Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Targeted Attacks – Seven resources to check for new attacks

Trend Labs shares techniques for spotting targeted attacks, which are highly specific and designed to blend into corporate email or other resource functions in a highly legitimate manner. 

http://blog.trendmicro.com/trendlabs-security-intelligence/7-places-to-check-for-signs-of-a-targeted-attack-in-your-network/

http://about-threats.trendmicro.com/us/threat-intelligence/targeted-attacks/

QUOTE:  Targeted attacks are designed to circumvent existing policies and solutions within the target network, thus making their detection a big challenge. As we’ve stressed in our previous entry about common misconceptions about targeted attacks, there is no one-size-fits-all solution against it; enterprises need to arm themselves with protection that can provide sensors where needed, as well as IT personnel equipped enough to recognize anomalies within the network and to act accordingly.

1. Check for Injected DNS Records
2. Audit Accounts for Failed/Irregular Logins
3. Review Security Warning messages and logs
4. Check for Strange Large Files
5. Audit Network Log for Abnormal Connections
6. Abnormal Protocols
7. Increased Email Activity and Spikes

Security – Built on foundation of Trust

As McAfee security shares, “Trust Is the Most Valuable Asset” in protecting information resources

http://blogs.mcafee.com/mcafee-labs/trust-valuable-asset

QUOTE: Traditionally, providing security has been primarily a task of the state, but who should be responsible for safeguarding cyberspace? Who will build trust in it? Most of digital infrastructure is owned and operated by the private sector. Moreover, the majority of actors operating in the field of cybersecurity are private. The state has unique capabilities to provide security and maintain trust among people, for example, by mobilizing its unique resources and by passing and enforcing laws.

Trust is an important ingredient of security. Doubt leads to insecurity, whereas trust builds security. When there is no certainty, people seek additional security measures. In cyberspace, these measures usually refer to technical solutions to particular problems. In other words, security is produced through technology. However, addressing the question of trust this way is only part of the solution. Regulation—standards, laws, treaties, and good practices—that establishes rules of the game for cyberspace is also important. Yet the biggest challenge remains in people’s unawareness and lack of familiarity with digital technology.

It is the shared responsibility of all online actors to reinforce trust in the digital world. Thus it lies on everyone’s shoulders to strengthen cybersecurity. The state does its part by establishing national and international regulation and administrative structures needed for cooperation. It strengthens public-private partnerships and allocates powers both upward and downward to different actors. It strives to normalize people’s relationship to cyberspace and educates them to become smart e-citizens, shares information, provides services online, and counteracts threats in the digital world. It also uses market mechanisms, for example, purchasing power and the creation of incentives for companies, other organizations, and individuals to invest in cybersecurity

Passwords – TrustWave 2014 research report

This study shares that LONGER passwords are more protective than extensive use of special characters in shorter passwords.  Several additional key findings are also shared in this study.

https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/

http://securitywatch.pcmag.com/hacking/326374-make-passwords-strong-and-long

 
An automated tool can crack a completely random eight-character password including all four character types such as “N^a&$1nG” much faster than a 28-character passphrase including only upper- and lower-case letters like “GoodLuckGuessingThisPassword”. If for the purposes of this estimate we assume the attacker knows the length of the passwords and the types of characters used, “N^a&$1nG” could be cracked in approximately 3.75 days using one AMD R290X GPU. In contrast, an attacker would need 17.74 years to crack “GoodLuckGuessingThisPassword” using the same GPU. Weak or default passwords contributed to one third of compromises investigated by Trustwave. Therefore, annihilate weak passwords: Implement and enforce strong authentication policies. Educate users on the value of choosing longer pass-phrases instead of simple, predicable, easy-to-crack passwords. Deploy two-factor authentication for employees who access the network. This forces users to verify their identity with information other than simply their username and password, like a unique code sent to a user’s mobile phone

Leadership – Focus on Five most needful ingredients for success

Another excellent leadership article from John Maxwell’s blog

http://www.johnmaxwell.com/blog/take-5

 
Leaders should quit agonizing over the wording of an abstract mission statement that almost no one will read and that will have almost zero impact on their people. Instead, they should concentrate their efforts on developing and following a “Rule of 5” for their company.  For leaders, a primary challenge is to identify the five activities most essential to success, and then to practice them daily. The Rule of 5 doesn’t ask: “What are the five things I would like to do.” That’s a question related to passion. Nor does it ask: “What are five things I should like to do? That sort of inquiry uncovers your values. Rather, the Rule of 5 asks: “What are the five things I must like to do in order to be successful?” Over the next week, carve out time to consider the five activities most essential to your success. Use them to create your own Rule of 5. Then, for the next month, take five minutes in the morning, and another five minutes at the end of the day, to review your Rule of 5. This simple exercise will sharpen your focus and speed your progress toward success.

Facebook – Choking game warning issued

Warnings have been issued for young people to avoid this dangerous new act, that is sometimes being promoted by their friends using social networking resources

http://stlouis.cbslocal.com/2014/08/05/deadly-choking-game-spreads-among-teens-on-social-media/

 
The “choking game” has sparked a social media craze with teenagers posting photos and videos of people choking themselves for a brief high that causes people to pass out – or in some cases, causes death.  Thousands of Facebook and Twitter users have revived “The Choking Game” – a thrill-seeking activity that involves strangulation and often fainting in order to induce a temporary feeling of euphoria caused by a lack of oxygen to the brain. Also called the “fainting game,” the oxygen deprivation causes grey-outs that some have deemed near-death experiences. Medical professionals told KTVI-TV that teens cause the self-induced hyperventilation in order to achieve an adrenaline rush.  The game is extremely dangerous; at best, it kills off brain cells and causes participants to faint and lose consciousness. At worst, it’s deadly; according to the nonprofit organization Games Adolescents Shouldn’t Play (GASP), 900 reported deaths have been attributed to the game.

Microsoft Security Essentials improves in AV-Comparatives Prevalence test

Microsoft Security Essentials improved from 22nd to 6th place in recent AV-Comparatives Prevalence testing.  The most common and prevalent threats were tested among different AV products and Microsoft scored well in this area.  

http://securitywatch.pcmag.com/security-software/326487-microsoft-goes-from-cellar-to-stellar-in-new-antivirus-test

http://www.av-comparatives.info/wp-content/uploads/2014/08/avc_prevalence_201403_en.pdf

https://www.microsoft.com/security/portal/mmpc/shared/protection.aspx

http://securitywatch.pcmag.com/security-software/317280-why-microsoft-doesn-t-need-independent-antivirus-lab-tests

 
Microsoft commissioned the well-known lab AV-Comparatives to re-evaluate a recent test taking prevalence of samples into account. This was a simple file detection test—run an antivirus scan with each product and note how many of over 100,000 samples it detects.  The samples are selected to represent malware prevalent in the wild and to avoid over-representation of any one malware family. However, in calculating the detection rate, every sample gets the same weight. The new report takes the same data and applies weighting based on Microsoft’s reported prevalence. The results were vastly different from the original, as you can see in the chart below.

Ransomeware – F-Secure August 2014 article series

F-Secure is featuring an excellent series of articles during August 2014 related to dangers of ransomeware attacks

 

Ransomware Race (Part 1): CryptoWall ups the ante

http://www.f-secure.com/weblog/archives/00002729.html

 
This summer has included the appearance of two strong new malware families onto the file encrypting Windows ransomware market: CryptoWall and CTB-Locker. Of these, CTB-Locker has been the more advanced family, with its use of elliptic curve cryptography for file encryption and Tor for communication with the command & control server. CryptoWall, meanwhile, has used the more traditional combination of RSA and AES for file encryption and HTTP for C&C communication.  

Ransomware Race (part 2): Personal media the next frontier? 

http://www.f-secure.com/weblog/archives/00002730.html

 
It seems malware authors have recently taken a liking to the network-attached storage (NAS) devices manufactured by Synology Inc. First they were hit by Bitcoin mining malware in the beginning of this year and now by file encrypting ransomware similar to CryptoLocker. NAS devices are used by home and business users alike to easily store and share files over a network. Many, like ones manufactured by Synology, also feature remote access. In this case, it would seem hackers were able to abuse the remote access feature, possibly by exploiting a vulnerability in older versions of the Synology DSM -operating system, to gain access to the devices. Once they had access, they proceeded to install a ransomware they have dubbed “SynoLocker”.  

Ransomware Race (Part 3): SynoLocker Under The Hood

http://www.f-secure.com/weblog/archives/00002733.html

 
On the surface, SynoLocker and CryptoLocker share many similarities, not the least of which are a similar name, similar choice of encryption algorithms and the idea of extorting money from victims. Under the surface however, the similarities quickly end. When first infected with SynoLocker, a unique RSA key pair is generated for the victim. The private key never leaves the malware operator(s) but the public key is stored onto the victim device. This public key can be used to encrypt data in such a way that it can only be decrypted with the associated private key. As long as the malware operator(s) are in control of the private key, they can deny the victim access to their encrypted files.

Ransomware Race (Part 4): Adult Content, Browlock’s Staying Power

http://www.f-secure.com/weblog/archives/00002735.html

 
Compared to other Ransomware families, Browlock does not encrypt the victim’s files, and does not add nor run any files on the victim’s machine. It only scares the user by “locking” the browser with an alert that claims to be from the police or authorities, stating that the victim has committed a crime by viewing inappropriate websites or downloading pirated software. It prevents the user from closing the browser, but terminating the browser process using task manager, for example, resolves the problem.

Community Health Systems over 4 million patients impacted by data breach

Approximately 4.5 million Community Health System patients appear to be impacted by major data breach recently reported:

http://www.komando.com/happening-now/267459/hackers-steal-4-5-million-patient-hospital-records

http://www.bbc.co.uk/news/technology-28838661

 
Hackers got into the hospital’s systems and installed a virus that stole upwards of 4.5 million patient records. The information stolen includes names, Social Security numbers, patients’ home addresses, birthdays and telephone numbers. So far it seems hackers didn’t get medical history information or credit card numbers. Still, that’s a small comfort given the damage they can do with what they did get. The hospital group in question is Community Health Systems, which has 206 branches in 28 states:  Alabama, Alaska, Arizona, Arkansas, California, Florida, Georgia, Illinois, Indiana, Kansas, Kentucky, Mississippi, Nevada, New Jersey, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, West Virginia and Wyoming.

Windows 9 – Ten desired features for next version

The 10 features and ideas enumerated in this article provide an excellent list of features to consider for the Threshold project.

http://www.itpro.co.uk/desktop-software/21498/windows-9-10-features-we-want-to-see

QUOTE: Windows 9, also known as “Threshold”, is expected to arrive sometime in 2015 and hopes and wishes from users definitely aren’t in short supply ahead of its unveiling. Tickets to the Build Developer conference 2014 in San Francisco sold out in 24 hours when rumors of Windows 9 hit the internet, highlighting – perhaps – just how much appetite there is out there for a Windows 8 successor. It was rumored that Windows 9 would see a release date as soon as April 2015, but a third update to Windows 8 in the same month means that we will likely have to wait until later in the year.

Windows 7 – MS14-018 is a foundation for further IE 11 updates

This recent article documents that APR2014 MS14-018 cumulative update provides foundational base for Win7′s version of IE 11 to continue installing updates

http://www.networkworld.com/article/2363701/windows/microsoft-strips-some-windows-7-users-of-ie11-patch-privileges.html

https://technet.microsoft.com/library/security/ms14-018

QUOTE: Users who have not installed the IE security update issued on April 8 — identified by Microsoft as MS14-018 — on Windows 7, and who rely on Windows Update to download and install fixes, did not receive the June 10 IE update. Nor will IE11 receive any future updates, security or otherwise, until that MS14-018 has been installed. Windows Update will not display the appropriate IE11 patches.

As far as Computerworld could determine, this is the first time that Microsoft selectively shut off patches to IE while still providing updates to the operating system.  It’s unclear why Microsoft did this — unlike the situation with Windows 8.1, the firm has not publicly explained the move or even publicized the requirement — but it may be attributed to the significance of the IE11 update in April. In a support document, Microsoft listed numerous changes to IE11 on Windows 7.

Admittedly, most users who have Windows Update set to automatically download and install updates — a majority of consumers — do not need to be aware of such requirements, assuming those updates are successfully installed. But Windows and IE updates are not foolproof: They sometimes fail to take. In that case, users on Windows 7 running IE11 might not know that they are now unprotected, and will remain so until MS14-018 is deployed.

Network-wide options by YD - Freelance Wordpress Developer