most essential of these technologies are cryptographic keys and digital certificates, which provide the foundation of trust for the modern world of secure communications, card payments, online shopping, smartphones and cloud computing. Clear and present danger to cloud computing: Respondents believe difficult-to-detect attacks on Secure Shell (SSH) keys, critical for cloud services from Amazon and Microsoft, present the most alarming threat arising from failure to control trust.


Tuesday, February 19, 2013

Blackberry Enterprise Server Vulnerable To Malware From TIFF Images | Ubergizmo

Blackberry has announced that vulnerabilities in its Blackberry Enterprise Server could possibly allow malicious code in image files to be executed remotely. The flaw that been rated as “high severity” works in the following manner: A malicious person writes a special code and then embeds it in a TIFF image file. ...  As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code.


Aust businesses held to cyber ransom | adelaidenow

Big business is being targeted by cyber-criminals in “ransomware” attacks, threatening deletion or freezing of crucial business files unless money is paid. A new national survey of Australian big business reports that in September last year, 25 organisations reported ransomware attacks. Releasing the 2012 Cyber Crime and Security Survey Report in Melbourne, Attorney-General Mark Dreyfus says businesses were at times reluctant to report the attacks, which were linked to organised crime.


Offensive Cyber: Superiority or Stuck in Legal Hurdles? | Defense News |

In recent years, offensive cyber operations have attracted significant interest from the non-Defense Department academic legal community, prompting numerous articles seeking to create a legal theory for cyber conflicts.  At a time when the United States has already lost an estimated $4 trillion in intellectual property as a result of foreign cyber espionage, not to mention the loss of military advantage, focusing on what the United States cannot do in cyberspace only hinders efforts to defend the country from future cyber attack. The theoretical framework for an emerging cyber law under development by the legal community uses analogies from international law, such as the laws of the high seas and international commercial air treaties.


Antibot: Network-based botnet removal tool

ZeroAccess, the world’s fastest-growing botnet, infected millions of computers in 2012, using them to commit large-scale click fraud and Bitcoin (a digital currency) mining.  Zeus, which is also a banking trojan, causes millions of dollars in loss to its victims by siphoning money from their online bank accounts. F-Secure Antibot disinfects devices that are infected on a network by guiding the users through a simple self-cleaning process, cutting out the need to call the operator helpdesk. “Anywhere from 6% to 20% of people, depending on the study, still don’t use antivirus software,” says Mikko Hypponen, Chief Research Officer at F-Secure.


Apple confirms cyber attack, releases Java update and malware removal tool | PCWorld

The words “Apple” and “security breach” don’t often appear together, but on Tuesday the company said that some computers belonging to its employees had been targeted by hackers originating from China—the same group, reportedly, that last week infiltrated computers belonging to Facebook employees. Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days.  To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found. True to its word, Apple released a Java update late on Tuesday for Mac OS X 10.7 or later that patches a number of security vulnerabilities as well as scanning for the most common variants of the malware in question and removing them.


How will EU cybersecurity directive affect business?

The most obvious effect is that it will mean additional costs for all businesses covered by the proposed directive in terms of creating new processes and acquiring new technology to comply. The directive means that, for the first time, companies will be under a legal obligation to ensure they have suitable IT security mechanisms in place, which is likely to boost IT spending across the EU. The real effect of the proposed directive begins to emerge in the light of the fact that it requires that all “market operators” to ensure that the networks and information systems under their control meet minimum security standards, to be laid down by the EU.


5 Steps to Recovery After Your Business Has Been Hacked | Fox Small Business Center

It’s not just household names that are the targets of hackers, however: In a report released by Symantec, the maker of the Norton Anti-Virus software, 36% of the global targeted attacks in the first half of 2012 were directed against small businesses with 250 or fewer employees. spoke to four cyber-security experts to create a 5-step plan that will get you safely up and running again in no time if and when your business is compromised by a hacker. Rob Lee, the Digital Forensics and Instant Response Lead at the SANS Institute (a leading information security training institute), says that identifying whether a hacking attack has occurred is incredibly challenging for most businesses.


Friday, February 15, 2013

Citadel Trojan Moves Beyond Banks

Despite its commercial removal from underground forums last year, the highly sophisticated Trojan known as Citadel is now a global threat to multiple business sectors, not just financial services, according to researchers at McAfee Labs.


US must do better in preparing professionals to help fight cyber attacks - The Hill’s Congress Blog

While dozens of U.S. banks are in the midst of reviewing their information security policies after falling victim to recent successful network intrusions resulting from cyber-attacks, The New York Times, The Wall Street Journal, The Washington Post and even Twitter have joined the ranks of other high-value companies to have been targeted by hackers, most notably from China and Iran. While U.S. officials debate over what new measures, if any, to put in place to protect our economic interests, firms - both public and private – should consider what they can do to thwart these attacks from re-occurring, or to at least minimize the collective threat they pose to American business. Given the mutual dependency of our economic and military infrastructure on the continuous availability and flow of confidential and high integrity data, one solution to solving the perpetual network probes and vulnerability scanning challenging U.S. companies is to retrain IT workers in the short term until long-term measures are put in place to protect our information infrastructure.



‘Meeting the cyber risk challenge’, which polled more than 150 risk management professionals across Europe, found that just 16 percent of companies had a chief information security officer in place to manage cyber risk and privacy. However, as an escalating number of companies face dealing with the aftermath of reported data breaches, it is clear that cybercrime knows no boundaries and no organization is immune. First among these is one that sounds elementary, although in reality often turns out to be quite complicated: conduct an audit of the IT and physical security system.


Thursday, February 14, 2013

Increase in targeted attacks highlight growing threat of malware on Macs - IT News from

Malware attacks on Uyghur supporters running Mac OS X have been on the rise over the past two months. According to a joint report from Kaspersky and AlienVault Labs, hackers are sending out virus laden email attachments that if opened put monitoring malware on Mac devices. “During the past months, we’ve monitored a series of targeted attacks against Uyghur supporters, most notably against the World Uyghur Congress (WUC),” wrote Kaspersky director of global research & analysis team Costin Raiu in a blog post. “Although some of these attacks were observed during 2012, we’ve noticed a significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment.”


Cloud masks hidden costs

The increasing adoption of cloud computing in Thailand has led to escalating hidden costs and security risks for companies as sensitive data are placed in the cloud, says a global Symantec survey. The survey, entitled “Avoiding the Hidden Cost of Cloud 2013”, said 99% of respondents in Thailand expressed interest in adopting cloud computing technology, compared to an average of 89% globally. Pramut Sriwichian, the country manager of Symantec Thailand, a US-based data back-up and security software firm, said companies are experiencing escalating costs tied to rogue cloud use and inefficient cloud storage.


Wednesday, February 13, 2013

Global malicious websites increase by 600%

Year-over-year, the number of malicious web-based attacks increased by nearly 600 percent, according to Websense Security Labs. The timed, targeted nature of these advanced threats indicates a new breed of sophisticated attacker who is intent on compromising increasingly higher-yield targets. The United States of America, Russia and Germany were the top three countries hosting malware.  Meanwhile, the Bahamas made its debut into the list of top five countries hosting phishing sites, with a second place ranking. China, the United States of America and Russia were the top three countries hosting command and control servers.


Retailers were favorite target of cyber crime in 2012 Dubai Chronicle

In 2012, the retail industry was the most preferred target of cyber crimes.  But it must be clear that the main target is not exactly the retail. The statistic goes on with food and beverage industry registering 24% interest from cyber criminals.  Yet, they are the favorite target of cyber criminals. 96% of all cyber frauds are payment data targeted.  These include customer records like credit and debit cards data, e-mail addresses and personal identifiable information.


Monday, February 11, 2013

Chinese Hackers Going After U.S., Not Just Media—Daily Intelligencer

Last month the New York Times announced that Chinese hackers had stolen every employee’s corporate password, and not to be outdone, the Wall Street Journal and Bloomberg News then revealed that they’d been targeted as well (though hackers failed to infiltrate Bloomberg News). ...  According to a new national intelligence estimate, Chinese hackers have been rifling through the computer systems of a variety of American businesses as part of a massive operation that might be costing the country tens of billions of dollars. While it appears the hackers were targeting the media companies to keep tabs on their reporting on China, the National Intelligence Estimate found that the larger aim of the larger cyber-espionage campaign is to steal trade secrets and other data that could give China an economic edge.


US Report Highlights Economic Threat of Hacking

U.S. officials say hackers pose a threat to the nation’s economy and accuse China of carrying out the most cyber-attacks. “Attacks have been on the rise without question,” he said, explaining that, often, even experts can only guy where the attacks are coming from. “As for the vulnerabilities to the financial sector, I would assume that’s correct, but I would suggest that the vulnerabilities are throughout the U.S. economy,” he added.  “The problem is that many people do not like to speak about these things because either they’re unaware they are being attacked or very reluctant to publicize their vulnerabilities.” The Washington Post says President Barack Obama is expected to issue an executive order on cyber security soon, intended to help private companies defend themselves against hacking.


Saturday, February 09, 2013

Cyber attacks on U.S. banks likely to continue, experts say | TribLIVE

Americans should not breath a sigh of relief just because a computer hacking group said it would suspend a four-month offensive to disrupt access to more than two dozen bank websites. Even if the al-Qassam Cyber Fighters group says it won’t attack PNC Bank and other financial institutions, cyber attacks meant to disrupt commerce in the United States are likely to continue, said Jeff Bardin, a Boston cyber security consultant and expert in Middle Eastern hackers and cyber jihad.