admini – Page 62 – CyberSecurity Institute

As cyber attacks detonate, banks gird for battle

Posted on July 17, 2013December 30, 2021 by admini

JPMorgan and its peers like Bank of America, Citigroup and Wells Fargo have signed up for Thursday’s drill, which is being organized by Wall Street’s biggest trade group, the Securities Industry and Financial Markets Association, or SIFMA.

They’ll monitor a simulated stock exchange for irregular trading and will be pressed to figure out what’s going on and how to react while sharing information with regulators and each other.

But that was before a wave of cyberattacks last fall, when big banks were forced to temporarily shut down their websites after attackers bombarded them with traffic — akin to overwhelming a phone line with too many calls.

“If you went to banks three years ago, and said, ‘What are your top five risks?’, probably none of them would put cyber on there,” said Karl Schimmeck, SIFMA’s vice president for financial services operations.

The Office of the Comptroller of the Currency, which regulates national banks, recently held a call with community bankers to warn them that they’re not free from danger either: Since September, attacks have been increasingly aimed at businesses with fewer than 250 employees, the OCC says. Customers would have to go through certain steps to get their money back, like filing a claim, showing that they weren’t negligently tossing their account information around and giving the bank time to investigate.

A DRILL BY ANY OTHER NAME: As for the title of Thursday’s drill, the one that sounds more appropriate for an action movie than a bank security exercise, it came about during the creation of the original drill in 2011, which was organized by the Financial Services Sector Coordinating Council.

Link: http://www.seattlepi.com/business/technology/article/As-cyber-attacks-detonate-banks-gird-for-battle-4667972.php

Business users visit most malicious websites, security academics find

Posted on July 16, 2013December 30, 2021 by admini

Just 2 per cent of malicious websites visited by Australian users were actually hosted in Australia, while 62 per cent originated in the United States – lending support to earlier reports that notorious malware host China was actually losing its one-time dominance.

The project “allows us to apply large scale analytics techniques to analyse massive volumes of Trend Micro malware sensor data,” said Professor Yang Xiang, director of the Network Security and Computing Lab within the Deakin University School of Information Technology, in a statement.

Interestingly, many of the hosts were unaware of their infection with malware: of 24 servers compromised by the Blackhole Exploit Kit and noted by the research team, 12 were still delivering the malware-compromised pages a week later.

Link: http://www.cso.com.au/article/520498/business_users_visit_most_malicious_websites_security_academics_find/

Study: Network Reconnaissance On Rise Posing Computer Threat

Posted on July 12, 2013December 30, 2021 by admini

Automated credential guessing is a malicious attack in which the perpetrator uses software to guess log-in credentials of users and can inherit user specific privileges to the system, based on the identity established by the supplied credentials.

Findings show that while most companies place security emphasis on computer viruses, trojans and worms, security breaches as a result of viruses account for less than one percent of incidents. Port scanning and automated credential guessing are by far the most prevalent types of IT network security breaches among remote locations and branch offices. Remote locations typically do not have the level of security oversight and resources as a large, centralized corporate network location to combat these threats.

“Our recommendation to businesses is to apply the appropriate IT security protocols and technology that mitigate the risk of network vulnerabilities.”

Link: http://mitechnews.com/articles.asp?id=15851&sec=24

Hunting for ‘Whales’ Using Targeted Malware

Posted on July 10, 2013December 30, 2021 by admini

Of course, spear phishing isn’t new, but the targets and tactics are evolving, and most users who might have known to not give away their banks account numbers at home may be handing over sensitive information in an enterprise setting due to lack of training and awareness.

Administrative assistants, accountants, salesmen, IT managers, and pretty much everyone else in an enterprise hold a great deal of company knowledge that criminals can use to ultimately unlock a company’s secrets.

But beyond simply explaining the threat to them, ask your staff to take a step back to see what information a cyber criminal can easily dig up. This may sound completely narcissistic to them, but I recommend you ask them to “Google” themselves from time to time in order to see what pops up in search results. The idea is to familiarize one’s self with what is public knowledge — so you aren’t caught off guard when it’s used to gain your trust.

Even though you aren’t likely to be considered a “whale” by Las Vegas casino standards, you and your staff need to understand that your position within a large organization probably makes you a pretty big fish in the eyes of a cyber criminal. And in order to help combat against these attempts, your best bet is to try and see what a hacker can see on the Internet so it can’t be used against you

Link: http://www.enterpriseefficiency.com/author.asp?section_id=1076&doc_id=265441&f_src=enterpriseefficiency_iwkfeed

Companeis lack the ‘intelligence’ to deal with cyber threats

Posted on July 9, 2013December 30, 2021 by admini

Malcolm Marshall, KPMG partner and head of the firm’s Information Protection & Business Resilience team, says: “Increased awareness of cyber security threats is a positive trend, but indications are that organisations now need to focus on putting into place the fundamentals of intelligence management to gain real value from what they know. These revolve around creating an intelligence-led mindset within organisations, implementing an operating model similar to those employed by the intelligence community and building a decision-making process which is centred on a tightly controlled ‘information gathering programme’.

‘Cyber threat: intelligence and lessons from law enforcement’ argues that an intelligence-led mindset establishes a direct connection between the threats and vulnerabilities organisations face and the consequences of their compliance or inaction.

For example, rather than simply collating data, KPMG’s report urges organisations to set parameters for the type of information being gathered, so that haphazard approaches to analysis and actions can be avoided.

Link: http://www.actuarialpost.co.uk/article/companeis-lack-the—–039intelligence—-039-to-deal-with-cyber-threats-5096.htm

New EU laws approve tougher sentences for cyber criminals

Posted on July 5, 2013December 30, 2021 by admini

For example, the Srizbi botnet, estimated to be either the world’s largest, or second-largest botnet, is thought to be made up of around half a million machines.

Botnet creators add machines to their networks through spam emails and malware, often building up networks before renting or selling it to other criminals. Anyone found setting up a botnet will face a minimum of three years in jail, and if the system is used to threaten national infrastructure then again, the minimum sentence rises to give years.

Member states have two years to sign the new directives into law, with only Denmark choosing to opt out in favour of its own rules.

Link: http://www.independent.co.uk/life-style/gadgets-and-tech/new-eu-laws-approve-tougher-sentences-for-cyber-criminals-8690635.html