[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So I have added a Table of Contents, with (hopefully – (Mailchimp might do something strange, I will be watching)) hyperlinks directly to the summary below.
Beside each article title, you will see an up-ward pointing arrow. This should jump back to the top of the email.
So onto the news:
**
————————————————————
* CIOs wary of sharing cyberthreat data (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ccf480ca87&e=20056c7556)
* Dridex banking malware mysteriously hijacked to distribute antivirus program (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c298d13107&e=20056c7556)
* Manage cyber risk for business benefit, says industry expert (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2050ac7cf4&e=20056c7556)
* ‘Darkhotel’ fear stalks hospitality industry: 5-star hotels rope in cyber auditors to curb data theft (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b02e140473&e=20056c7556)
* Landry’s Reveals Details of POS Breach (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3dd4234b4a&e=20056c7556)
* How to Build a Remote Security Team (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e316d1f525&e=20056c7556)
* What Are Your Container Security Options? (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6af9d179da&e=20056c7556)
* Detecting ‘Multi-Stage’ Cloud Cyber-Attacks from the Start (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e4c8f4adb6&e=20056c7556)
* The Malware Museum is an epic collection of old-school viruses (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c03597f79d&e=20056c7556)
↑ (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=254dc8b867&e=20056c7556)
The U.S.
Senate in October passed the Cybersecurity Information Sharing Act, a well-intentioned band-aid for the rash of data breaches that have buffeted the corporate sector.
Ideally, companies would share with DHS more information about threats they are seeing in their networks, which would contextualize the data and share it with other companies and federal agencies.
The law seeks to protect companies from private lawsuits, a major stumbling block to information sharing.
Ozment said the DHS would begin sharing cybersecurity threat information with private companies later this month.
Companies are contemplating how to share not only information, but talent.
Jim Motes, CISO of Rockwell Automation, has proposed a cooperative staffed by the best engineers from member companies, which he says would be better positioned to protect corporate networks than most managed security service providers (MSSP).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e7b01efb6b&e=20056c7556
↑ (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=38401be434&e=20056c7556)
Users tricked by spam messages to open malicious Word documents that distribute the Dridex online banking Trojan might have a surprise: they’ll get a free anitivirus program instead.
That’s because an unknown person — possibly a white hat hacker — gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced it with an installer for Avira Free Antivirus.
Their efforts caused only a temporary drop in Dridex activity, the botnet returning to full strength since then and even adding new tricks to its toolset.
The Trojan can record key strokes and injects malicious code into banking websites opened on affected computers.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b8027e78be&e=20056c7556
↑ (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7c21cc120f&e=20056c7556)
The effective management of cyber risk can be used to enhance customer confidence, according to Philip Virgo, member of the Digital Policy Alliance advisory panel.
Typically, insurance covers only the cost of cyber incidents, but not third-party liabilities for data breaches and fines of up to 4% of global turnover under the European General Data Protection Regulation (GDPR) that comes into force in 2018.
According to Virgo, there are four key strategies for deriving business benefit from effectively managing cyber risk and turning individual risk into collective competitive advantage.
First, organisations should work to make the IT security team and the marketing team put up joint proposals for websites and on-line systems that are both secure and easy to use.
Second, organisations can reduce cyber risk by not asking customers for information that is not necessary.
Third, organisations should provide in-depth training for all customer-facing staff on how to engage customers, check who they are dealing with and tell customers how to check they are indeed dealing with the organisation.
Fourth, organisations should ensure their websites include clear links to information on how to report problems, to check whether emails purporting to come from the business are genuine, and how to report impersonation of the business.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ae72de2b28&e=20056c7556
↑ (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d36e54bffe&e=20056c7556)
Industry experts said that as hotels adopt more tech-heavy operations for their loyalty programmes and check-in systems, they become increasingly vulnerable to sophisticated cyber-attacks.
With their high-profile guests, hotels have been added to the list of potential cyber-crime targets.
Moreover, most hotel chains still use run-of-the-mill legacy IT systems, which are an easy target for savvy cyber criminals.
Hotel chains are now playing safe and looking for insurance covers to protect them from cybercrimes. “Hotels are vulnerable to data theft risk mainly through payment systems, Wi-Fi and loyalty programs..
We have seen enquiries from Indian as well as international hotel chains regarding cyber related risk cover in the last few months,” said M Ravichandran, president – insurance, TATA AIG General Insurance.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c2f8acfe75&e=20056c7556
↑ (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2e38f9b088&e=20056c7556)
Houston-based Landry’s Inc. has opened up on the broad scope of point-of-service malware attacks at its restaurants and other properties dating back to 2014 and 2015.
The breaches exposed payment cards used at 46 of its brands, which include the restaurant chain Morton’s and Golden Nugget Hotels and Casinos.
More than 350 locations in 34 states, the District of Columbia and Canada were affected, according to a Jan. 29 statement.
Landry’s has about 500 locations under its corporate umbrella.
“Findings from the investigation show that criminal attackers were able to install a program on payment card processing devices at a certain [number] of our restaurants, food and beverage outlets, spas, entertainment destinations and managed properties,” according to the statement. “The program was designed to search for data from the magnetic-stripe of payment cards that had been swiped as the data was being routed through affected systems.
“Landry’s likely uses a franchise-like model for most of their stores or operations,” he says. “And that’s the Achilles heel for the industry, because when you have a model like that, those locations are considered small merchants.
So they are probably not getting the attention they should for PCI compliance.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0f1b5446ea&e=20056c7556
↑ (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c8bb901690&e=20056c7556)
Whoever is managing this team needs to be in constant communication with the other team members.
There isn’t the ability for you to walk over to an employee’s cube and speak to them, and vice versa, so constant contact with each other is necessary to verify that the lines of communications are open.
This includes secure IM, webcams, email and texting.
Daily Stand Up Meetings
These shouldn’t be more than 15-20 minutes and can be done at the beginning and end of each day, as needed.
Secure Access
Having the ability for all team members to collaborate securely is mandatory and so is the ability for them to securely access the network.
Scheduled Gatherings and Staff Meetings
Just as important as keeping in constant contact with each other so is keeping some of the normality of the office.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7d32af86b6&e=20056c7556
↑ (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=12dc6f51c2&e=20056c7556)
Virtualization giant VMware is a vocal advocate of the idea of running each containerized application in its own virtual machine to increase security.
Perhaps that’s not surprising given that container technology can be seen as a direct rival to its server virtualization technology, but VMware’s approach is certainly worth a good look.
But bringing virtual machines in to the mix would seem to negate many of the benefits of containers: for example that you can start them far faster than virtual machines, and that you can run far more containers than virtual machines on a single host.
Clair is an open source API-driven analysis engine that inspects containers layer-by-layer for known security flaws.
That’s useful for identifying container images that may not have contained any known vulnerabilities when you made them, but which have subsequently become unsafe to use because of the discovery of new vulnerabilities.
Twistlock is a security suite for containers founded by Ben Bernstein and Dima Stopel, who both spent more than 10 years in the Microsoft R&D center in Israel and who also served in the Israel Defense Force’s (IDF) formidable intelligence corps.
CoreOS has emerged as the major rival to Docker in the container space, and late last year it unveiled Distributed Trusted Computing.
This is a system which allows you to cryptographically verify the integrity of your entire container environment – from the server hardware to the applications running in containers.
What Is Docker Doing?
The newest container security initiative, announced at the recent Dockercon EU conference, is a scanning project called Project Nautilus that involves examining and validating images on the Docker Hub repository, with the aim of identifying vulnerabilities that exist in Dockerized applications.
Docker also announced support for a security capability known as user namespaces that will allow Docker users to enforce security controls on application processes running inside of a Docker engine, according to Kerner.
In addition, Docker plans to support Linux seccomp, a technology that Nathan McCauley, director of security at Docker, said will allow users to limit what runs inside Docker containers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0f038306bb&e=20056c7556
Detecting ‘Multi-Stage’ Cloud Cyber-Attacks from the Start ↑ (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f5da32c155&e=20056c7556)
A group of cybersecurity researchers are utilizing an experimental cloud computing test bed, called Chameleon and funded by the National Science Foundation, at the Texas Advanced Computing Center (TACC) at The University of Texas at Austin, and the Computational Institute at the University of Chicago to develop methods for detecting and containing cyber-attacks while still in the early stages.
The new detection rules under development by the researchers are based on a cyber-security artificial intelligence technique called Planned Recognition – recognizing the small start to a larger plan.
The researchers are analyzing attacks guided by three main questions: 1) how vulnerable is a cloud infrastructure to an attack from the outside; 2) how vulnerable is it to attacks from the inside — virtual machine to virtual machine; and 3) what happens when both of these situations happen simultaneously.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1e27a591ce&e=20056c7556
↑ (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e43dfd637b&e=20056c7556)
The destructive parts of the malware has been removed, but it’s pretty interesting to see how viruses of the past were created and what they actually did to computers, rather than just sheer destruction.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b8115e7a3d&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=143ff0f98a)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)