CyberSecurity Institute – Page 74 – Security News Curated from across the world

Sailing the Seven Cs of Security Monitoring

Posted on May 2, 2013December 30, 2021 by admini

Consistency
Continuous
Correlation
Contextual
Compliant
Centralization
Cloud

In this case, our working definition of “continuous” is unique for every organization and needs to be commensurate with their risk and resources.

Correlation: In the modern enterprise, there are simply too many silos of information, too many endpoints for access, too many variables of risk and not enough visibility or resources to properly protect all the assets of an enterprise. Correlation needs to tie together the cooperative capabilities of such tools as SIEM, Log Management, Identity and Access Management, malware scanning, etc… If security is about maintaining visibility, correlation would be its magnifying glass.

Compliance: The common thread for the alphabet soup that is compliance (HIPAA, PCI, FISMA, FFIEC, CIP, SOX, etc…) is the need to know who is logging in, accessing what assets and ensuring only the appropriately credentialed users can do those things. When you are dealing with sensitive information like credit card numbers, social security numbers, patient history/records, and the like, the need to have a strong and continuous monitoring initiative is not just a driving force to avoid fines, but it is the basis of good and trustworthy operation.

So much has been written about compliance and network security, so that all I will add is understand the responsibility you have towards customers, partners, employees, users, accurately calculate the risk in maintaining their information and vigilantly maintain the monitoring process that makes you a good steward of their trust.

The continual increase in daily network threats and attacks makes it challenging to maintain not only a complex heterogeneous environment but to also ensure compliancy by deploying network-wide security policies.

Addressing the issue from the cloud solves several pressing issues while providing the necessary heft to create the visibility to govern credentialing policies, remediate threats and satisfy compliance requirements across any sized enterprise. What’s more, all the solutions noted from above – from SIEM to Access Management—are available from the cloud.

Link: http://cloudcomputing.sys-con.com/node/2642497

Hackers hijack US government website to spread malware

Posted on May 1, 2013December 30, 2021 by admini

That backdoor communicates with a malicious server and the attackers can actually send orders to the system such as uploading and downloading files, executing commands, installing new malware,” he explained. The attack sends the hackers useful information like what security programmes the infected system has, what Java and Flash version is being used.

This reached new heights earlier this year when security firm Mandiant reported linking an advanced cyber campaign targeting the US government to a Chinese military unit.

More recently, Verizon claimed Chinese hackers are responsible for 96 percent of the world’s active cyber espionage campaigns in its Data Breach Investigations Report 2013.

Link: http://www.v3.co.uk/v3-uk/news/2265506/chinese-hackers-hijack-us-government-website-to-spread-malware

DDoS used as cover fire for parallel attacks, $2.1 million unauthorized wire transfer

Posted on April 30, 2013December 30, 2021 by admini

Working with organizations affected by Dirt Jumper DDoS attacks revealed a threat scenario in which the threat actor first performed a short-lived “test” DDoS attack to determine if the actor’s botnet could make the targeted site unusable.

If the test was successful, then the threat actor performed another DDoS attack in the near future, but this time the DDoS attack occurred shortly after an unauthorized wire or Automated Clearing House (ACH) transfer out of a compromised account. DDoS attack patterns revealed that short-lived attacks were an indicator of an unauthorized wire transfer, while longer attacks, which could last hours to days, were indicators of a fraudulent ACH transfer.

Visibility on these attacks proved to be quite useful in some cases, the DDoS attack was the initial notice that high-dollar fraud was occurring. Some of the fraud attempts and losses are staggering, with total dollar values of attempted fraud ranging from $180,000 to $2.1 million.

Link: http://www.cyberwarzone.com/ddos-used-cover-fire-parallel-attacks-21-million-unauthorized-wire-transfer

Hackers hit thousands of websites with Apache backdoor attack

Posted on April 30, 2013December 30, 2021 by admini

The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies.

“With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit,” said Zwienenberg.

The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.

Link: http://www.v3.co.uk/v3-uk/news/2264874/hackers-hit-thousands-of-websites-with-apache-backdoor-attack

Splunk Adds Statistical Analysis to Enterprise Security App

Posted on April 30, 2013December 30, 2021 by admini

“Companies now understand that hidden in the terabytes of user-generated machine data are abnormal patterns of activity that represent the presence of malware or the behavior of malicious insiders,” Seward adds. “The new Splunk App for Enterprise Security enables statistical analysis of HTTP traffic to help security professionals determine a baseline for what’s normal, quickly detect outliers and use those events as starting points for security analysis and investigation.”

The new version of Splunk App for Enterprise Security automates monitoring and correlation of these outliers and anomalies in real time and presents the resulting analysis via dashboards and alerts.

“As long as you’re capturing proxy data, for example, all of that data will automatically go into the Splunk App for enterprise Security and all of those statistical outliers will be there and available to you.”

“Finding advanced threats is hard,” adds Jim Krev, Sr., security manager of Fieldglass, a provider of vendor management system (VMS) technology that two years ago replaced its legacy Security Information and Event Management (SIEM) tool with Splunk Enterprise and the Splunk App for Enterprise Security.

What Splunk has done with the Enterprise Security 2.4 release is make it easier to find and visualize unusual characteristics of data using statistics,” Krev says.

Link: http://www.csoonline.com/article/732635/splunk-adds-statistical-analysis-to-enterprise-security-app?source=rss_data_protection

A New Source of Cyberthreat Updates

Posted on April 30, 2013December 30, 2021 by admini

John Watters, founder of iSIGHT Partners, says obtaining timely, accurate information about the latest cyberthreats is challenging because there’s so much misinformation available. “There is not a central place – or a knowledge center – where everyone can draw information from to take action,” he says. Today what we’ve seen is really the convergence of the threat environment – now the private and public sectors are being targeted by the same threats.

The recent wave of distributed-denial-of-service attacks illustrates the need to stay well-informed about the very latest threats, Watters says. “We help our members demystify some of this information, which allows them to prioritize their resources to focus on the real, true threats,” he says.

Before joining the FS-ISAC, a non-profit association dedicated to protecting financial services firms from physical and cyberattacks, Nelson was elected vice chairman of the ISAC Council, a group dedicated to sharing critical infrastructure information.

Over the past decade, Watters has been involved with numerous cybersecurity companies, including TippingPoint Technologies, Archer Technologies, Netwitness and Lookingglass, in addition to iDEFENSE and iSIGHT Partners.

Link: http://www.bankinfosecurity.com/interviews/new-source-cyberthreat-updates-i-1902?rf=2013-04-29-eb&elq=01956b18b1fb4b35b539650c8ea7dc3b&elqCampaignId=6596