[From the desk of Paul Davis – his opinions and no-one else’s Apart from the reporter’s opinions ]
* How a hacker’s typo helped stop $1bn bank heist
* Hackers studied bank’s inner workings
* Cyber crime: Men lose three times as much money as women
* Emergency Flash Player patch fixes actively exploited flaw
* India among most vulnerable nations to cyber attacks, says research
* CYREN 2016 Cyberthreat Report Shows 55% Annual Increase in Phishing, Steady Upswing in Malware
* Cyber security for manufacturers
* Financial Authorities Inspecting 16 Institutes’ Readiness Toward Cyber Attacks[S. Korea]
* NAB Looks to Arm Stations in Cyber War
* Dell gets to the bottom of what’s really going on with business data security
* Australian Orgs Will Struggle with Data Breach Bill
* DDoS Malware Became Very Popular This Past January
* California Updates Data Breach Notification Requirements
* Why are SOCs failing?
* 93% of Japanese Enterprises Vulnerable to Data Threats, 39% Experienced a Data Breach
* 9 out of 10 CIOs admit new EU data law will leave them exposed
* Threat-intelligence role grows as new threat sharing, analytics opportunities expand CSO toolkits
* Before Moving on From RSA…
How a hacker’s typo helped stop $1bn bank heist
A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.
Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.
The hackers breached Bangladesh Bank’s systems last month and stole its credentials for payment transfers, two senior Bangladesh Bank officials said.
They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh bank’s account there to entities in the Philippines and Sri Lanka, the officials said.
Bangladesh Bank has said it has recovered part of the money that was stolen, and is working with anti-money laundering authorities in the Philippines to try to recover the rest of the funds.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d52641766b&e=20056c7556
Hackers studied bank’s inner workings
The hackers ordered transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank.
The hackers ordered transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank.
The perpetrators of a $100 million digital heist at Bangladesh’s central bank had deep knowledge of the institution’s internal workings, likely gained by spying on bank workers, security experts said.
Unknown hackers breached Bangladesh Bank in early February, stole credentials for payment transfers, and then ordered transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank, according to Bangladesh Bank officials.
Kayvan Alikhani, a senior director with security firm RSA, said in addition to user names and passwords for accessing SWIFT, the hackers likely needed to obtain cryptographic keys that authenticated the senders.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=184c2c3342&e=20056c7556
Cyber crime: Men lose three times as much money as women
The average loss for men was £2,354 compared with only £809 for women.
The City of London Police, which has a national responsibility for combating fraud and cyber crime, published research which said women are six times more likely than men to be victim of an online shopping fraud or a crime committed on an auction site.
The report also concluded that the harm caused to victims of cyber crime increases with age, with elderly victims feeling a greater impact on their health and financial wellbeing than younger victims.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fd2074c953&e=20056c7556
Emergency Flash Player patch fixes actively exploited flaw
Adobe Systems released new versions of Flash Player to fix 18 critical vulnerabilities that could be exploited to take over computers, including one flaw that’s already targeted by attackers.
“Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks,” the company said in a security advisory.
The flaw stems from a heap overflow condition and was reported to Adobe by researchers from antivirus firm Kaspersky Lab.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a59b4c44ce&e=20056c7556
India among most vulnerable nations to cyber attacks, says research
Washington: When it comes to vulnerability to cyber attacks, India along with China, Russia, Saudi Arabia and South Korea is most vulnerable, says research led by an Indian-American scientist.
While the US is ranked 11th safest of 44 nations studied, several Scandinavian countries like Denmark, Norway and Finland were ranked the safest in the book authored by V.S.
Subrahmanian, professor of computer science at the University of Maryland.
“Our goal was to characterise how vulnerable different countries were, identify their current cyber security policies and determine how those policies might need to change in response to this new information,” said Subrahmanian, with the University of Maryland Institute for Advanced Computer Studies (UMIACS).
The researchers based their rankings, in part, on the number of machines attacked in a given country and the number of times each machine was attacked.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=15c8deda5e&e=20056c7556
CYREN 2016 Cyberthreat Report Shows 55% Annual Increase in Phishing, Steady Upswing in Malware
MCLEAN, Va., March 9, 2016 /PRNewswire/ — CYREN (NASDAQ: CYRN) today announced in its 2016 CYREN Cyberthreat Report that it tracked 3.96 million active phishing URLs in 2015 – a 55% increase over 2014.
CYREN’s report also notes that new malware rose 14% in 2015 to 95.54 million detections.
New malware aimed at Android users increased at a slower 5% pace to reach 3.25 million detections.
The full 28-page 2016 CYREN Cyberthreat Report is available to download at http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1e439c54d8&e=20056c7556.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cedb4d1327&e=20056c7556
Cyber security for manufacturers
Manufacturers who think their computers will never get hacked need to think again.
Alan Johnson reports.
David Higgins, ANZ Regional Director for WatchGuard Technologies, said this belief among manufacturers (particularly smaller companies) that they could never be a target for hackers is a huge mistake.
Higgins advised manufacturers to put in place an instant response plan, similar to a fire drill, where everyone knows what to do in the event of an attack.
Higgins said a good starting point for manufacturers is the Australian Signals Directorate’s website (asd.gov.au) which highlights 36 steps companies should take to mitigate cyber attacks.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b1bb2ac838&e=20056c7556
Financial Authorities Inspecting 16 Institutes’ Readiness Toward Cyber Attacks[S. Korea]
Financial authorities have launched on-site inspections on the computer systems of 16 banks and securities companies amid concerns of North Korean cyber attacks.
The inspections are focusing on whether such firms have appropriately implemented measures for blocking the infection of malware and whether they have maintained the latest version of vaccine programs and blocked access to dangerous Web sites.
The FSS and the Financial Services Commission(FSC) had sent letters last Friday to all financial institutes, including banks, securities firms and insurance companies, urging them to internally review their preparedness for possible cyber attacks.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=408af21f6f&e=20056c7556
NAB Looks to Arm Stations in Cyber War
Broadcast Cybersecurity: The Essentials (March 23) will look at the threat of cyber attacks on broadcast stations and how best to protect against them. “We are more connected than ever before.
That connectivity brings efficiency and many operational benefits.
However, it also brings risks,” said NAB chief technology officer Sam Matheny in announcing the webinar.
NAB said it developed the webinar in response to the FCC’s recommendation that media companies adopt a cybersecurity framework developed by the National Institute of Standards and Technology.
NAB says it will also publish a white paper March 22 with action items for station cyber protection.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6110978286&e=20056c7556
Dell gets to the bottom of what’s really going on with business data security
While C-level executives recognise the benefits of data security, organisations are still struggling to develop programmes that effectively incorporate security strategies without detracting from other business initiatives, according to the first Dell Data Security Survey.
The report found that even with tools in place to address data security needs, business and IT decision makers report gaps in their comfort level with implementing or expanding programmes that rely on these technologies.
In addition, security concerns are limiting the adoption of cloud and mobility solutions throughout organisations.
Nearly three in four decision makers agree that data security is a priority for their organisation’s C-suite; however, one in four decision makers don’t find their C-suite to be adequately informed about data security issues.
Cost is a concern when it comes to building on existing programmes, with 53% of respondents citing cost constraints for why they don’t anticipate adding additional security features in the future.
Nearly three in four (73%) decision makers are somewhat to very concerned about malware and advanced persistent threats.
Only one in five respondents are very confident in their ability to protect against sophisticated malware attacks.
Respondents are more worried about spear phishing attacks (73% are concerned) than any other breach method, the survey found.
“The Dell Data Security Survey highlights that as the security landscape evolves, and threats become more sophisticated, organisations need to foster a culture of cybersecurity awareness from the top down and integrate it throughout their organisation.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b57056640b&e=20056c7556
Australian Orgs Will Struggle with Data Breach Bill
Consulting firm Protiviti has predicted troubling times ahead for Australian organizations who, according to the company, may face confusion when trying to comply with the Federal Government’s mandatory data breach notification proposals.
Protiviti argues that unlike in the EU and US, where there are clearly defined notification guidelines set out for companies to follow in the event of significant data breaches, concepts put forward in Australia’s draft Bill are sketchier which could leave organizations having to make judgment calls about whether their notification obligation needs to be triggered or not.
Protiviti point to the fact the Bill necessitates companies to consider whether there are ‘reasonable grounds’ to believe a ‘serious data breach’ has occurred which has led to a ‘real risk of serious harm’ before they are obliged to notify those involved.
However, Hunt was quick to point out the Bill is still only at the draft stage and that he hopes community feedback in the interim will help refine the finished product.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1b265984da&e=20056c7556
DDoS Malware Became Very Popular This Past January
During the past year, DDoS attacks have reached an all-time high, often peaking at over 500 Gbps, an unimaginable limit a few years back.
A recent case study from Arbor Networks showed that a crook renting out his DDoS botnet can make on average $66 per attack and around $54 per day.
According to Check Point, during January 2016, the most encountered malware family was Conficker, which accounted for 24% of all malware infections.
This malware has been around from the XP days, but the good news is that it’s detected by most antivirus engines, and isn’t really that feature-packed, most infections probably coming from older, unpatched systems.
Second on the list is Sality, which is a malware dropper, that only focuses on getting persistence on infected systems, and then downloading other more dangerous threats.
Third on the list is a new entry, which is the Dorkbot botnet, a double-edged malware that can steal passwords from your PC, but it can also transform your computer into a bot in a DDoS network.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=eb73f11171&e=20056c7556
California Updates Data Breach Notification Requirements
The California Department of Technology’s Office of Information Security says it has updated the State Information Management Manual (SIMM) to reflect new notification requirements for breaches of personal information.
The three bills, which took effect on Jan. 1, 2016, are:
AB 964, which added a definition for the word “encrypted”
SB 34, which added Automated License Plate Recognition (ALPR) information as a “notice triggering” data element
SB 570, which specified format and content requirements for breach notifications.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8d123f5fcd&e=20056c7556
Why are SOCs failing?
Linux Mint users were exposed to a troubling vulnerability in February, when the Linux Mint website was hacked and distributed malware-infested ISOs for a day.
The forum user database was also stolen.
Linux Mint’s Clement Lefebvre recently posted a monthly newsletter for users, explaining how the problem has been fixed and how Linux Mint will be more secure in the future.
Linux Mint received valuable help from Avast, which reached out to the OS maker following the attack and offered to analyze the hacked Linux Mint ISO file.
A day later, Avast provided a full malware analysis of the file.
The Linux Mint team issued an update to warn users who may have been using infected Linux Mint systems unknowingly.
Avast and AVG were able to block access to the servers used by the hackers, preventing that malware from phoning home.
Improvements have also been made to the Linux Mint website to guard against attacks that push users toward malicious software.
This sort of risk was driven home when the popular open-source Transmission BitTorrent client was recently found distributing the first ransomware for Mac after hackers breached its website.
FireEye’s stock has experienced a massive fall from the market’s good graces.
Despite this drop, revenue and billings continue to grow.
From a valuation standpoint, FEYE has enormous potential.
While definitions vary, generally speaking a security operation centre (SOC) is a central point from where all security issues are dealt with on an organisational and technical level.
Typically, it will encompass all the enterprise’s information systems – from websites, applications, databases, data centres and servers to networks, desktops and other endpoints, that are monitored, assessed and defended.
The problem is that all too often SOCs are failing.
When you see organisations spending huge amounts of money on security measures that fail to spot 95 per cent of simulated attacks, it’s hard to come to any other conclusion.
So, what’s going wrong?
The situation SOCs end up in with this approach is that they have a mountain of data that is very difficult to process, and a huge number of daily alerts, the overwhelming majority of them being false positives.
Instead of jumping to a solution that doesn’t work, focus should instead be on what matters and what the requirements are.
The next question is what key components are needed to support these activities.
Once these systems are in place, an effective workflow is needed, that is followed every day, and is designed to detect the attack scenarios identified.
This one is critical.
No matter how good an organisation’s technical systems and capabilities, it’s all for nothing if the right people to support it are missing.
As a rule of thumb, smart and capable employees do not like staring at screens of thousands of alerts 24 hours a day
To make the job interesting, the SOC should take out the grunt work, continually improve and generally not overwhelm analysts with huge amounts of data.
Make sure endpoint analysis, network analysis and log collection are in place – endpoint analysis is particularly important for detecting more advanced targeted attacks.
Less is more – constantly review data sources, workflows and alert cases to eliminate what isn’t valuable and further improve what is.
Unless you test and measure the SOC’s effectiveness, there is no reason to believe it is of any value at all.
To see results, thinking needs to change.
Not every compromise can be prevented, but identifying it quickly and acting on that intelligence is the endgame.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=67e31aed94&e=20056c7556
93% of Japanese Enterprises Vulnerable to Data Threats, 39% Experienced a Data Breach
SAN JOSE, Calif., March 10, 2016 /PRNewswire/ — Vormetric, a leader in enterprise data security for physical, virtual, big data, public, private and hybrid cloud environments, today announced the results of the Japan Edition of the 2016 Vormetric Data Threat Report (DTR).
The report is issued in conjunction with analyst firm 451 Research with polling for the report featuring the responses of 1,100 senior IT security executives at large enterprises worldwide, and over 100 in Japan.
This edition of the 4th annual report extends earlier findings in the global report, and cloud, big data and IoT edition with findings about Japanese enterprise leader’s perceptions of threats to data, rates of data breach failures, data security stances and IT security spending plans.
Critical findings:
93 percent of Japanese organizations feel vulnerable to data threats
39 percent had experienced a past data breach, indicating that there are good reasons for this fear
Top external threats recognized were Cyber-terrorists at 77 percent and Cyber-criminals at 76 percent
In spite of threats and vulnerabilities, only 31 percent are increasing spending to protect sensitive data
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a19e1cd050&e=20056c7556
9 out of 10 CIOs admit new EU data law will leave them exposed
In addition, over three-quarters of CIOs (77%) said they are getting frustrated that despite technology – such as encryption – being available to enable secure ways of working, employees just aren’t using them.
Significantly, 87% of these acknowledged this made their company more vulnerable.
Nearly three-quarters of respondents said they are committing to tightening up data sharing processes in response to the new data law, but only 20% are focusing on accidental breach – despite research showing it is responsible for 93% of incidents.
In particular, the research highlighted issues such as potential pressures on IT helpdesks (44%), disruption to work processes (31.5%) and complex integrations (23%) mean there is little appetite to tackle the issue head on and businesses remain at risk.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=546158d0d5&e=20056c7556
Threat-intelligence role grows as new threat sharing, analytics opportunities expand CSO toolkits
The introduction of more readily accessible threat-intelligence capabilities is intended to empower businesses to take better control of their security-monitoring environment, tapping into threat-intelligence capabilities that have become significantly more robust in recent years.
It’s an extension of an ongoing campaign to empower users with data and context to understand the attacks with which they are likely to be targeted.
Growing use of threat-intelligence platforms reflects a growing imperative for CSOs to engage with threat-intelligence communities to both share information about their experiences, and to learn from the experiences of their peers.
Security-analytics firm Nuix was also getting in on the action, with a pair of Nuix Insight-branded intelligence platforms providing threat intelligence-based continuous protection and breach-analysis forensic capabilities designed to help organisations both stop attacks before they happen, and to trace through log data searching for telltale signs of attack if something unexpected goes wrong.
And Blue Coat recently joined forces with enterprise-storage giant NetApp to offer a focused storage solution that “significantly expands the capture window from weeks to months”, the company said in a statement.
That offering is squarely targeted at users of the Blue Coat Security Analytics threat-intelligence platform, which like all such solutions works better when fed larger security-log data sets that would be unwieldy on many existing storage infrastructures.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a357c9ea1d&e=20056c7556
Before Moving on From RSA…
It’s been a week since my last meetings at RSA and I’m already thinking about travel plans and agendas for Infosec Europe and Black Hat.
Before closing the book on RSA 2016 however, I have a few final thoughts about the industry and cybersecurity professional community.
1) It’s time to go beyond product categorization.
2) Technology underpinnings aren’t nearly as important as outcomes.
3) Cybersecurity professionals should get comfortable with the cloud control plane.
4) CISOs need to play a managed security services cards.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0aba6dbe70&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d4bc8906b0)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)