Category: Warnings

“[A]ll the security controls in the world are useless if an attacker can manipulate an employee with system access,” according to the findings, which include an analysis of more than 450 data breach investigations in 2012.

Whether thieves are after customer data or a company’s intellectual property portfolio, employee email, mobile devices, network passwords, and social media can all open the door for an attack.

The proliferation of smartphones and mobile apps presents another set of security worries, “as these devices routinely connect to unknown networks every day,” says Trustwave. “Posting one’s place of work on Facebook might not seem dangerous,” the report warns, “but when combined with co-worker connections on LinkedIn, pictures of office parties from FlickR and check-ins on Foursquare, an attacker can create a very detailed picture of the internal workings of a company without ever setting foot inside.”

All in all, the authors identified employee education as integral to any other cyber defenses, arguing that “no policy enacted will have much impact if employees aren’t on board (especially if they don’t truly understand the consequences of their actions).”

“This awareness training must include case studies highlighting both obvious pitfalls (clicking on suspicious links) and not-so-obvious ones (posting company photos online in which staff members are wearing their security badges).”

Link: http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202588933863&Employees_May_Be_a_Companys_Greatest_Cybersecurity_Vulnerability&slreturn=20130121081231

According to the advisory given by Blackberry “Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.”

The good news for system administrators is that Blackberry has announced solutions within its advisory message and has also published a workaround.

Link: http://www.ubergizmo.com/2013/02/blackberry-exchange-server-vulnerable-to-malware-from-tiff-images/

This latest version of Citadel, an advanced Zeus variant originally designed to steal online banking credentials, is now being used to steal intellectual property. And everything from government agencies and healthcare organizations to manufacturing companies, the oil and gas industry, and educational institutions is being targeted, researchers warn.

Link: http://www.bankinfosecurity.com/citadel-trojan-moves-beyond-banks-a-5514

Some experts think online espionage is costing us as much as $25 billion to $100 billion annually, and the Obama administration is stepping up its efforts to fight the problem. This week, the president is expected to issue an executive order outlining voluntary cyber security standards for important private-sector companies and for the sharing of threat information between the companies and the government. … The government needs specific evidence of hacking to take action, and when an institution like the Times reveals that it’s been targeted, it might encourage other companies to admit that they failed to prevent hackers from poking around in their computer systems.

Link: http://nymag.com/daily/intelligencer/2013/02/chinese-hackers-going-after-us-not-just-media.html

The Cyber Fighters began attacks on banks in September, claiming in statements posted to an Internet message board that they would continue until a YouTube video mocking the Islamic Prophet Muhammad was taken down. In addition to PNC, the attacks hit Citizens Bank, Fifth Third Bank and Huntington Bank in the Pittsburgh region.

Many government officials and Internet security experts have said they believe the attacks were carried out by the Iranian government or at its behest. Dave Aitel, CEO of the Miami Internet security firm Immunity Inc., said everything the Cyber Fighters wrote suggested Iran was involved. “Clearly this was state-sponsored, and the only state with an interest is Iran,” Aitel said, citing the frequent use of “proportional response” by the group to describe the attacks on banks.

Bardin said the attacks fit the standard mode of operation of Iran’s Revolutionary Guards, who “go around the world and set up proxy groups sympathetic to them.”

Link: http://triblive.com/news/allegheny/3363832-74/attacks-cyber-bank#axzz2KdfkRFjM

Those networks rely on domains that shift rapidly between different IP addresses, making it difficult for victims to block the source of the attack, or identify a clear pattern of malicious activity. In the case of Nap, FireEye researchers identified systems in Latvia, Ukraine, Taiwan, as well as Kazakhstan and Pittsburgh, Pennsylvania that were hosting Nap command and control domains.

Using long sleep cycles is described as a “classic” technique for staying under the radar for automated analysis and antivirus software.

Link: http://securityledger.com/new-malware-takes-extended-naps-to-avoid-detection/