Security Protection – Harry Waldron MVP Rotating Header Image

Security Awareness Podcasts – Social Engineering security site

The link below features 62 podcasts, most of which are around one hour in length:

http://www.social-engineer.org/category/podcast/

QUOTE: Welcome to the Social-Engineer Podcast! The second Monday of each month we will be releasing a new and exciting episode, each with its own specific topic of the month.

Security Awareness Training Techniques for 2014

From the Social Engineering blog, excellent advice is shared for designing security awareness training programs

http://www.social-engineer.org/how-tos/change-education-working/

QUOTE: What’s the big band wagon that everyone is scrambling to jump on? It’s simple. Train employees on social engineering tactics. The article points out that more than half of security professionals say that social engineering tactics work so well because employees are not educated enough to combat them. Let’s break down what makes training effective according to learning theorists and social psychologists:

(1) Connect and Interact – You have to make a connection with your audience before they will care. Canned presentations don’t work as well as personal interaction.

(2) The right motivation – Training by itself is only a temporary patch because enough people want to believe it can’t happen to them.

(3) Lather, rinse, repeat: At the most, studies indicate that a phishing campaign with an educational message if “hooked” is only effective for about six months. Lessons need to be repeated and generalized. Rotate the types of phishing emails going out and give up-to-date education advice.

(4) Policy: It’s the ugly word that no one likes to talk about, but at some point it’s going to have to be addressed. If any employee consistently fails social engineering pentests despite education and mentoring, it is a good time to look at the effectiveness of your education program and the role that employee is allowed to play with  regards to company data.

Leadership – Expressing Gratitude improves Team Morale

John Maxwell shares excellent advice for IT and business leaders in being appreciative to team members and fostering that spirit in all aspects of the difficult role of leading others

http://www.johnmaxwell.com/blog/letting-gratitude-enrich-your-life

QUOTE: The surest index of your spiritual and emotional well-being is the degree of gratitude in your life. Where does gratitude come from, and how can we grow in gratefulness?

1. Grateful people linger over life’s blessings
2. Grateful people live in the moment
3. Grateful people leave fear behind
4. Grateful people live on purpose
5. Grateful people love those beside them

WIRELURKER malware – Many Apple devices may be at risk

Apple users should be cautious in monitoring developments for this serious threat.  As protection emerges, users should quickly patch or fortify their systems and avoid risky documents or device connections.  

The Market Watch link notes that up to 800,000,000 devices are potentially at risk until improved protection and containment are in place. While the media often sensationalizes early reports, the technical capabilities of this malware are highly advanced with several “firsts” for the OSX platform.

http://www.marketwatch.com/story/palo-alto-networks-says-new-malware-threatens-800-million-apple-devices-2014-11-06

https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf

QUOTE:   EXECUTIVE SUMMMARY – Palo Alto Networks recently discovered a new family of Apple OS X and iOS malware, which we have named WireLurker. We believe that this malware family heralds a new era in malware across Apple’s desktop and mobile platforms based on the following characteristics:

*  Of known malware families distributed through trojanized / repackaged OS X applications, the biggest in scale we have ever seen

*  Only the second known malware family that attacks iOS devices through OS X via USB

*  First malware to automate generation of malicious iOS applications, through binary file replacement

*  First known malware that can infect installed iOS applications similar to a traditional virus

First in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of
techniques to successfully realize a new breed of threat to all iOS devices.

WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.

We further describe WireLurker’s potential impact; methods to prevent, detect, contain and remediate the threat; and Palo Alto Networks enterprise security platform protections in place to counter associated risk.

WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.

US CERT warning – Backoff POS agent impacts over 1000 businesses

US CERT warning related to dangers of point-of-sale malware that attempts to steal credit card numbers and sensitive customer information 

https://www.us-cert.gov/ncas/alerts/TA14-212A

QUOTE: Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the “Backoff” malware. Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected.

These variations have been seen as far back as October 2013 and continue to operate as of July 2014. In total, the malware typically consists of the following four capabilities. An exception is the earliest witnessed variant (1.4) which does not include keylogging functionality. Additionally, 1.55 ‘net’ removed the explorer.exe injection component:

* Scraping memory for track data
* Logging keystrokes
* Command & control (C2) communication
* Injecting malicious stub into explorer.exe

 

Insurance and Financial organizations – Changing the Security Mindset

This excellent article from “Insurance and Technology” magazine, highlights the need for organizations to take security protection seriously by performing a risk assessment, developing an incident response plan in advance, and exercising the principle of continuous improvement in both technology and human behavioral controls … Just as one does not wait until it starts raining to patch the roof, each organization must also prepare in advance and in a comprehensive manner

http://www.insurancetech.com/security/changing-the-security-mindset/a/d-id/1317045

QUOTE: As cyber attacks evolve in number and complexity, financial services organizations must embrace proactive security strategies. Cyber security is rapidly evolving as an area of concern for insurers, with data breaches occurring more often than ever. Recent data from the Ponemon Institute reveals that 43 percent of businesses have experienced an attack in the past 12 months, and the changing motivation behind them is posing an even greater threat to the industry.

“Today, the main driver in hacking is financial,” says Jerry Irvine, CIO of Prescient Solutions and member of the National Cyber Security Task Force. “Criminal, governmental, and third-party organizations are all financially driven.”

Modern-day criminals want to be more than nuisances or political rebels, says Irvine, and today’s technology isn’t complex enough to block their attacks. Modern solutions are designed to protect environments with physical perimeters, but the growth of cloud technologies and evolution of hackers’ abilities are rendering these ineffective. Hackers don’t have new tools, but more of them are discovering and exploiting the flaws within existing systems.

He recommends that insurers begin by conducting a risk assessment, a process significantly more complex for organizations than for consumers. In addition to defining regulatory and compliance requirements, insurers must detail and inventory everything that relates to their data. This involves determining which apps access each set of data, as well as categorizing information as critically confidential.

To minimize damage in the event of a data breach, carriers should have an incident response plan, says Kirstin Simonson, underwriting director for Travelers Global Technologies. Many businesses lack a responsive strategy, she says, or a team in place to mitigate the effects of a cyber attack.

Leadership – Importance of research and probing questions

John Maxwell’s leadership blog shares excellent advice regarding the need to ask meaningful questions and seek the best solutions during project research phases.

http://www.johnmaxwell.com/blog/curiosity-may-have-killed-the-cat-but-it-will-build-the-leader

QUOTE:   I have no special talents. I am only passionately curious.” – Albert Einstein

Curiosity = Asking … You only get answers to the questions you ask. There is a yawning chasm separating the person who neither formulates interesting questions nor asks for help and the person who poses profound questions to others and solicits their advice. People who fail to ask questions live in a mental fog. Trapped in the limitations of their own perspective, they have difficulty seeing their present situation clearly or discerning the best path forward. Conversely, people who seek ideas and input from others strengthen their decision-making, work smarter, see their surroundings with sharper clarity.

Immature leaders try to accomplish everything alone. They lean on their own understanding, and when it runs out, they fall flat on their faces. As leaders mature, they learn the value of putting together a team of people to help them think more intelligently.

FBI Warning – Fake Fraduluant Corporate Purchase orders

The FBI warns of an increase in highly realistic purchase orders used to defraud corporate suppliers

http://www.fbi.gov/news/stories/2014/october/cyber-crime-purchase-order-scam-leaves-a-trail-of-victims/cyber-crime-purchase-order-scam-leaves-a-trail-of-victims

QUOTE: What began as a scheme to defraud office supply stores has evolved into more ambitious crimes that have cost retailers around the country millions of dollars—and the Nigerian cyber criminals behind the fraud have also turned at-home Internet users into unsuspecting accomplices.

FBI investigators are calling it purchase order fraud, and the perpetrators are extremely skillful. Through online and telephone social engineering techniques, the fraudsters trick retailers into believing they are from legitimate businesses and academic institutions and want to order merchandise. The retailers believe they are filling requests for established customers, but the goods end up being shipped elsewhere—often to the unsuspecting at-home Internet users, who are then duped into re-shipping the merchandise to Nigeria.

They order large quantities of items such as laptops and hard drives,” said Special Agent Joanne Altenburg, who has been investigating the cyber criminals since 2012 out of our Washington Field Office. “They have also ordered expensive and very specialized equipment, such as centrifuges and other medical and pharmaceutical items.”

 

Indicators of Fraud - Businesses can avoid becoming victims of purchase order fraud by being aware of several fraud indicators:

Incorrect domain names on websites, e-mails, and purchase orders. The scammers use nearly identical domain names of legitimate organizations, but in the case of a university, for example, if the URL does not end in .edu, it is likely fraudulent.

- The shipping address on a purchase order is not the same as the business location. Likewise, if the delivery address is a residence or self-storage facility, it should raise red flags.

Poorly written e-mail correspondence that contains grammatical errors, suggesting that the message was not written by a fluent English speaker.

Phone numbers not associated with the company or university, and numbers that are not answered by a live person.

– Orders for unusually large quantities of merchandise, with a request to ship priority or overnight.

Microsoft Security Development Lifecycle – a historical account

This historical account shared by Microsoft is excellent as it lead to the strategic Trustworth Computing directive and improved security protection and update processes

http://www.microsoft.com/security/sdl/story/default.aspx#chapter-1

 
Across thousands of developers and millions of lines of code, one company learns to build secure software in an increasingly insecure world. It was 2 a.m. on Saturday, July 13, 2001, when Microsoft’s then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called “Code Red” was spreading at an astonishing rate. Code Red was a worm — a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious. At the time, ABC News reported that, in just two weeks, more than 300,000 computers around the world were infected with Code Red — including some at the U.S. Department of Defense and Department of Justice.

Windows 10 – Preview version guided tour by Network World

These 20 slides share highlights of the new features that are part of the Windows 10 Preview version 

http://www.networkworld.com/article/2835036/windows/windows-10-a-guided-tour.html

QUOTE: Microsoft released a technical preview of the next version of Windows for the public to download and try for free. Although a final release with additional features isn’t expected until the middle of 2015, there are already a number of changes compared to Windows 8.1. Here are some of the most prominent features summarized in a slide show presentation