[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Linux Foundation’s security checklist can help sysadmins harden workstations
\nKonstantin Ryabitsev, the Foundation’s director of collaborative IT services, published the security checklist that the organization uses to harden the laptops of its remote sysadmins against attacks.
\nThe recommendations aim to balance security decisions with usability and are accompanied by explanations of why they were considered.
\nThey also have different severity levels: critical, moderate, low and paranoid.
\nCritical recommendations are those whose implementation should be considered a must-do.
\nThey include things like enabling SecureBoot to prevent rootkits or “Evil Maid” attacks, and choosing a Linux distribution that supports native full disk encryption, has timely security updates, provides cryptographic verification of packages and supports Mandatory Access Control (MAC) or Role-Based Access Control (RBAC) mechanisms like SELinux, AppArmor or Grsecurity.
\nOther critical recommendations include making sure the swap partition is also encrypted, requiring a password to edit the bootloader, setting up a robust root password and using an unprivileged account with a separate password for regular operations.
\nThe critical checklist also advises disabling hardware modules with direct full memory access like Firewire or Thunderbolt, filtering all incoming ports and setting up an encrypted backup routine to external storage.
\nFollowing the security tips in the Foundation’s document is by no means a guarantee that the system will not get compromised, but it would certainly make the job much harder for attackers.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d6690e240b&e=20056c7556<\/p>\n
A Digital Revolution: What the IoT Means for the Future of Health Care
\nFor years, we’ve speculated how the Internet of Things (IoT) will impact our lives.
\nWe predicted that household appliances would issue maintenance alerts before breaking, or send out e-mails if they needed to be serviced.
\nWe imagined a world in which the user experience would mean the dividing line between technology and humans would fade, one in which gadgets like Nest and the Apple Watch were part of our daily routines.
\nThese were mere possibilities a few short years ago, but the days of connected devices are finally here.
\nHowever, health care, the most critical market for IoT technologies, has yet to reach its full potential.
\nAccording to research conducted by Aspect, health care is the industry most likely to adopt changes to technology during the next two years.
\nIn fact, 91 percent of health-care professionals believe in the positive impact of cloud technology investment.
\nClearly, health-care professionals recognize the potential of connected devices in improving the patient experience, but what exactly does the future of health care look like in this connected world?
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ebced56989&e=20056c7556<\/p>\n
More companies add cyber security pros to boardrooms
\nIn recent months, AIG, Blackberry, CMS Energy, General Motors, and Wells Fargo have added a board member with computer-security knowledge.
\nDelta Air Lines and Ecolab did the same in recent years.
\nThe reasons.
\nCyberattacks on large companies skyrocketed 44 percent last year from 2013.
\nCybercrime costs businesses more than $400 billion a year, according to Lloyd\u2019s of London.
\nBoards are responsible for advising chief executives on setting goals and plans to achieve them, and to question the challenges standing in the way.
\nNot adequately addressing a cybersecurity risk could prove costly \u2014 in money, reputation, legal bills, lost time, and lost customers.
\nData show that corporate boards have a long way to go.
\nJust 11 percent of public-company boards queried this year reported a high-level understanding of cybersecurity, the National Association of Corporate Directors said.
\nA review by the New York Stock Exchange and security firm Veracode found that two-thirds of board members questioned think their companies are ill-prepared for a cyberattack.
\nHeavily hacked industries \u2014 retail, finance, and health care among them \u2014 doubled cybersecurity hiring during the last five years.
\nSecurity gigs pay $6,500 more annually than other tech jobs, according to job-market data firm Burning Glass Technologies.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=52ae325f88&e=20056c7556<\/p>\n
CISO Transitions: Experience Alone is Not Enough
\nRecent findings from Deloitte\u2019s CISO Transition Lab, an immersive one-day workshop developed to help accelerate a CISO\u2019s performance, highlighted some of the more pressing issues facing the key cybersecurity role.
\nMike Wyatt, director with Deloitte Cyber Risk Services, said the responsibilities of information security officers have had to evolve significantly in both the private and public sectors in the face of the changing technology landscape, and mounting internal and external challenges.
\nOn top of having to manage the information security needs of their organization, Wyatt said private and public CISOs are having to take a more active role when it comes to meeting stakeholders, managing expectations and balancing business initiatives.
\nDeloitte reports that there are four main faces to the modern CISO: the strategist, the adviser, the guardian and the technologist.
\nAccording to Deloitte, roughly 77 percent of CISOs spend their time as technologists and guardians, while the findings suggest they would prefer to spend closer to 35 percent of their time in these reactive roles.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b2881c195a&e=20056c7556<\/p>\n
Telstra\u2019s \u2018five knows of cyber security\u2019
\nBurgess \u2013 who was speaking at a cyber security event in Sydney \u2013 said although the telco pays attention to malware threats and determining who was responsible for an attack, focusing on the following five areas is crucial.
\n1. Know the value of your data
\n2. Know who has access to your data
\n3. Know where your data is located
\n4. Know who is protecting your data
\n5. Know how well your data is protected
\n\u201cIt\u2019s a business risk issue. We [Telstra] are also of the view that this more of a human issue, not a technical one. It\u2019s not a problem induced and solved by technology alone. This is a very much a human issue, a leadership issue and a business risk that you need to pay attention to.\u201d
\nHe added that cyber security is not solely an espionage problem.
\nIn fact, the espionage piece is a relatively small but significant piece of the cyber landscape, he said.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fefe37c328&e=20056c7556<\/p>\n
Threat Modeling 101: Ten Common Traps Not to Fall Into
\nAs part of Tripwire\u2019s Threat Intelligence University webcast series, we recently had the pleasure of hosting industry expert and renowned author Adam Shostack who shared with us how threat modeling can effectively drive security through your product, service or system.
\nShostack outlined a simple threat modeling approach, which is centered around answering the following four questions:
\n– What are you deploying\/building?
\n– What can go wrong?
\n– What are you going to do about it?
\n– Did you do an acceptable job at 1-3? (For quality assurance)<\/p>\n
A good place to begin threat modeling is by creating a data flow diagram, which includes the representation of external entities, processes, \u201cswim lanes\u201d and trust boundaries, demonstrating what it is you are building or deploying.
\nWith the previous four questions in mind, Shostack outlined some of the most common threat modeling mistakes or \u201ctraps\u201d that he\u2019s encountered
\nTrap #1: \u201cSearch your feelings!\u201d
\nTrap #2: \u201cYou\u2019re never done threat modeling.\u201d
\nTrap #3: \u201cThe Way to Threat Model Is\u2026\u201d
\nTrap #4: Thinking of Threat Modeling as One Skill
\nTrap #5: Threat Modeling is Born, Not Taught
\nTrap #6: The Wrong Focus
\nTrap #7: Threat Modeling is for Specialists
\nTrap #8: Threat Modeling in a Vacuum
\nTrap #9: Laser-Like Focus on Threats
\nTrap #10: Threat Modeling at the Wrong Time
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=457c1246a2&e=20056c7556<\/p>\n
Adobe Flash Player\u2019s extra security measures broken in less than a month
\nCybercriminals have developed an exploit for a leak that Adobe patched earlier this month.
\nThrough the vulnerability unpatched computers can be infected with malware, just like with previous vulnerabilities.
\nIt\u2019s a trend to release exploits quickly after a security update for a vulnerability is released.
\nThe Flash updates allowed cybercriminals to find out what kind of vulnerabilities were patched.
\nAnd these vulnerabilities were then used to infect users who hadn\u2019t updated yet.
\nAfter the release of a better protected version of Flash Player, cybercriminals shifted their attention to Internet Explorer and no exploits for Flash appeared anymore.
\nIt seems that shift was only temporarily.
\nSecurity researcher Kafeine from the blog \u2018Malware don\u2019t need coffee\u2019 reports that the now discovered exploit has been added to the Angler exploit kit and exploits a vulnerability in Flash Player 18.0.0.209.
\nIn case the attack is successful the exploit kit will installed a Bedep Trojan and makes the computer part of a botnet.
\nThis botnet can then install additional malware to use the computer for all kinds of purposes, like click fraud or sending SPAM.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b1cf3258ca&e=20056c7556<\/p>\n
Four Stealthy Cyber Attacks Targeting Energy Companies
\nIn 2013 the Department of Homeland Security (DHS) issued an industry-wide alert about the growing threat of cyber sabotage attacks to the power sector after its incident response teams noticed an alarming trend of hackers, possibly from the Middle East, systematically breaching U.S. energy companies in an effort to probe their networks and determine how to take control of key processing systems.
\n– Cross-Site Scripting (or XSS)
\n– Drive-by Downloads
\n– Watering Hole Attack
\n– Wrappers\/Packers
\nBecause the utility sector already has one of the highest incidences of malware per week (221% higher than financial service firms, according to Verizon\u2019s 2015 Data Breach Investigations Report, Figure 2), these advanced techniques pose a significant threat to plant operations.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c012f7d7b2&e=20056c7556<\/p>\n
Macro Threats and Ransomware Make Their Mark: A Midyear Look at the Email Landscape
\nThe first half of the year was defined by two trends in the spam landscape.
\nThe first was the continued rise of macro-based malware in spam.
\nThe second was the slew of ransomware attacks delivered via spam.
\nIn the first few months of the year, we noticed that there was a noticeable increase in macro-based threats in spammed messages.
\nThese spammed messages had attachments with Microsoft Office file extensions like .DOC, .DOCM, .XLS, and .XLSM.
\nIn Figure 1 below, we broke down the type of malware-related spam we saw throughout the months.
\nWhile UPATRE (in red) is still the top type of mal-spam, we can see that macro spam (in green) has increased throughout the months.
\nBut not all spammed messages related to ransomware had attachments.
\nOther emails contained links that lead to legitimate file hosting websites like Dropbox, where the malicious file is hosted.
\nUPATRE continued its streak as the top distributed malware via spam.
\nLast year, we noted that there was a decrease in UPATRE-related spam campaigns due to the Gameover takedown.
\nHowever, activity soon picked up due to the CUTWAIL botnet.
\nA year later, UPATRE remains on top, distributed by the CUTWAIL botnet.
\nCUTWAIL has been in the wild since as early as 2007 and was considered one of the biggest spam botnets in 2009.
\nBut while UPATRE might be considered \u201cold\u201d at this point, it still has a few tricks up its sleeve.
\nWe spotted an upgraded version of UPATRE that can disable security features\u2014making it easier to avoid detection.
\nWe also encountered a new variant being dropped as a Microsoft-compiled HTM file (.CHM).
\nThe use of this file extension is a way to avoid suspicion: .CHM is the extension of Microsoft help files.
\nFor the first half of the year, spear-phishing emails used a variety of social engineering lures like upcoming seminars, job vacancies, and personnel issues.
\nHowever, what stood out was the fact that the two most common payloads were PLUGX and EMDIVI.
\nPLUGX is a remote access tool (RAT) used in targeted attacks aimed toward government-related institutions and key industries.
\nEMDIVI, which first appeared in 2014, is notoriously used in targeted attacks against Japanese companies.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9fa2f6b0ed&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e4ef91170e)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Linux Foundation’s security checklist can help sysadmins harden workstations Konstantin Ryabitsev, the Foundation’s director of collaborative IT services, published the security checklist that the organization uses to harden…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1138","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1138"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1138\/revisions"}],"predecessor-version":[{"id":3625,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1138\/revisions\/3625"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}