[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* How To Succeed At Third-Party Cyber Risk Management: 10 Steps
* How will cybersecurity look like in 2020? Five threat scenarios
* CISOs need to pay attention to IoT security spending
* What are the 3 Key Layers in Healthcare Data Security?
* BBSwift is the name given by Microsoft to the malware analyzed by BAE Systems and identified in their report on the attack on the SWIFT money transfer system at Bangladesh Bank. Aliases include Banswift, Bankswi, Alreay, and TSPY_ALSOF. BBSwift is not one program but a collection of malware plus o
* IT leaders pick productivity over security
* The New Front In Cybersecurity: How to prevent hackers from taking down critical infrastructure
* Latest Security Study Worry: How Many Times Will You Be Breached?
* The hospital of the future
* Researchers Find Electronic Medical Records Often Targeted by Hackers
* New SolarWinds Research Study Reveals Progress Against Security Risks
* Securing DNS for secure NFV
* Why automation is the key to the future of cyber security
* Localized “designer” malware campaigns all the rage, says Sophos
* India, Pakistan biggest victims of malware: Microsoft
* DHS urges ‘whitelisting’ programs to protect industrial controlers
* Protect your computer: Data breaches in the state are on the rise [New York City]
* Ransomware attacks hit all-time record high in April
* Hotel sector faces cybercrime surge as data breaches start to bite
* Why MX Records Matter in the Fight Against BEC and Spear Phishing
How To Succeed At Third-Party Cyber Risk Management: 10 Steps
Organizations are failing — and badly — assessing the risk of attacks and data breaches from vendors and supply chains, according to a recent Ponemon Institute study. The solution starts at the top.
Step 1. The CEO and boards of directors should be responsible for establishing a positive tone at the top.
Step 2. The CEO and boards of directors should become more proactive in the third-party risk program.
Step 3. An organization should communicate its values to employees and other stakeholders through training and policies to ensure enterprise wide adoption.
Step 4. Make the business case for dedicating more resources to third-party risk management by estimating the potential costs to your organization due to negligent or malicious third parties.
Step 5. Assess the potential threats posed by technologies such as the use of cloud and IoT in third parties.
Step 6. The risk of cyberattacks to sensitive and confidential information, ensure they have appropriate technologies to reduce and mitigate threats.
Step 7. Third-party risk management programs should incorporate metrics that reveal the vulnerabilities created by the third parties in your organization’s supply chain.
Step 8… a strategy should incorporate the people, process, and technologies for managing the risk.
Step 9. Assign accountability for the third-party risk management program to ensure the objectives of the risk management program are accomplished.
Step 10. Become involved in a consortium or council dedicated to best practices in addressing third-party risks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4dc9e9be01&e=20056c7556
How will cybersecurity look like in 2020? Five threat scenarios
Researchers from UC Berkeley’s School of Information tried to answer this immensely challenging question in their most recent report, Cybersecurity Futures 2020.
The paper explores how technology and security will be transformed in the uncertain and not-so-distant future.
Briefly, here are five scenarios the researchers have envisioned for the next four years – to be taken with a pinch of salt, they say.
– As cyber-attacks become commonplace, everyone expects to have their data stolen and exposed online.
– Companies and cyber-criminals are after undervalued data, the new potential currency.
– New cyber-security vulnerabilities emerge as data scientists will be able to predict human behavior at a very precise level.
– Internet of Things technologies become part of everyday lives, thanks to government efforts.
– Wearables expose users’ intimacy and makes it vulnerable to tracking and manipulation.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f6c162a151&e=20056c7556
CISOs need to pay attention to IoT security spending
Research firm Gartner released a new report this week which summarized Internet of Things (IoT) security spending at $281.54 million in 2015 — and projects that to double and reach $547.20 million by 2018.
The “Forecast: IoT Security, Worldwide, 2016” report predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.
“IoT requires security for both software and hardware, often referred to as cyberphysical security” blogs Microsoft in a post on how enterprises can enable IoT security. “Securing an IoT infrastructure requires a rigorous, in-depth security strategy”.
CSOs and CISOs who haven’t developed an IoT security strategy may want to start on it now.
The saving grace for ITers may be the IoT device makers.
If vendors embed security into their Things in the first place (the broader IoT security forecasts suggest they are), then it will dramatically reduce the cyber threat risk to corporate networks.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2776bd90ab&e=20056c7556
What are the 3 Key Layers in Healthcare Data Security?
As you work to create your healthcare data center and cloud partnerships, it’s important to note that modern cloud and data center security has evolved quite a bit.
Modern data center and cloud providers take security and break them out into three critical levels to ensure compliance, efficiency, and workload security.
Physical Security
This starts with physical cloud and data center security.
There have been some big breaches that have happened because a locker was left open and a physical disk was taken.
Let me give you an anecdotal example.
As reported in a recent article, Texas Health Harris Methodist Hospital Fort Worth has put up a notice on its website titled “The Microfiche Incident.”
Logical Security
Virtual appliances, services, and other abstracted security features are making their way into the data center.
Furthermore, these new technologies are being utilized by healthcare organizations.
Additional layers of security revolve around information security, operations security, internal security, and logical security, with the latter being supported by two-factor authentication, testing with intrusion detection, penetration tests, and other aspects of logical access.
Compliance
Having the most secure platform out there still may not make you compliant.
This is why it’s critical to work with a data center partner that can offer the full trifecta of physical, logical, and compliance-drive security.
Look for providers that have the following compliance requirements set in place: PCI, HIPAA/HITECH, SOC 1, SOC 2, Safe Harbor, and more.
For example, a large and growing number of healthcare providers, payers and IT professionals are using AWS’s utility-based cloud services to process, store, and transmit PHI.
If you’re in the healthcare industry, don’t fear cloud.
Rather, plan around it and use it as a tool to better enable your business and the healthcare services that you deliver.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=52f7d99266&e=20056c7556
BBSwift is the name given by Microsoft to the malware analyzed by BAE Systems and identified in their report on the attack on the SWIFT money transfer system at Bangladesh Bank. Aliases include Banswift, Bankswi, Alreay, and TSPY_ALSOF. BBSwift is not one program but a collection of malware plus o
BBSwift is the name given by Microsoft to the malware analyzed by BAE Systems and identified in their report on the attack on the SWIFT money transfer system at Bangladesh Bank.
Aliases include Banswift, Bankswi, Alreay, and TSPY_ALSOF.
BBSwift is not one program but a collection of malware plus other tools that aren’t inherently malicious, like a custom version of the “nroff” print formatting utility.
BBSwift activity includes local network communications with printers (LPR port 9100/tcp) in order to manipulate the printed SWIFT conformation messages.
Those communications would be very difficult to distinguish from normal traffic on the wire, but there is a better option: database communications.
Whether there is any local database traffic depends on how the SWIFT Alliance Access server is configured in a particular network environment.
It appears the system is designed to communicate with a database server on the same machine by default, and in that case, no database client-server traffic would pass over the network.
The malware uses the local Oracle SQL*Plus command-line (sqlplus.exe) client to communicate with the database server.
In cases where the database is on a separate server, the local network traffic could be inspected if it’s not encrypted. To protect that traffic, encryption would have to be enabled in the sqlnet.ora configuration file, and “wallets” would need to be created using the orapki utility to hold the SSL certificates on both the client and the server.
This is not the default.
The file evtdiag.exe (SHA1: 525a8e3ae4e3df8c9c61f2a49e38541d196e9228) is the only known component of BBSwift that communicates with external networks.
The outbound network traffic consists of HTTP GET requests to a remote IPv4 address.
In BAE Systems’ report, this IP address is referred to as a “command-and-control” server.
Although it might be expressed this way in a STIX object, the malware is much more “fire and forget” than this implies.
Once installed, the malware operates autonomously until a predetermined deactivation time.
The malware takes no action based on the communication with the remote server.
In fact, the response is simply ignored and discarded.
There are no “commands” or “control”.
This does, however, represent a reporting channel used to alert the attackers to when the SWIFT system is being used to process transactions.
Every hour, BBSwift will contact the remote server with a status update regarding the results of its login monitoring routine.
In the Bangladesh Bank case, the following messages were represented by the respective URLs:
An indicator of automation is the hourly frequency of these HTTP requests.
Damballa employs technology in their network security monitoring offerings that uses advanced statistical analysis methods on these types of indicators to raise confidence in a determination and automatically convict malicious network destinations.
SWIFT has said they have issued an emergency software update, planned for release soon.
Does this mean BBSwift is no longer a threat?
Attacks using BBSwift have the capability to be extremely damaging, resulting in a potentially destabilizing amount of losses.
Even though the malware works autonymously, without a C2 (command-and-control) server, it does report back to the attackers so that they know a) that their malware is functioning when it should be, and b) when transactions are processed so that they can spring into action and minimize the opportunities for belaying or reversing any transfers.
Keying on indicators of that reporting functionality can be a good way of identifying active attacks using the BBSwift bank fraud toolkit.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=511af28026&e=20056c7556
IT leaders pick productivity over security
In its 2016 Cybersecurity Confidence Report, Barkly, an endpoint security company, surveyed 350 IT pros to determine the top security concerns for 2016 and gauge how confident IT leaders are when it comes to cybersecurity issues.
The survey looked at IT leaders’ biggest security concerns, levels of confidence around security, number of breaches in 2015, amount of time spent on security, biggest priorities in IT and the downsides to current security solutions — and, for the most part, the results were grim.
Confidence in security is low
For IT pros did not express high levels of confidence when it comes to security.
Fifty percent reported that they aren’t confident in their current security products and initiatives, while one in five don’t believe it’s even possible to have effective endpoint security.
Difficulty proving security ROI
Another reason IT pros are abandoning effective security practices is that it’s difficult to calculate the ROI of security.
The study found that 54 percent of respondents have low confidence in their company’s ability to demonstrate the ROI of security.
When asked in the Barkly study what the biggest issues around implementing effective security procedures are, 41 percent said they slow down the system, 33 percent said they’re too expensive, 36 percent cited too many updates and 20 percent said that security “requires too much headcount to manage.” IT leaders are being forced to choose between strong security and productivity, and most companies are sticking to the latter, according to the data from Barkly.
Ultimately, these solutions aren’t stopping breaches, as the study points out, and the effects are simply slowing down day-to-day business.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a785292ff5&e=20056c7556
The New Front In Cybersecurity: How to prevent hackers from taking down critical infrastructure
Few cyber attacks against critical infrastructure have had the level of success and sophistication as the attack in Ukraine though.
The attackers spent months laying groundwork before storming the power grid’s control systems on the day of the blackout.
Experts say that other hackers could leverage some of the same tools and tactics used in the attack to target control systems for other critical infrastructure targets.
In a new report, BI Intelligence details the current cybersecurity landscape for companies in critical infrastructure sectors, as well as how companies can protect their control systems from hackers.
Here are some of the key points from the report:
Companies that operate critical infrastructure sites reported 295 cyber incidents in 2015, up from 245 in 2014.
Hackers are targeting the industrial control systems that operate critical infrastructure because of the enormous damage they can cause by crippling such infrastructure.
Industrial control systems typically weren’t designed to be connected to the internet, so they weren’t built with cybersecurity capabilities to ward off hackers.
The hack that caused a blackout in the Ukraine could serve as a blueprint for other hackers that want to target critical infrastructure, helping them succeed in future attackers.
The Ukraine hack highlighted the importance of training employees about cybersecurity and placing additional access controls on industrial control systems beyond firewalls.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d759de4ea0&e=20056c7556
Latest Security Study Worry: How Many Times Will You Be Breached?
Those are among the findings of the latest research from Neustar, Inc., from its third global DDoS Attacks and Protection Report titled The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks.
The April 2016 report follows a survey of over 1,000 IT professionals across six continents, and reveals that few organizations globally are being spared DDoS attacks.
The research results show that although revenue loss caused by a DDoS related outage is usually the main concern of targeted organizations, 57% of all breaches involved some sort of theft including intellectual property and customer data as well as financial information.
“More troubling, following the initial breach, 45% of organizations reported the installation of a virus or malware – a sign that attackers are interested in causing ongoing harm,” the report explains.
Among the key findings of the study:
• 73% (7 in 10) of global brands and organizations were attacked
• 82% of organizations experiencing a DDoS attack were then attacked repeatedly, with 45% reporting they were attacked 6 or more times
• 57% of organizations reported theft after attack, including loss of customer data, finances or intellectual property
• 50% of organizations would lose at least $100,000 per hour in a peak-time DDoS related outage (33% would lose more than $250,000 per hour), and 42% needed at least three hours to detect that they were under DDoS attack
• 76% of organizations are investing more than last year in response to the DDoS threat
• 71% of financial services firms attacked experienced some form of theft and 38% found viruses or malware activation after an attack
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ad25f1e1d7&e=20056c7556
The hospital of the future
Predicting the future is rarely easy in any industry, but for those involved in planning the hospitals of tomorrow, it throws up the question of how these institutions can continue to be forward thinking while best serving the needs of their most important clients, the patients.
Teaming with technology giant Cisco Systems Inc. and contractor EllisDon Corp., Halton Healthcare Service’s $2.7-billion facility is the first digital hospital in Oakville and one of the first new hospitals to be built in the area in the past 30 years.
The technological enhancements include greater tracking of patient information, such as wirelessly updating patient records automatically, using wireless technology in lieu of noisy paging to ensure a quiet environment for patients, and the option for patients to register at kiosks and workstations at the entrance.
This will have the dual effect of speeding up the process and collecting data at the same time.
Improved security in the hospital was also a prime consideration.
That was of particular concern in the maternity ward.
Technology forms an increasingly dominant part of hospitals, with Altaf Stationwala, president and chief executive officer of Mackenzie Health, estimating that while it formed 10 per cent of projects 15 or 20 years ago, today that figure is closer to 30 or 40 per cent.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9c0648bf43&e=20056c7556
Researchers Find Electronic Medical Records Often Targeted by Hackers
Data ransom attacks are today’s technological version of kidnapping.
It’s anonymous, more cost-effective and more appealing to criminal enterprises than taking physical hostages.
And it’s the reason health care institutions today are taking steps to ensure security.
As part of an ongoing conversation, health care professionals and government agencies will meet on May 1-11 in Washington D.C. to discuss health data as part of the Health Datapalooza event presented by Health Data Consortium.
Any HIPAA breach of more than 500 patients must be reported to the media, and the Department of Health and Human Services keeps a record of these cases online.
Since 2009, more than 1500 cases have been recorded.
For cases affecting less than 500 patients, only a letter sent to affected persons is required.
To ensure HIPAA compliance, HHS is conducting audits healthcare companies, but often carelessness is the root cause of a breach.
A frequent problem are laptops and thumb drives with private medical information left in an employee’s car.
Payouts to criminal enterprises are relatively inexpensive.
The black market values each patient’s record at $50 or $60, Morse found.
According to a Ponemon Institute Survey, hackers only earn about $28,000 annually, but Morse notes that this wage could equate to a lot more with hackers coming from developing countries.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0b3c2cbc62&e=20056c7556
New SolarWinds Research Study Reveals Progress Against Security Risks
Embedded within a new research study published today by Austin, Texas-based software maker SolarWinds Worldwide LLC is both good news and bad news about the state of IT security today.
And the good news, essentially, is that there’s finally more than bad news to report.
Despite the ever-increasing volume and sophistication of security threats, 40 percent of respondents to the new study said their organization is somewhat less vulnerable to attack this year than last, and another 10 percent said they’re much less vulnerable.
Also striking, Turner notes, is how quickly study participants said they detect security incidents.
Fully 63 percent, for example, said their company typically identifies the presence of malware on their network within minutes, while 59 percent and 48 percent said they spot phishing attacks and cross-site scripting assaults respectively just as rapidly.
On the other hand, he continues, the new research also underscores just how treacherous the security landscape remains.
Fully 22 percent of surveyed companies experienced a data breach in 2015, and an additional seven percent suffered more than one.
Research participants credit several factors for that trend, including increased adoption of intrusion detection and prevention systems and patch management software, both of which were cited by 32 percent of respondents, and expanded use of data encryption, cited by 27 percent.
Companies that don’t feel safer this year than last should use today’s study to isolate and then close the gaps between their own security practices and those of leading-edge companies, Turner continues.
The new research study makes clear that doing so can result in meaningful improvements.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a352a7de8f&e=20056c7556
Securing DNS for secure NFV
Network Functions Virtualisation (NFV) is increasingly being championed for its transformative potential for communication service providers (CSPs).
Replacing dedicated network appliances, such as firewalls and routers, with software running on off-the-shelf, commercial servers provides CSPs with clear benefits when delivering network services.
Many operators still use commodity or open source software, for instance, to protect their virtualised environments, which can potentially introduce risks they may be unaware of.
That’s why a more intelligent approach to NFV security is so sorely needed.
DNS security must be built into NFV architecture, rather than approached as an add-on.
Integrating DNS-specific protection will help to reduce any gaps in coverage that bolt-on solutions may overlook, and which can then be exploited by cyber criminals.
By tracking provisioned VMs, analysing their IP addresses, and monitoring all DNS traffic, virtualised infrastructure should be able to detect suspicious behaviour as it happens.
It should also, when necessary, be able to quarantine infected VMs to prevent infection from spreading across the network.
Finally, in order to address the potential security and performance problems that configuration issues can lead to, it’s important that NFV environments also include network discovery and automation tools which can determine correctly – and incorrectly – configured network functions, to identify potential issues before they arise.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=780f9b55f8&e=20056c7556
Why automation is the key to the future of cyber security
The numbers don’t lie.
Cyber criminals are becoming savvier and their attacks are increasing faster than companies can keep up.
Furthermore, it’s becoming increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe.
To address this glaring need, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a tool for greater defense.
So what’s holding companies back.
Well, for starters, there are a number of concerns around incorporating automation into cyber security:
Loss of Control – In many instances, the biggest hurdle to automation is simply a perceived loss of control.
Lack of Trust – It’s easy for a highly-skilled human worker to feel as though they are more capable of managing incident response than a machine could.
Fear of Change – Perhaps the biggest misconception of automation is the idea that its adoption spells the certain demise of the human workforce.
Uniform Strength – No military leader would march onto the battlefield with an army that is significantly smaller in size, strength or skill than its enemy.
Increased Efficiency – Adding automation into the IR process helps to streamline workflows and create a much more uniform and efficient environment.
Fewer Errors – Many of the most noteworthy cyber breaches in recent years have come at the hands of well-intentioned yet highly overworked humans.
Better Decision Making – One of the biggest challenges IT leaders face is the monumental task of making critical business decisions on the fly.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1cfa882b50&e=20056c7556
Localized “designer” malware campaigns all the rage, says Sophos
In a press release and blog post published today, Sophos reported that cybercriminals are becoming ever more proficient at using localized language and vernacular in phishing emails and ransomware notes.
Older, more amateurish spam communications like the classic Nigerian prince scheme are easy to catch, but more recent efforts feature dramatically improved grammar. “That means you’re more likely to accidentally fall for the ones that aren’t stupid,” Chester Wisniewski, senior security adviser at Sophos, told SCMagazine.com.
Malicious campaigns are also more accurately spoofing legitimate brands endemic to a particular country or culture.
According to the research, postal companies, tax and law enforcement agencies and utility firms are among the most commonly spoofed local entities in these phishing campaigns, which attempt to trick recipients with convincing emails that feature official-looking logos and content such as bills and account balances, shipping notices, refunds and speeding tickets.
The improved localization of campaigns is attributable to increasing specialization within the malware industry, said Wisniewski, with different cybercriminals developing specific expertise in coding, content and distribution. “With that specialization, malware is getting more tailored,” he noted.
Further Sophos analysis over the first three months of 2016 found that the countries with the highest percent of endpoints exposed to a malware attacks were Algeria (30.7 percent), Bolivia (20.3 percent), Pakistan (19.9 percent), China (18.5 percent) and India (16.9 percent).
Nations with the lowest” threat exposure rates” were France (5.2 percent), followed by Canada (4.6 percent), Australia (4.10 percent), the U.S. ( three percent) and the U.K. (2.8 percent).
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=441734b68c&e=20056c7556
India, Pakistan biggest victims of malware: Microsoft
SAN FRANCISCO: Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal attract the highest rates of attempted malware attacks, according to Microsoft Corp.
Countries that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a new study, based on sensors in systems running Microsoft anti-malware software.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0dfa30c78a&e=20056c7556
DHS urges ‘whitelisting’ programs to protect industrial controlers
The Department of Homeland Security is recommending that stakeholders involved in protecting critical infrastructure from cyber attacks should apply “application whitelisting” to protect remote controlled networks.
“While not a cure-all, properly configured [application whitelisting] should be an integral component of a defense-in-depth solution,” the report, produced by DHS and National Security Agency security experts, says
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c2afd42554&e=20056c7556
Protect your computer: Data breaches in the state are on the rise [New York City]
Online data breaches continue to escalate.
Attorney General Eric Schneiderman announced Wednesday that his office had been notified of 459 breaches from the start of the year through May 2—a 40% jump over the same period last year.
Companies are required to report compromises of customer data to the attorney general’s office as part of the New York State Information Security Breach & Notification Act of 2005.
The state is on track to have well over 1,000 notices of data breaches for the year—a record number—compared with 809 in 2015.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=afe69e2785&e=20056c7556
Ransomware attacks hit all-time record high in April
Ransomware attacks in April comprised the largest number of such threats on record in the United States, with a 158.87% spike in ransomware attacks from March to April 2016.
According to a report released by Enigma Software, which produces anti-malware and anti-spyware programs for the PC, the data comes from an analysis of more than 65 million malware infections detected by its software in the US since April 2013.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=acbd82eb46&e=20056c7556
Hotel sector faces cybercrime surge as data breaches start to bite
Check into a hotel and you might be signing up for more than you bargained for.
That is the message emerging from a wave of data breach documented in a new analysis by security firm Panda Security that looks at recent attacks on hotels and the way they are showing signs of spreading beyond the big chains.
In the UK, reports of hotel breaches date back at least five years with Britain’s Travelodge an early victim.
The company admitted suffering a mystery leak after customers reported receiving suspicious emails to addresses used to make room bookings.
At the time it was seen as an unusual incident; subsequent events show that optimism to be a bit complacent.
The reason hotel networks are tough to defend has to do with the trend to target all businesses with social engineering and malware concocted specifically to beat individual defences.
This tactic is now being aimed at smaller hotels, a sign that the sector is about to come under much broader and more calculating attack.
Computerworld UK has learned of a recent and undocumented incident aimed at a customer of Panda Security, a small luxury hotel in Spain which was on the receiving end of a phishing ruse based on opening an attachment for what looked like a legitimate room booking form.
Eerily, the booking form was identical to the one used by the victim hotel.
Panda Security believes that MO was to execute some new malware of a kind that would have slipped past antivirus software using signature detection with the intention of moving sideways to the hotel’s credit card database or POS systems.
There is nothing unusual about this but the fact that attackers are now taking the time to target the vast number of small establishments serves as a warning not only to other hotels but their customers too.
Hotels face an approaching storm that few have grasped the significance of.
Meanwhile, for hotel customers, almost all of whom buy rooms based solely on location matched to price, it’s almost as stark.
The hotel you plan to check into next week on that business trip probably has excellent physical locks but none on the data you hand over.
Just remember that.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=af5af94881&e=20056c7556
Why MX Records Matter in the Fight Against BEC and Spear Phishing
From whaling schemes designed to steal millions of dollars from a company in a single transaction, to malware attacks that can cripple systems until a ransom is paid, criminal attacks using carefully created and carefully targeted emails are on the