[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nTable of Contents didnt quite work out as I wanted. Sorry for the mess. I’m working on improving it.
\nSo onto the news:<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————
\n* Landry’s Reveals Details of POS Breach
\n* How to Build a Remote Security Team
\n* What Are Your Container Security Options?
\n* Detecting \u2018Multi-Stage\u2019 Cloud Cyber-Attacks from the Start
\n* The Malware Museum is an epic collection of old-school viruses
\n* CIOs wary of sharing cyberthreat data
\n* 5 Reasons Why Encryption Won’t Be Enough to Protect Your Data
\n* Cybercriminals use spy tactics for online bank heists
\n* Cloud security risks are rising
\n* The 8 most stressful jobs in tech
\n* Obama signs two executive orders on cybersecurity
\n* Swedish exec to take over as ICANN chief
\n* Current p2p trends threatening enterprise security
\n* Grammar and Spelling Errors in Phishing and Malware – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0802e81336&e=20056c7556
\n* Russian hackers used malware to manipulate the Dollar\/Ruble exchange rate<\/p>\n
Landry’s Reveals Details of POS Breach
\nHouston-based Landry’s Inc. has opened up on the broad scope of point-of-service malware attacks at its restaurants and other properties dating back to 2014 and 2015.
\nThe breaches exposed payment cards used at 46 of its brands, which include the restaurant chain Morton’s and Golden Nugget Hotels and Casinos.
\nMore than 350 locations in 34 states, the District of Columbia and Canada were affected, according to a Jan. 29 statement.
\nLandry’s has about 500 locations under its corporate umbrella.
\n“Findings from the investigation show that criminal attackers were able to install a program on payment card processing devices at a certain [number] of our restaurants, food and beverage outlets, spas, entertainment destinations and managed properties,” according to the statement. “The program was designed to search for data from the magnetic-stripe of payment cards that had been swiped as the data was being routed through affected systems.
\n“Landry’s likely uses a franchise-like model for most of their stores or operations,” he says. “And that’s the Achilles heel for the industry, because when you have a model like that, those locations are considered small merchants.
\nSo they are probably not getting the attention they should for PCI compliance.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dca3491b77&e=20056c7556<\/p>\n
How to Build a Remote Security Team
\nWhoever is managing this team needs to be in constant communication with the other team members.
\nThere isn\u2019t the ability for you to walk over to an employee\u2019s cube and speak to them, and vice versa, so constant contact with each other is necessary to verify that the lines of communications are open.
\nThis includes secure IM, webcams, email and texting.
\nDaily Stand Up Meetings
\nThese shouldn\u2019t be more than 15-20 minutes and can be done at the beginning and end of each day, as needed.
\nSecure Access
\nHaving the ability for all team members to collaborate securely is mandatory and so is the ability for them to securely access the network.
\nScheduled Gatherings and Staff Meetings
\nJust as important as keeping in constant contact with each other so is keeping some of the normality of the office.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0ec7f9f3ba&e=20056c7556<\/p>\n
What Are Your Container Security Options?
\nVirtualization giant VMware is a vocal advocate of the idea of running each containerized application in its own virtual machine to increase security.
\nPerhaps that’s not surprising given that container technology can be seen as a direct rival to its server virtualization technology, but VMware’s approach is certainly worth a good look.
\nBut bringing virtual machines in to the mix would seem to negate many of the benefits of containers: for example that you can start them far faster than virtual machines, and that you can run far more containers than virtual machines on a single host.
\nClair is an open source API-driven analysis engine that inspects containers layer-by-layer for known security flaws.
\nThat’s useful for identifying container images that may not have contained any known vulnerabilities when you made them, but which have subsequently become unsafe to use because of the discovery of new vulnerabilities.
\nTwistlock is a security suite for containers founded by Ben Bernstein and Dima Stopel, who both spent more than 10 years in the Microsoft R&D center in Israel and who also served in the Israel Defense Force’s (IDF) formidable intelligence corps.
\nCoreOS has emerged as the major rival to Docker in the container space, and late last year it unveiled Distributed Trusted Computing.
\nThis is a system which allows you to cryptographically verify the integrity of your entire container environment – from the server hardware to the applications running in containers.
\nWhat Is Docker Doing?
\nThe newest container security initiative, announced at the recent Dockercon EU conference, is a scanning project called Project Nautilus that involves examining and validating images on the Docker Hub repository, with the aim of identifying vulnerabilities that exist in Dockerized applications.
\nDocker also announced support for a security capability known as user namespaces that will allow Docker users to enforce security controls on application processes running inside of a Docker engine, according to Kerner.
\nIn addition, Docker plans to support Linux seccomp, a technology that Nathan McCauley, director of security at Docker, said will allow users to limit what runs inside Docker containers.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e923ce5597&e=20056c7556<\/p>\n
Detecting \u2018Multi-Stage\u2019 Cloud Cyber-Attacks from the Start
\nA group of cybersecurity researchers are utilizing an experimental cloud computing test bed, called Chameleon and funded by the National Science Foundation, at the Texas Advanced Computing Center (TACC) at The University of Texas at Austin, and the Computational Institute at the University of Chicago to develop methods for detecting and containing cyber-attacks while still in the early stages.
\nThe new detection rules under development by the researchers are based on a cyber-security artificial intelligence technique called Planned Recognition \u2013 recognizing the small start to a larger plan.
\nThe researchers are analyzing attacks guided by three main questions: 1) how vulnerable is a cloud infrastructure to an attack from the outside; 2) how vulnerable is it to attacks from the inside \u2014 virtual machine to virtual machine; and 3) what happens when both of these situations happen simultaneously.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=28cc19aedf&e=20056c7556<\/p>\n
The Malware Museum is an epic collection of old-school viruses
\nThe destructive parts of the malware has been removed, but it\u2019s pretty interesting to see how viruses of the past were created and what they actually did to computers, rather than just sheer destruction.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=552b421ce3&e=20056c7556<\/p>\n
CIOs wary of sharing cyberthreat data
\nDespite a new law encouraging companies to share more information about cybersecurity attacks, only 58 percent of CIOs polled say the new law would make it more likely they would cooperate with the government in the event of a data breach.
\nThe results, collected in a live audience poll at the Wall Street Journal\u2019s CIO Network show Tuesday, suggest the U.S. government has a ways to go to fostering trust with the corporate sector.
\nOzment, who oversees a $930 million budget and workforce created to bolster the nation\u2019s cyber and communications infrastructure defense, says companies can relay threat indicator information from their intrusion detection system to one of their servers.
\nCompanies then relay it to DHS, which has created a \u201cgiant mixing bowl of indicators,\u201d which are stripped of information about employees.
\nHe also said cybersecurity vendors would be able to use the data to build their own products.
\nWhile he allowed that companies are much more reticent to report hacks, Ozment encouraged companies to communicate incidents to law enforcement or DHS, which would grant statutory protections where the data can’t be used for regulatory purposes, civil litigation or Freedom of Information Sharing Act requests. “The bill says that if you’re sharing information for cybersecurity purposes, then you\u2019re protected against this liability,” Ozment says.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=75cc0ab6e0&e=20056c7556<\/p>\n
5 Reasons Why Encryption Won’t Be Enough to Protect Your Data
\n… according to a new report by Harvard’s Berkman Center for Internet and Society, end-to-end encryption and other data protection methods aren’t enough to actually ensure that data is kept private, now and in the future.
\nHere’s why.
\nThe Berkman Center brought together security, policy, and intelligence experts to examine the impact of Apple, Google, and other communication providers’ decision to make easy, end-to-end encryption the default in their phones and mobile devices.
\nEnd-to-end encryption is a form of data protection where only the people communicating can access the information.
\nThere are no easy backdoors for the government, your Internet provider, or cyberthiefs to access and grab your info.
\nMarket forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will “go dark” and beyond reach.
\n1) Monetizing User Data Will Keep End-to-End Encryption Rare.
\n2) There’s No Coordination.
\n3) The Internet of Things Will Be Watching and It Will Be Unprotected.
\n4) Metadata Remains Unprotected.
\n5) Our Privacy Discussions Are Too Limited.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=250ea0c62d&e=20056c7556<\/p>\n
Cybercriminals use spy tactics for online bank heists
\nOne group of attackers is using a modular malware program known as Metel or Corkow to infect computer systems belonging to banks and to reverse ATM transactions.
\nDuring a single night, the gang stole millions of rubles from a Russian bank using this hard-to-detect transaction rollback trick.
\nThe Metel attackers start off by sending spear phishing emails with malicious links to the employees of banks and other financial institutions.
\nOnce they compromise computers in those organizations, they move laterally inside the networks to identify and gain access to the systems that control transactions.
\nOnce this is achieved, they automate the rollback of ATM transactions for particular debit cards issued by the institution.
\nDuring the night, the attackers drive around various cities and withdraw money from the ATMs of other banks.
\nHowever, in the card issuing bank’s systems the transactions are automatically reversed so the account balances never change.
\nA second group that also targets banks and financial institutions uses a malware program dubbed GCMAN, which is distributed using emails with malicious executable RAR archives and which masquerade as Microsoft Word documents.
\nThe GCMAN group also stands out because of its patience.
\nIn one incident, it waited a year and a half from the initial point of compromise until it started siphoning money.
\nDuring that time its members probed 70 internal hosts, compromised 56 accounts and used 139 different IP addresses to do it, mainly associated with Tor exit nodes and compromised home routers.
\nThe third group is not new, but is one that previously went silent for about five months after being exposed in February 2015.
\nUntil that time, the cybercime gang had used a custom malware program called Carbanak to steal millions of dollars from hundreds of financial institutions in at least 30 countries.
\nThe group has returned with a new version of the malware — Carbanak 2.0 — and has started targeting budgeting and accounting departments in non-financial organizations as well.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cbf07351ea&e=20056c7556<\/p>\n
Cloud security risks are rising
\nCloud security risks are rising, with attacks growing at 45% year-on-year globally, according to cloud security firm Alert Logic.
\nIn the next five years, $2 billion will be spent by enterprises to shore up their cloud defences, according to Forrester Research.
\nFirst time cloud users can be most at risk, simply because of unfamiliarity with the new environment and the added burden of having to grapple with a new way of managing users, data and security.
\nHere are five security must-do\u2019s before taking the plunge.
\nDuring vendor selection, ask the cloud vendor what security services it provides and which security vendors it works with.
\nNew apps, new fortifications: Ready to move an app into the cloud.
\nBefore you do, consider adding new fortifications to the existing security measures you have built around your app\u2019s authentication and log-in processes.
\nEmbrace encryption: Data encryption is one of your biggest security ally in the cloud, and it should be non-negotiable when it comes to file transfers and emails.
\nWhile it may not prevent hacking attempts or data theft, it can protect your business and save an organisation from incurring hefty regulatory fines when the dreaded event happens.
\nWrestling with the virtual: Moving into the cloud lets businesses reap the benefits of virtualisation, but a virtualised environment can present challenges to data protection.
\nThe main issue has to do with managing the security and traffic in the realm of multi-tenancy and virtual machines.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=412f7798f4&e=20056c7556<\/p>\n
The 8 most stressful jobs in tech
\nThe most stressful tech and IT job on the list was for Web developer, which might be associated with its rapid growth.
\nAccording to the Bureau of Labor Statistics, web developer jobs are expected to grow by 27 percent by 2024, which is much faster than average.
\nThe average salary for a web developer is $63,490 per year and the typical entry-level worker has at least an Associate’s degree.
\n[The least stressful top eight job was security analyst.
\nI wouldn’t see this as a bad sign, but more of a sign that the role is evolving to encompass other skills such as data analyst.]
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3fbf01ac17&e=20056c7556<\/p>\n
Obama signs two executive orders on cybersecurity
\nWASHINGTON \u2014 Through two executive orders signed Tuesday, President Obama put in place a structure to fortify the government’s defenses against cyber attacks and protect the personal information the government keeps about its citizens.
\nThe orders came the same day as Obama sent to Congress a proposed 2017 budget that includes $19 billion for information technology upgrades and other cyber initiatives
\nTo implement those upgrades, Obama created two new entities Tuesday: The first, a Commission on Enhancing National Cybersecurity, will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors.
\nIt will deliver a report to the president by Dec. 1.
\nThe second, a Federal Privacy Council, will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e6da3d1cce&e=20056c7556<\/p>\n
Swedish exec to take over as ICANN chief
\nThe Director-General of the Swedish Post and Telecom Authority, G\u00f6ran Marby, has been named the next President and Chief Executive Officer of the Internet Corporation for Assigned Names and Numbers (ICANN).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9e42c03d41&e=20056c7556<\/p>\n
Current p2p trends threatening enterprise security
\nChase Cunningham, director of cyber threat research, and Jeff Schilling, CSO, of Armor spoke about today\u2019s common p2p threat, the CryptoLocker campaign.
\nSchilling said, \u201cIndividual computer threat actors are sending phishing emails to victims.
\nThat crypto software sees what protocols are open across your network.
\nThen they lock up the files, encrypt them, and hold them for ransom.\u201d
\nA common monitoring problem, said Schilling, is that most network traffic is monitored from north to south.
\nObserving the east to west connection between the server in our environment and other servers will unveil different threats.
\nCunningham and Schillling said that CryptoLocker remains another p2p problem, \u201cIt\u2019s something that is really taking off this year, and the vulnerabilities on their personal laptops and devices are from not shutting down those p2p protocols,\u201d Schilling continued.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8b5c7ce5a6&e=20056c7556<\/p>\n
Grammar and Spelling Errors in Phishing and Malware – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=38584d6134&e=20056c7556
\nCybercriminals are able to write a program and orchestrate a maze of elaborate fraud schemes, but just can\u2019t seem to get the wording right.
\nIf those criminals can put so much effort into creating phishing attempts that appear to be from a legitimate bank, why wouldn\u2019t they also proofread emails or double check the user agent used in C&C communications. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7ad47e217b&e=20056c7556
\nLet\u2019s take a look at some examples, starting with malware. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=570b9d47f1&e=20056c7556
\nLet\u2019s switch over to phishing.
\nThe following three samples were seen in the wild.
\nThey are either missing some words that are considered important when completing sentences in English, or they simply read as if a child wrote them. – See more at: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=33f7f44e57&e=20056c7556
\nThe errors in phishing are useful though.
\nThe emails that make it past spam filters have one final filter to pass through: the user.
\nVigilance in reading the email and noting where it originated and how it uses language are great steps in staying secure from phishing. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=835af71a1e&e=20056c7556
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8c147b6d1e&e=20056c7556<\/p>\n
Russian hackers used malware to manipulate the Dollar\/Ruble exchange rate
\nRussian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system terminals, which allowed them to manipulate the Dollar\/Ruble exchange rate.
\n“To conduct the attack criminals used the Corkow malware, also known as Metel, containing specific modules designed to conduct thefts from trading systems (…) Corkow provided remote access to the ITS-Broker system terminal by ‘Platforma soft’ Ltd., which enabled the fraud to be committed.”
\nDuring this period, the Corkow Trojan was functional and constantly updated itself to avoid detection by antivirus software installed at the bank.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fe8931ccb1&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=74c48ddcd5)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 Table of Contents didnt quite work out as I wanted. Sorry for the mess. I’m working on improving it. So onto the news: ** ———————————————————— ** ———————————————————— * Landry’s Reveals Details of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1196","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1196"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1196\/revisions"}],"predecessor-version":[{"id":3683,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1196\/revisions\/3683"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}