Cyber War Games: Top 3 Lessons Learned About Incident Response
Deloitte leads client organizations in war game exercises like these to “stress test” their incident response plans, and identify the strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.
• Designate a Crisis Officer
• Be Skeptical About The Information You’re Receiving
• Resist Finger Pointing In Any Direction
Don’t forget about your employees. While the media, the regulators, and the customers are usually top of mind, many companies tend to forget about how they need to communicate about a security incident to their own employees. In the simulation, the chief operating officer was the one who brought it up first.
Link: http://www.darkreading.com/risk/cyber-war-games-top-3-lessons-learned-about-incident-response/d/d-id/1319813
WHAT ARE NATION STATE INFORMATION SECURITY ATTACKS REALLY TELLING US?
It is rarely considered that for most nation-state sponsored attackers, targeting foreign companies is a day job: it is more economically feasible to steal $500,000 of research rather than spending $2,000,000 and two years to conduct the research themselves.
Malware is one for the easiest ways in for attackers. The game is stacked in their favour for several reasons..
There needs to be a fundamental transformation from seeing attacks as unusual events brought about by people out to do us direct harm, where our emotions and reflex actions overtake reasoned and rational thinking, to one where these attacks are viewed as a part and parcel of doing business.
Link: http://continuitycentral.com/feature1302.html
iSIGHT Partners Acquires Critical Intelligence
iSIGHT Partners, Inc., the leading provider of cyber threat intelligence for global enterprises, today announced the acquisition of Idaho-based Critical Intelligence, the leader in cyber situational awareness and threat intelligence for Industrial Control Systems (ICS) owners and operators. Under the terms of the agreement, iSIGHT Partners has acquired 100% of Critical Intelligence, a 6-year-old company and pioneer in identifying vulnerabilities and threats to critical infrastructure systems, including supervisory control and data acquisition (SCADA) and other process control systems (PCS).
The move comes on the heels of iSIGHT Partners’ announcement of a $30m investment by Bessemer Ventures Partners and the company’s expansion of operations in the EMEA region. iSIGHT experienced significant growth in 2014 and finished the year with record revenues and strong client acquisition across numerous vertical and geographic segments, including energy, oil and gas and manufacturing. Growth continues to accelerate and iSIGHT Partners experienced over 100% year-over-year bookings growth in the first quarter of 2015.
Link: http://www.power-eng.com/marketwired/2015/04/7/isight-partners-acquires-critical-intelligence.html
Malicious, large-scale Google ad campaign slams users with malware
A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.
Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.
Link: http://www.pcworld.com/article/2907492/largescale-google-malvertising-campaign-hits-users-with-exploits.html
Two NTP Key Authentication Vulnerabilities Patched
The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an advisory warning of the two vulnerabilities, which were patched in ntp-4.2 8p2.
Link: https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067
Microsoft closes acquisition of R software and services provider
Microsoft acquires Revolution Analytics, a commercial provider of services for the open source R programming language for statistical computing and predictive analytics.
“Revolution has made R enterprise-ready with speed and scalability for the largest data warehouses and Hadoop systems,” he adds.
Link: http://www.cio.com/article/2906456/data-analytics/microsoft-closes-acquisition-of-r-software-and-services-provider.html?phint=newt%3Dcio_insider&phint=idg_eid%3De87b17913ba9d312d52f2efa84a73904#tk.CIONLE_nlt_insider_2015-04-08
HP warns cybersecurity customers to focus on people and processes
To protect themselves against cyberattacks, organizations should focus more on training their employees and improving their internal processes instead of buying new technology, according to one tech vendor.
Yet, businesses and government agencies often focus on the next “silver bullet” product, unaware that most cybersecurity problems stem from flawed procedures and human error, said Art Gilliland, senior vice president and general manager for Hewlett-Packard’s software enterprise security products.
Link: http://www.computerworld.com/article/2907058/hp-warns-cybersecurity-customers-to-focus-on-people-and-processes.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_dailyam_2015-04-08&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4
Malware writers take a page from the spam industry to evade detection
While the volume of cyberthreats declined slightly last year, their sophistication increased, according to a new report from Websense Security Labs. One indicator that attackers are reusing pre-existing tools and infrastructure was in the form of botnet usage.
According to Websense, the average price of an exploit kit is now between $800 and $1,500 a month, and the number of these kits tripled last year, keeping prices low.
The total number of C&Cs has doubled last year, from 1.1 billion to 2.2 billion, he added.
Link: http://www.csoonline.com/article/2907124/cyber-attacks-espionage/malware-writers-take-a-page-from-the-spam-industry-to-evade-detection.html
AlienSpy A More Sophisticated Version Of The Same Old RATs
… AlienSpy is distributed via phishing emails with subject headers that are designed to fool recipients into opening them. Many of the emails purport to contain information related to financial transactions of some sort. Systems that are infected could end up having additional botnet and data-stealing malware loaded on them.
Fidelis researchers have observed AlienSpy being sold in the cyber underground via a subscription model, with prices starting at $9.90 for 15-day use to $219.90 for an annual subscription. The subscription provides users with access to the malware’s complete range of capabilities, including some newer techniques like sandbox detection, antivirus tool disablement, and Transport Layer Security (TLS) encryption-protected command-and-control capabilities.
AlienSpy is currently detected by only a limited set of antivirus products and incorporates features like multi-platform support. Fidelis described the capabilities of the malware tool as far beyond what used to typically be available with previous generation remote access malware tools.
Link: http://www.darkreading.com/attacks-breaches/alienspy-a-more-sophisticated-version-of-the-same-old-rats/d/d-id/1319842
FSS [Korea] dedicates itself to fighting ‘five financial evils’
The Financial Supervisory Service (FSS) is branding voice phishing, insurance fraud, illegal loan sharks, illegal bond collections and overly aggressive sales of products by financial institutions as “five financial evils” that it will endeavor to fight.
The financial watchdog announced a special task force led by Senior Deputy Governor Seo Tae-jong on Wednesday to combat those financial crimes, which are getting more clever and complex and therefore pose more of a risk than in the past.
Link: http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=3002878