July 2013 – Page 2 – CyberSecurity Institute

Security company to release testing tool for SAP mobile access

Posted on July 17, 2013December 30, 2021 by admini

Exposing those back-end systems is complicated, and companies can face a risk of hacking if the systems are misconfigured or do not have up-to-date patches.

Sanjay Poonen, head of SAP’s mobile division, said at the Sapphire Now conference in May that the company has more than 1,000 people working on mobile-related projects in areas such as retail, banking and consumer package goods.

Last year, SAP reported more than €222 million (US$293 million) in license revenue from its mobile-related business, a revenue stream that didn’t exist two and half years prior, Poonen said.

Nunez said companies faces risks if, for example, a CRM (customer relationship management) system is incorrectly configured for access by mobile devices, opening a door for hackers using attack tools for Web services.

X1’s mobile security module looks at what functions and processes are exposed in the back-end systems and not on the mobile application itself, Nunez said.

Link: http://m.itworld.com/security/365487/security-company-release-testing-tool-sap-mobile-access

As cyber attacks detonate, banks gird for battle

Posted on July 17, 2013December 30, 2021 by admini

JPMorgan and its peers like Bank of America, Citigroup and Wells Fargo have signed up for Thursday’s drill, which is being organized by Wall Street’s biggest trade group, the Securities Industry and Financial Markets Association, or SIFMA.

They’ll monitor a simulated stock exchange for irregular trading and will be pressed to figure out what’s going on and how to react while sharing information with regulators and each other.

But that was before a wave of cyberattacks last fall, when big banks were forced to temporarily shut down their websites after attackers bombarded them with traffic — akin to overwhelming a phone line with too many calls.

“If you went to banks three years ago, and said, ‘What are your top five risks?’, probably none of them would put cyber on there,” said Karl Schimmeck, SIFMA’s vice president for financial services operations.

The Office of the Comptroller of the Currency, which regulates national banks, recently held a call with community bankers to warn them that they’re not free from danger either: Since September, attacks have been increasingly aimed at businesses with fewer than 250 employees, the OCC says. Customers would have to go through certain steps to get their money back, like filing a claim, showing that they weren’t negligently tossing their account information around and giving the bank time to investigate.

A DRILL BY ANY OTHER NAME: As for the title of Thursday’s drill, the one that sounds more appropriate for an action movie than a bank security exercise, it came about during the creation of the original drill in 2011, which was organized by the Financial Services Sector Coordinating Council.

Link: http://www.seattlepi.com/business/technology/article/As-cyber-attacks-detonate-banks-gird-for-battle-4667972.php

Business users visit most malicious websites, security academics find

Posted on July 16, 2013December 30, 2021 by admini

Just 2 per cent of malicious websites visited by Australian users were actually hosted in Australia, while 62 per cent originated in the United States – lending support to earlier reports that notorious malware host China was actually losing its one-time dominance.

The project “allows us to apply large scale analytics techniques to analyse massive volumes of Trend Micro malware sensor data,” said Professor Yang Xiang, director of the Network Security and Computing Lab within the Deakin University School of Information Technology, in a statement.

Interestingly, many of the hosts were unaware of their infection with malware: of 24 servers compromised by the Blackhole Exploit Kit and noted by the research team, 12 were still delivering the malware-compromised pages a week later.

Link: http://www.cso.com.au/article/520498/business_users_visit_most_malicious_websites_security_academics_find/

Study: Network Reconnaissance On Rise Posing Computer Threat

Posted on July 12, 2013December 30, 2021 by admini

Automated credential guessing is a malicious attack in which the perpetrator uses software to guess log-in credentials of users and can inherit user specific privileges to the system, based on the identity established by the supplied credentials.

Findings show that while most companies place security emphasis on computer viruses, trojans and worms, security breaches as a result of viruses account for less than one percent of incidents. Port scanning and automated credential guessing are by far the most prevalent types of IT network security breaches among remote locations and branch offices. Remote locations typically do not have the level of security oversight and resources as a large, centralized corporate network location to combat these threats.

“Our recommendation to businesses is to apply the appropriate IT security protocols and technology that mitigate the risk of network vulnerabilities.”

Link: http://mitechnews.com/articles.asp?id=15851&sec=24

Hunting for ‘Whales’ Using Targeted Malware

Posted on July 10, 2013December 30, 2021 by admini

Of course, spear phishing isn’t new, but the targets and tactics are evolving, and most users who might have known to not give away their banks account numbers at home may be handing over sensitive information in an enterprise setting due to lack of training and awareness.

Administrative assistants, accountants, salesmen, IT managers, and pretty much everyone else in an enterprise hold a great deal of company knowledge that criminals can use to ultimately unlock a company’s secrets.

But beyond simply explaining the threat to them, ask your staff to take a step back to see what information a cyber criminal can easily dig up. This may sound completely narcissistic to them, but I recommend you ask them to “Google” themselves from time to time in order to see what pops up in search results. The idea is to familiarize one’s self with what is public knowledge — so you aren’t caught off guard when it’s used to gain your trust.

Even though you aren’t likely to be considered a “whale” by Las Vegas casino standards, you and your staff need to understand that your position within a large organization probably makes you a pretty big fish in the eyes of a cyber criminal. And in order to help combat against these attempts, your best bet is to try and see what a hacker can see on the Internet so it can’t be used against you

Link: http://www.enterpriseefficiency.com/author.asp?section_id=1076&doc_id=265441&f_src=enterpriseefficiency_iwkfeed

Companeis lack the ‘intelligence’ to deal with cyber threats

Posted on July 9, 2013December 30, 2021 by admini

Malcolm Marshall, KPMG partner and head of the firm’s Information Protection & Business Resilience team, says: “Increased awareness of cyber security threats is a positive trend, but indications are that organisations now need to focus on putting into place the fundamentals of intelligence management to gain real value from what they know. These revolve around creating an intelligence-led mindset within organisations, implementing an operating model similar to those employed by the intelligence community and building a decision-making process which is centred on a tightly controlled ‘information gathering programme’.

‘Cyber threat: intelligence and lessons from law enforcement’ argues that an intelligence-led mindset establishes a direct connection between the threats and vulnerabilities organisations face and the consequences of their compliance or inaction.

For example, rather than simply collating data, KPMG’s report urges organisations to set parameters for the type of information being gathered, so that haphazard approaches to analysis and actions can be avoided.

Link: http://www.actuarialpost.co.uk/article/companeis-lack-the—–039intelligence—-039-to-deal-with-cyber-threats-5096.htm