[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Vendor claims these three steps will prevent data breaches<\/p>\n
Cheesy headlines aside, Netwrix, a firm that focuses on change and configuration auditing, has published a curious list of steps that are said to be the key in preventing a data breach.<\/p>\n
Netwrix makes some valid points, but security isn’t as simple checklist and if there was a magical list of three things, I’m sure this list would have been sold many times over long before now.<\/p>\n
– Ensure that changes are documented.<\/p>\n
– Control access to sensitive data.<\/p>\n
– Audit and evaluate your environment continuously.<\/p>\n
While each of the three (two really) items have valid uses for IT and InfoSec operations, they’re not silver bullets together or separately.<\/p>\n
Truthfully, there is no magical list.<\/p>\n
Security isn’t easy, and the more a business grows, the harder security gets. Checklists are not going to solve anything. Even if they could, you’d still need more than two items.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=26ceb6ced8&e=20056c7556<\/p>\n
Security now top executive priority across all key IT areas: IDC<\/p>\n
Australian business executives have become so concerned about data security that the topic has surpassed all other priorities in all four of IDC’s key technology pillars, the research firm has found.<\/p>\n
IDC conducts regular surveys of C-suite executives to ascertain their investment priorities and concerns in various areas. Yet while security has traditionally ranked high on the list, the latest IDC Continuum Survey marked the first time that security had topped the list in every key technology area.<\/p>\n
Australia has climbed the ranks of the most-targeted countries, with recent figures variously proclaiming it the world’s biggest target for phishing, the second most-attacked Web target, a growing target for botnet-driven financial attacks, and a growing source of DDoS attacks as well as a target.<\/p>\n
Recognising this growing threat profile, IDC has highlighted three key steps for organisations working to take control of their IT security. These include assessing current security solutions \u2013 with a particular eye to consolidation, IDC said while noting that most companies have contracts with an average of 40 security vendors.<\/p>\n
Finally, IDC advises, security vendor or services suppliers should be chosen based on their track record in the same vertical, as well as for their risk-management expertise.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4509859afb&e=20056c7556<\/p>\n
The 5 Most Common Attack Patterns of 2014<\/p>\n
Tripwire is pleased to announce the release of its newest infographic, \u201cWhere Are Your Cyberattacks Coming From?\u201d Created in response to the release of Verizon\u2019s 2015 Data Breach Investigations Report (DBIR 2015) back in April, the infographic explains the five most common attack patterns behind today\u2019s data breaches. In this article, I will review each of these methods, identify which industries are most vulnerable to each pattern of attack, and identify real-world examples for each attack type.<\/p>\n
– ATTACK PATTERN #1: WEB APPLICATIONS (9.4% OF INCIDENTS)<\/p>\n
– ATTACK PATTERN #2: PRIVILEGE MISUSE (10.6% OF INCIDENTS)<\/p>\n
– ATTACK PATTERN #3: CYBER ESPIONAGE (18% OF INCIDENTS)<\/p>\n
– ATTACK PATTERN #4: CRIMEWARE (18.8% OF INCIDENTS)<\/p>\n
– ATTACK PATTERN #5: POINT-OF-SALE (28.5% OF INCIDENTS)<\/p>\n
As our infographic demonstrates, organizations today face the pressure of defending against a variety of attack vectors. These threats emphasize the importance of adhering to basic security standards at minimum and pursuing more sophisticated solutions if the resources are available.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=48aa63e557&e=20056c7556<\/p>\n
Why It’s Time To Turn Your Business Continuity Management Program On Its Head<\/p>\n
Business continuity management historically has focused on protection: protect your people, protect your assets, protect your information, protect your revenue. Essentially, dig in and prepare for a siege.<\/p>\n
But in today\u2019s world, protecting what you have isn\u2019t going to get you where you need to be. In every area of business, companies are being forced to proactively meet customer and business demands in new and innovative ways. In marketing, that has involved a shift from huge mass-market campaigns to micro-personalized outreach. In software development, it often requires leaving behind sequential waterfall design methodologies and embracing incremental agile approaches. What about for business continuity management?<\/p>\n
Here\u2019s what does need to change to bring about a new business continuity management model:<\/p>\n
– Adopt a business-wide perspective.<\/p>\n
– Challenge your business continuity management methodology<\/p>\n
– Reconsider your business impact analysis (BIA) process.<\/p>\n
– Reinvent intelligent plans.<\/p>\n
– Promote collaboration and communication.<\/p>\n
– Drive resiliency roadmap innovation.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7bcf36335f&e=20056c7556<\/p>\n
[Japenese] Govt moves to protect My Number \/ New cybersecurity measures aim to address data loss fears<\/p>\n
The government will establish a cybersecurity unit in an administrative committee that will monitor the My Number system and also set up a Security Operation Center (SOC) (see below) to closely monitor local government networks, The Yomiuri Shimbun has learned.<\/p>\n
The government currently handles cybersecurity surveillance and audits only for central government ministries and agencies, but it will now expand coverage to include the JPS and other public corporations as well as independent administrative agencies, sources said.<\/p>\n
Under the My Number system set to be rolled out from October, a 12-digit number assigned to each individual will be used for a range of administrative functions including residence registration and pension-related matters.<\/p>\n
The SOC will also be set up within this fiscal year to shore up cybersecurity for the Local Government Wide Area Network, which links local governments across the nation with the central government through dedicated lines. The SOC will share information on cyber-attacks with the Government Security Operation Center (GSOC), a government surveillance body operated by the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).<\/p>\n
The NISC will therefore expand the security coverage of the GSOC to cover some public corporations including the JPS and independent administrative agencies handling important data within this fiscal year. The NISC has already started auditing the networks of central government and independent administrative agencies this fiscal year, and plans to inspect the JPS and other relevant bodies in turns.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5de8b7b5a6&e=20056c7556<\/p>\n
Cyber Insecurity: 4 in 10 Midsize Businesses Have Experienced A Data Breach<\/p>\n
HARTFORD, Conn.–(BUSINESS WIRE)–Most midsize business leaders view a data breach among their top risks and a majority consider IT security \u2018very important\u2019 when selecting a supplier, according to The Hartford\u2019s survey of midsize business owners and C-level executives. They have good reason to be concerned: 43 percent had experienced a data breach in the prior three years, and 13 percent have had a supplier\u2019s data breach impact their business information.<\/p>\n
The Hartford survey found most midsize business leaders (82 percent) consider a data breach at least a minor risk to their business. Nearly one-third (32 percent) view it as a major risk.<\/p>\n
Recognizing the data risks involving suppliers, more than half of the midsize business leaders (53 percent) surveyed consider IT security and data protection practices very important when selecting a supplier. By comparison, 36 percent consider a supplier\u2019s contingency planning and 28 percent view a supplier\u2019s location relative to their business as very important.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bef34d3954&e=20056c7556<\/p>\n
Java updater dumps Ask toolbar adware, replaces it with Yahoo search<\/p>\n
Earlier this week Yahoo Chief Executive Marissa Mayer announced a partnership with Oracle in an attempt to get more people using its search service, and cornerstone to that are the millions of Java users struggling to patch what is considered by many to be a notoriously insecure product.<\/p>\n
Beginning next month users who install or update the Java software — which is found on almost nine out of 10 PCs in the US — will be prompted to make Yahoo their browser’s default search engine and home page.<\/p>\n
And the option to make those changes will be pre-checked, so if the user is in a hurry or isn’t aware of what the change entails, they will find their browser settings changed. These changes aren’t as intrusive as the Ask toolbar, and the more tech literate out there will have no problems reversing the change. But the fact remains that Yahoo is choosing to push its services to users who haven’t explicitly requested them.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cf20080d21&e=20056c7556<\/p>\n
Facebook headhunts new chief security officer Alex Stamos from Yahoo<\/p>\n
Social media giant Facebook has appointed a new chief security officer, Alex Stamos, headhunted from rival Yahoo – and starting this Monday.<\/p>\n
Stamos joins Facebook after its previous CSO, Joe Sullivan, left in April to join taxi company Uber.<\/p>\n
At Yahoo under CEO Marissa Mayer, Stamos will have been responsible for many of the improvements in security at the company, particularly the use of encryption for Yahoo Mail, or Ymail, after the Edward Snowden disclosures revealed just how much snooping the US National Security Agency and GCHQ – and, no doubt, other intelligence services – do on insufficiently secured communications.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2bb8bec0d2&e=20056c7556<\/p>\n
Stealthy Fobber Malware Takes Anti-Analysis To New Heights<\/p>\n
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.<\/p>\n
A stealthy new info-stealing browser injection malware aims to make security researchers’ job very difficult. Fobber evades detection and defies anaylsis by sliding from one program to another, using randomly generated filenames, encrypting command-and-control communications with a custom algorithm, and encrypting individual pieces of code within the payload, so that each function must be separately, painstakingly decrypted before it can be run.<\/p>\n
It also encrypts all communication with the command-and-control server, using a custom algorithm. According to Segura’s blog “Content sent by the server is signed by its RSA1 key (to prevent botnet hijacking) while the Fobber code has the public key embedded within, notifying the signature before processing the content.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f70c94c0d5&e=20056c7556<\/p>\n
Malware getting smarter, stealthier once it breaches networks, Vectra analysis finds<\/p>\n
Malicious actors are increasingly using the anonymous Tor network and external remote access tools to instigate targeted attacks that are growing in sophistication and complexity, a Vectra Networks analysis of internal traffic has shown.<\/p>\n
The firm’s June Post-Intrusion Report analysed internal monitoring of host-to-host traffic as well as traffic to and from the Internet, allowing the observation of malicious attacks at every phase.<\/p>\n
Fully 100 percent of the 40 analysed firms’ networks \u2013 including 248,198 hosts \u2013 showed one or more of the five indicators of a targeted attack, which Vectra outlined as characterising the various types of attack traffic to traverse internal networks.<\/p>\n
These included command-and-control (C&C) communications, which accounted for 32 percent of the 46,610 total threats detected; botnet monetisation (18 percent), internal reconnaissance (13 percent), lateral movement (34 percent), and data exfiltration (3 percent).<\/p>\n
This reflected malware that is increasingly active on victim networks once it has breached perimeter defences. Growing use of Tor and HTTPS-secured remote access services had displaced C&C traffic.<\/p>\n
C&C activity was most common in technology firms (43 percent), whereas just 1 percent of financial and services organisations experienced C&C type activity.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=123753a0f2&e=20056c7556<\/p>\n
Paper: Using .NET GUIDs to help hunt for malware<\/p>\n
Today, we publish a paper by Cylance researcher Brian Wallace, who looks at two globally unique identifiers (GUIDs) found in malware created using .NET, which can help link multiple files to the same Visual Studio project. He released a Python tool to safely extract these identifiers; the tool has since been incorporated into VirusTotal.<\/p>\n
Although the GUIDs can easily be extracted from executables, not all methods of doing so are safe; hence Brian has written a tool that does so securely and works cross-platform. The tool, GetNETGUIDs, has been published on Cylance’s GitHub page.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3000e67758&e=20056c7556<\/p>\n
Signature-Based Detection With YARA<\/p>\n
In a previous post, I talked about how you can use STIX, TAXII and CybOX to share threat intelligence.<\/p>\n
CybOX provides a common structure for representing cyber observables across and among the operational areas of enterprise cybersecurity. CybOX can contain hashes, strings or registry keys. Information provided via the system can be used to check for the presence of malware inside your environment. YARA is one of the alternatives to using CyBOX, but the two are not mutually exclusive.<\/p>\n
YARA is a tool designed to help malware researchers identify and classify malware samples. It\u2019s been called the pattern-matching Swiss Army knife for security researchers (and everyone else). It is multiplatform and can be used from both its command-line interface or through your own Python scripts.<\/p>\n
Because YARA uses signatures similar to antivirus solutions, it would make sense to reuse these signatures as a rule database. With the use of the script clamav_to_yara.py, you can convert the ClamAV signature database to your own ruleset.<\/p>\n
Although signature-based detection with YARA has its limits, it is an easy-to-use and fairly simple way of detecting malware in your environment. It would not be wise to rely on it as the only threat protection measure, but given the straightforward use, missing out on this tool would not be a good idea, either.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6e1f368bd3&e=20056c7556<\/p>\n
Understanding the Threat Landscape: Indicators of Compromise (IOCs)<\/p>\n
I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach, as well as prevention of a future breach. For purposes of this overview, iDefense breaks IOCs into three distinct categories: email, network and host-based.<\/p>\n
– Email Indicators<\/p>\n
– Network Indicators<\/p>\n
– Host-Based Indicators<\/p>\n
Organizations need to be wary of the increasing number of IOCs and implement a system to measure and evaluate the quality of indicators accordingly. Having contextual information to accompany indicators is critical for a machine or a human to make better decisions around resource allocation and determine a proper course of action.<\/p>\n
Creating a dynamic database comprised of all the elements, or data fundamentals, that make up the cyber threat landscape, and having them visually displayed in an interconnected contextual manner is a great way to enable people and machines to make better security and business decisions.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=61dc81bcbc&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1442974ee6)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Vendor claims these three steps will prevent data breaches Cheesy headlines aside, Netwrix, a firm that focuses on change and configuration auditing, has published a curious list of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1103","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1103"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1103\/revisions"}],"predecessor-version":[{"id":3590,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1103\/revisions\/3590"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}