[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
Table of Contents didnt quite work out as I wanted. Sorry for the mess. I’m working on improving it.
So onto the news:
**
————————————————————
**
————————————————————
* Landry’s Reveals Details of POS Breach
* How to Build a Remote Security Team
* What Are Your Container Security Options?
* Detecting âMulti-Stageâ Cloud Cyber-Attacks from the Start
* The Malware Museum is an epic collection of old-school viruses
* CIOs wary of sharing cyberthreat data
* 5 Reasons Why Encryption Won’t Be Enough to Protect Your Data
* Cybercriminals use spy tactics for online bank heists
* Cloud security risks are rising
* The 8 most stressful jobs in tech
* Obama signs two executive orders on cybersecurity
* Swedish exec to take over as ICANN chief
* Current p2p trends threatening enterprise security
* Grammar and Spelling Errors in Phishing and Malware – See more at: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0802e81336&e=20056c7556
* Russian hackers used malware to manipulate the Dollar/Ruble exchange rate
Landry’s Reveals Details of POS Breach
Houston-based Landry’s Inc. has opened up on the broad scope of point-of-service malware attacks at its restaurants and other properties dating back to 2014 and 2015.
The breaches exposed payment cards used at 46 of its brands, which include the restaurant chain Morton’s and Golden Nugget Hotels and Casinos.
More than 350 locations in 34 states, the District of Columbia and Canada were affected, according to a Jan. 29 statement.
Landry’s has about 500 locations under its corporate umbrella.
“Findings from the investigation show that criminal attackers were able to install a program on payment card processing devices at a certain [number] of our restaurants, food and beverage outlets, spas, entertainment destinations and managed properties,” according to the statement. “The program was designed to search for data from the magnetic-stripe of payment cards that had been swiped as the data was being routed through affected systems.
“Landry’s likely uses a franchise-like model for most of their stores or operations,” he says. “And that’s the Achilles heel for the industry, because when you have a model like that, those locations are considered small merchants.
So they are probably not getting the attention they should for PCI compliance.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dca3491b77&e=20056c7556
How to Build a Remote Security Team
Whoever is managing this team needs to be in constant communication with the other team members.
There isnât the ability for you to walk over to an employeeâs cube and speak to them, and vice versa, so constant contact with each other is necessary to verify that the lines of communications are open.
This includes secure IM, webcams, email and texting.
Daily Stand Up Meetings
These shouldnât be more than 15-20 minutes and can be done at the beginning and end of each day, as needed.
Secure Access
Having the ability for all team members to collaborate securely is mandatory and so is the ability for them to securely access the network.
Scheduled Gatherings and Staff Meetings
Just as important as keeping in constant contact with each other so is keeping some of the normality of the office.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0ec7f9f3ba&e=20056c7556
What Are Your Container Security Options?
Virtualization giant VMware is a vocal advocate of the idea of running each containerized application in its own virtual machine to increase security.
Perhaps that’s not surprising given that container technology can be seen as a direct rival to its server virtualization technology, but VMware’s approach is certainly worth a good look.
But bringing virtual machines in to the mix would seem to negate many of the benefits of containers: for example that you can start them far faster than virtual machines, and that you can run far more containers than virtual machines on a single host.
Clair is an open source API-driven analysis engine that inspects containers layer-by-layer for known security flaws.
That’s useful for identifying container images that may not have contained any known vulnerabilities when you made them, but which have subsequently become unsafe to use because of the discovery of new vulnerabilities.
Twistlock is a security suite for containers founded by Ben Bernstein and Dima Stopel, who both spent more than 10 years in the Microsoft R&D center in Israel and who also served in the Israel Defense Force’s (IDF) formidable intelligence corps.
CoreOS has emerged as the major rival to Docker in the container space, and late last year it unveiled Distributed Trusted Computing.
This is a system which allows you to cryptographically verify the integrity of your entire container environment – from the server hardware to the applications running in containers.
What Is Docker Doing?
The newest container security initiative, announced at the recent Dockercon EU conference, is a scanning project called Project Nautilus that involves examining and validating images on the Docker Hub repository, with the aim of identifying vulnerabilities that exist in Dockerized applications.
Docker also announced support for a security capability known as user namespaces that will allow Docker users to enforce security controls on application processes running inside of a Docker engine, according to Kerner.
In addition, Docker plans to support Linux seccomp, a technology that Nathan McCauley, director of security at Docker, said will allow users to limit what runs inside Docker containers.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e923ce5597&e=20056c7556
Detecting âMulti-Stageâ Cloud Cyber-Attacks from the Start
A group of cybersecurity researchers are utilizing an experimental cloud computing test bed, called Chameleon and funded by the National Science Foundation, at the Texas Advanced Computing Center (TACC) at The University of Texas at Austin, and the Computational Institute at the University of Chicago to develop methods for detecting and containing cyber-attacks while still in the early stages.
The new detection rules under development by the researchers are based on a cyber-security artificial intelligence technique called Planned Recognition â recognizing the small start to a larger plan.
The researchers are analyzing attacks guided by three main questions: 1) how vulnerable is a cloud infrastructure to an attack from the outside; 2) how vulnerable is it to attacks from the inside â virtual machine to virtual machine; and 3) what happens when both of these situations happen simultaneously.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=28cc19aedf&e=20056c7556
The Malware Museum is an epic collection of old-school viruses
The destructive parts of the malware has been removed, but itâs pretty interesting to see how viruses of the past were created and what they actually did to computers, rather than just sheer destruction.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=552b421ce3&e=20056c7556
CIOs wary of sharing cyberthreat data
Despite a new law encouraging companies to share more information about cybersecurity attacks, only 58 percent of CIOs polled say the new law would make it more likely they would cooperate with the government in the event of a data breach.
The results, collected in a live audience poll at the Wall Street Journalâs CIO Network show Tuesday, suggest the U.S. government has a ways to go to fostering trust with the corporate sector.
Ozment, who oversees a $930 million budget and workforce created to bolster the nationâs cyber and communications infrastructure defense, says companies can relay threat indicator information from their intrusion detection system to one of their servers.
Companies then relay it to DHS, which has created a âgiant mixing bowl of indicators,â which are stripped of information about employees.
He also said cybersecurity vendors would be able to use the data to build their own products.
While he allowed that companies are much more reticent to report hacks, Ozment encouraged companies to communicate incidents to law enforcement or DHS, which would grant statutory protections where the data can’t be used for regulatory purposes, civil litigation or Freedom of Information Sharing Act requests. “The bill says that if you’re sharing information for cybersecurity purposes, then youâre protected against this liability,” Ozment says.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=75cc0ab6e0&e=20056c7556
5 Reasons Why Encryption Won’t Be Enough to Protect Your Data
… according to a new report by Harvard’s Berkman Center for Internet and Society, end-to-end encryption and other data protection methods aren’t enough to actually ensure that data is kept private, now and in the future.
Here’s why.
The Berkman Center brought together security, policy, and intelligence experts to examine the impact of Apple, Google, and other communication providers’ decision to make easy, end-to-end encryption the default in their phones and mobile devices.
End-to-end encryption is a form of data protection where only the people communicating can access the information.
There are no easy backdoors for the government, your Internet provider, or cyberthiefs to access and grab your info.
Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will “go dark” and beyond reach.
1) Monetizing User Data Will Keep End-to-End Encryption Rare.
2) There’s No Coordination.
3) The Internet of Things Will Be Watching and It Will Be Unprotected.
4) Metadata Remains Unprotected.
5) Our Privacy Discussions Are Too Limited.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=250ea0c62d&e=20056c7556
Cybercriminals use spy tactics for online bank heists
One group of attackers is using a modular malware program known as Metel or Corkow to infect computer systems belonging to banks and to reverse ATM transactions.
During a single night, the gang stole millions of rubles from a Russian bank using this hard-to-detect transaction rollback trick.
The Metel attackers start off by sending spear phishing emails with malicious links to the employees of banks and other financial institutions.
Once they compromise computers in those organizations, they move laterally inside the networks to identify and gain access to the systems that control transactions.
Once this is achieved, they automate the rollback of ATM transactions for particular debit cards issued by the institution.
During the night, the attackers drive around various cities and withdraw money from the ATMs of other banks.
However, in the card issuing bank’s systems the transactions are automatically reversed so the account balances never change.
A second group that also targets banks and financial institutions uses a malware program dubbed GCMAN, which is distributed using emails with malicious executable RAR archives and which masquerade as Microsoft Word documents.
The GCMAN group also stands out because of its patience.
In one incident, it waited a year and a half from the initial point of compromise until it started siphoning money.
During that time its members probed 70 internal hosts, compromised 56 accounts and used 139 different IP addresses to do it, mainly associated with Tor exit nodes and compromised home routers.
The third group is not new, but is one that previously went silent for about five months after being exposed in February 2015.
Until that time, the cybercime gang had used a custom malware program called Carbanak to steal millions of dollars from hundreds of financial institutions in at least 30 countries.
The group has returned with a new version of the malware — Carbanak 2.0 — and has started targeting budgeting and accounting departments in non-financial organizations as well.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cbf07351ea&e=20056c7556
Cloud security risks are rising
Cloud security risks are rising, with attacks growing at 45% year-on-year globally, according to cloud security firm Alert Logic.
In the next five years, $2 billion will be spent by enterprises to shore up their cloud defences, according to Forrester Research.
First time cloud users can be most at risk, simply because of unfamiliarity with the new environment and the added burden of having to grapple with a new way of managing users, data and security.
Here are five security must-doâs before taking the plunge.
During vendor selection, ask the cloud vendor what security services it provides and which security vendors it works with.
New apps, new fortifications: Ready to move an app into the cloud.
Before you do, consider adding new fortifications to the existing security measures you have built around your appâs authentication and log-in processes.
Embrace encryption: Data encryption is one of your biggest security ally in the cloud, and it should be non-negotiable when it comes to file transfers and emails.
While it may not prevent hacking attempts or data theft, it can protect your business and save an organisation from incurring hefty regulatory fines when the dreaded event happens.
Wrestling with the virtual: Moving into the cloud lets businesses reap the benefits of virtualisation, but a virtualised environment can present challenges to data protection.
The main issue has to do with managing the security and traffic in the realm of multi-tenancy and virtual machines.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=412f7798f4&e=20056c7556
The 8 most stressful jobs in tech
The most stressful tech and IT job on the list was for Web developer, which might be associated with its rapid growth.
According to the Bureau of Labor Statistics, web developer jobs are expected to grow by 27 percent by 2024, which is much faster than average.
The average salary for a web developer is $63,490 per year and the typical entry-level worker has at least an Associate’s degree.
[The least stressful top eight job was security analyst.
I wouldn’t see this as a bad sign, but more of a sign that the role is evolving to encompass other skills such as data analyst.]
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3fbf01ac17&e=20056c7556
Obama signs two executive orders on cybersecurity
WASHINGTON â Through two executive orders signed Tuesday, President Obama put in place a structure to fortify the government’s defenses against cyber attacks and protect the personal information the government keeps about its citizens.
The orders came the same day as Obama sent to Congress a proposed 2017 budget that includes $19 billion for information technology upgrades and other cyber initiatives
To implement those upgrades, Obama created two new entities Tuesday: The first, a Commission on Enhancing National Cybersecurity, will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors.
It will deliver a report to the president by Dec. 1.
The second, a Federal Privacy Council, will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e6da3d1cce&e=20056c7556
Swedish exec to take over as ICANN chief
The Director-General of the Swedish Post and Telecom Authority, Göran Marby, has been named the next President and Chief Executive Officer of the Internet Corporation for Assigned Names and Numbers (ICANN).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9e42c03d41&e=20056c7556
Current p2p trends threatening enterprise security
Chase Cunningham, director of cyber threat research, and Jeff Schilling, CSO, of Armor spoke about todayâs common p2p threat, the CryptoLocker campaign.
Schilling said, âIndividual computer threat actors are sending phishing emails to victims.
That crypto software sees what protocols are open across your network.
Then they lock up the files, encrypt them, and hold them for ransom.â
A common monitoring problem, said Schilling, is that most network traffic is monitored from north to south.
Observing the east to west connection between the server in our environment and other servers will unveil different threats.
Cunningham and Schillling said that CryptoLocker remains another p2p problem, âItâs something that is really taking off this year, and the vulnerabilities on their personal laptops and devices are from not shutting down those p2p protocols,â Schilling continued.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8b5c7ce5a6&e=20056c7556
Grammar and Spelling Errors in Phishing and Malware – See more at: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=38584d6134&e=20056c7556
Cybercriminals are able to write a program and orchestrate a maze of elaborate fraud schemes, but just canât seem to get the wording right.
If those criminals can put so much effort into creating phishing attempts that appear to be from a legitimate bank, why wouldnât they also proofread emails or double check the user agent used in C&C communications. – See more at: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7ad47e217b&e=20056c7556
Letâs take a look at some examples, starting with malware. – See more at: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=570b9d47f1&e=20056c7556
Letâs switch over to phishing.
The following three samples were seen in the wild.
They are either missing some words that are considered important when completing sentences in English, or they simply read as if a child wrote them. – See more at: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=33f7f44e57&e=20056c7556
The errors in phishing are useful though.
The emails that make it past spam filters have one final filter to pass through: the user.
Vigilance in reading the email and noting where it originated and how it uses language are great steps in staying secure from phishing. – See more at: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=835af71a1e&e=20056c7556
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8c147b6d1e&e=20056c7556
Russian hackers used malware to manipulate the Dollar/Ruble exchange rate
Russian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system terminals, which allowed them to manipulate the Dollar/Ruble exchange rate.
“To conduct the attack criminals used the Corkow malware, also known as Metel, containing specific modules designed to conduct thefts from trading systems (…) Corkow provided remote access to the ITS-Broker system terminal by ‘Platforma soft’ Ltd., which enabled the fraud to be committed.”
During this period, the Corkow Trojan was functional and constantly updated itself to avoid detection by antivirus software installed at the bank.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fe8931ccb1&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=74c48ddcd5)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)