Month: April 2013

DDoS used as cover fire for parallel attacks, $2.1 million unauthorized wire transfer

Posted on by admini

Working with organizations affected by Dirt Jumper DDoS attacks revealed a threat scenario in which the threat actor first performed a short-lived “test” DDoS attack to determine if the actor’s botnet could make the targeted site unusable.

If the test was successful, then the threat actor performed another DDoS attack in the near future, but this time the DDoS attack occurred shortly after an unauthorized wire or Automated Clearing House (ACH) transfer out of a compromised account. DDoS attack patterns revealed that short-lived attacks were an indicator of an unauthorized wire transfer, while longer attacks, which could last hours to days, were indicators of a fraudulent ACH transfer.

Visibility on these attacks proved to be quite useful in some cases, the DDoS attack was the initial notice that high-dollar fraud was occurring. Some of the fraud attempts and losses are staggering, with total dollar values of attempted fraud ranging from $180,000 to $2.1 million.

Link: http://www.cyberwarzone.com/ddos-used-cover-fire-parallel-attacks-21-million-unauthorized-wire-transfer

Read more

Hackers hit thousands of websites with Apache backdoor attack

Posted on by admini

The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies.

“With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit,” said Zwienenberg.

The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.

Link: http://www.v3.co.uk/v3-uk/news/2264874/hackers-hit-thousands-of-websites-with-apache-backdoor-attack

Read more

Splunk Adds Statistical Analysis to Enterprise Security App

Posted on by admini

“Companies now understand that hidden in the terabytes of user-generated machine data are abnormal patterns of activity that represent the presence of malware or the behavior of malicious insiders,” Seward adds. “The new Splunk App for Enterprise Security enables statistical analysis of HTTP traffic to help security professionals determine a baseline for what’s normal, quickly detect outliers and use those events as starting points for security analysis and investigation.”

The new version of Splunk App for Enterprise Security automates monitoring and correlation of these outliers and anomalies in real time and presents the resulting analysis via dashboards and alerts.

“As long as you’re capturing proxy data, for example, all of that data will automatically go into the Splunk App for enterprise Security and all of those statistical outliers will be there and available to you.”

“Finding advanced threats is hard,” adds Jim Krev, Sr., security manager of Fieldglass, a provider of vendor management system (VMS) technology that two years ago replaced its legacy Security Information and Event Management (SIEM) tool with Splunk Enterprise and the Splunk App for Enterprise Security.

What Splunk has done with the Enterprise Security 2.4 release is make it easier to find and visualize unusual characteristics of data using statistics,” Krev says.

Link: http://www.csoonline.com/article/732635/splunk-adds-statistical-analysis-to-enterprise-security-app?source=rss_data_protection

Read more

A New Source of Cyberthreat Updates

Posted on by admini

John Watters, founder of iSIGHT Partners, says obtaining timely, accurate information about the latest cyberthreats is challenging because there’s so much misinformation available. “There is not a central place – or a knowledge center – where everyone can draw information from to take action,” he says. Today what we’ve seen is really the convergence of the threat environment – now the private and public sectors are being targeted by the same threats.

The recent wave of distributed-denial-of-service attacks illustrates the need to stay well-informed about the very latest threats, Watters says. “We help our members demystify some of this information, which allows them to prioritize their resources to focus on the real, true threats,” he says.

Before joining the FS-ISAC, a non-profit association dedicated to protecting financial services firms from physical and cyberattacks, Nelson was elected vice chairman of the ISAC Council, a group dedicated to sharing critical infrastructure information.

Over the past decade, Watters has been involved with numerous cybersecurity companies, including TippingPoint Technologies, Archer Technologies, Netwitness and Lookingglass, in addition to iDEFENSE and iSIGHT Partners.

Link: http://www.bankinfosecurity.com/interviews/new-source-cyberthreat-updates-i-1902?rf=2013-04-29-eb&elq=01956b18b1fb4b35b539650c8ea7dc3b&elqCampaignId=6596

Read more

Ramnit sleeping malware targets UK financial sector

Posted on by admini

But, there is still one more obstacle in the way of the malware – to complete the transaction a One Time Password (OTP) must be entered by the user.

Trusteer said the malware’s authors have moved to further hide the malware from its intended victims, by making it alter the bank’s FAQ to make it seem as if the bogus messages are entirely legitimate. Anticipating that some suspicious users may reference the bank’s FAQ page, Ramnit authors took the extra step of altering the FAQ section to fit the new process,” said the spokesman.

“By changing multiple entries in the FAQ section Ramnit demonstrates that its authors did not leave anything to chance – even if the victim decides to go the extra step, Ramnit is already there.”

Link: http://www.v3.co.uk/v3-uk/news/2264999/ramnit-sleeping-malware-targets-uk-financial-sector

Read more

U.S. response to bank cyberattacks reflects diplomatic caution, vexes bank industry

Posted on by admini

“You’re always going to see the government be more cautious and incremental in response to most incidents than the private sector probably would like,” Michael Daniel, the White House cybersecurity coordinator, said in a recent interview, speaking generally.

This much is clear: The last eight months of disruptions to bank Web sites, caused by efforts to crash servers with torrents of computer traffic, have not been severe enough to trigger a military response, cyber or otherwise.

Daniel, the White House cyber official, said he thinks companies need to do more to defend their own networks as part of a “spectrum of responsibility” that includes the public and private sectors.

At a March meeting of banking executives hosted by the Treasury Department, U.S. officials made clear to the chief executive officers that they could not simply rely on the government for cybersecurity. Some banking officials say they would like the providers — including Verizon, AT&T and Century Link — to do more to block malicious traffic headed toward their networks.

Alexander, the director of the National Security Agency, suggested that the Internet companies would be best positioned to block an Aramco-type attack with help from the NSA. If a company is asked by the government to screen the traffic to stop an attack, it could be seen as acting as a government agent, exposing the firm to legal action.

Alexander, industry officials say, would like the Internet providers to be able to screen traffic entering U.S. networks, but privacy laws prevent them from doing so unless, for instance, they have customer consent or a court order.

Link: http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html

Read more