Threat Recap: Week of June 20th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
First ‘Hack the Pentagon’ Event a Major Success
Several months ago, the Department of Defense launched a program designed to bring in registered hackers and have them attempt to breach several public-facing websites, for cash prizes. With over 1,400 hackers participating, the DoD was able to confirm 138 discovered vulnerabilities and paid out amounts up to $15,000. Furthermore, in the 3-week period, not a single malicious attack was attempted on DoD sites.
Apple Customers Targeted With Phishing Campaign
In the last week, many Apple users had received an email warning them of a virus in the iTunes Database that required all users to re-validate all of their user information, and threatened to delete accounts if the user delayed inputting the information. However, with a redirected splash page riddled with misspelling, this phishing attempt was quickly thwarted and the associated pages were taken down, though Apple still warns users to be vigilant for similar emails in the future.
https://www.helpnetsecurity.com/2016/06/21/itunes-database-phish/
Ded Cryptor, Latest Bilingual Ransomware Variant
Researchers have uncovered another ransomware variant, this time with a less-than-jolly Santa figure appearing alongside the ransom instructions, written in both English and Russian. The so-called Ded Cryptor replaces the user’s wallpaper with the ransom note and gives an email address to contact for further steps towards payment and decryption of their files, which are appended with a .ded extension upon encryption.
Court Rules FBI No Longer Needs Warrant to Hack Computers
In a recent court ruling surrounding a child pornography case, the FBI had granted a warrant to hack into certain computers and retrieve information that lead to multiple offenders being arrested. The presiding judge had determined that while the offenders had used Tor to anonymize their browsing, having a publicly accessible IP address removed the need for law enforcement to obtain a warrant when gaining unauthorized access to any computer, regardless of probable cause or any real suspicion.
Acer Security Breach
Recently, Acer has come forward and admitted to a breach in their systems that allowed hackers to access the sensitive information of over 34,000 customers, which ranges over a course of a year and contains a full year’s worth of transactions. This information includes names, addresses, and credit card information (that may or may not have been encrypted prior to the breach), and other private information that criminals could use to commit fraud.
Threat Recap: Week of June 13th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Compromised RDP Servers Offer Cheap Attack Platform
Recently, researchers discovered an online marketplace that allowed for the purchase of hacked remote desktop servers for a minimal fee. The Russian-based site, known as the xDedic Marketplace, has listings for over 70,000 servers located in 173 different countries, which range from government institutions to universities.
http://www.theregister.co.uk/2016/06/15/hacked_server_market/
Chat Support: The Latest Ransomware Feature
Ransomware has become an all-too-common occurrence in the cyber world, and a new variant named ‘Jigsaw’ has a curious surprise for its victims: live phone support. An option on the lock screen offers the victim a chance to speak with someone about paying the ransom by using ‘onWebChat’, a free-to-use chat program. This feature is just another step towards professionalizing the ransomware industry and instilling trust in their worldwide “customer” base that they will decrypt the user’s files once a payment has been made.
Lone Hacker Claims Responsibility for DNC Breach
Earlier this week, it was reported that the DNC’s (Democratic National Committee’s) official servers had been compromised and sensitive information regarding opponent Donald Trump had been stolen by the Russian Government. Shortly after Kremlin officials stated their innocence in the matter, a hacker going by Guccifer 2.0 posted a blog on WordPress where he took full credit for the hack and included several (supposedly) related documents. Security officials are working to determine the authenticity of the documents, while further research has turned up additional information about other intrusions into the DNC network.
http://www.reuters.com/article/us-usa-election-hack-idUSKCN0Z209Q
Japanese Travel Agency Hacked
In the past week, the Japanese travel agency JTB announced a data breach encompassing nearly 8 million customers. The leak is said to contain not only the names and addresses of users, but passport information as well. It is believed that the attack stemmed from a phishing email attachment, which was downloaded by an unsuspecting employee. Fortunately, after further investigation, it seems only 4,300 of the passport numbers are actually valid.
http://www.zdnet.com/article/japans-largest-travel-agency-fears-data-leak-impacting-8-million-users/
Android TV Ransomware Spotted
A variant of ransomware that’s been around since 2015, known as ‘Frantic Locker’, has started to appear on Android Smart TVs with a demand for ransom in the form of iTunes gift cards. The infection initiates via a downloaded file from an infected site, then determines its geolocation and, based on its region, either launches a lock screen or shuts down. While users in Eastern Europe seem unaffected by the infection, victims in other regions are already discovering various methods to simply remove the infection, rather than paying the ransom.
http://www.theregister.co.uk/2016/06/13/android_ransomware_infects_tvs/
Threat Recap: Week of June 6th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Human Error Remains Top Security Threat
In a study conducted over the course of 3 years by the Information Commissioner’s Office, it was found that security breaches due to human error were the number one issue, with the number of reported issues growing steadily year-over-year. While many companies have been increasing the amount of security precautions in regards to cyber attacks, most of them do not see human error as the real problem and thus provide no additional cybersecurity training for their employees.
University of Calgary Pays High-Dollar Ransom
In the past week, the University of Calgary was hit with a ransomware attack that left them with few options. In the end, they ended up paying the nearly $20,000 ransom in hopes of regaining their important files and keeping their systems functional. Fortunately for students and faculty, the decryption keys have been successful, but there still remains much left to do to protect against future attacks.
Social Media Hacks On The Rise
Recently, many high-profile Twitter and other social media accounts have been hacked, including the official NFL Twitter account and Mark Zuckerberg’s seemingly unused account. The hacker behind the NFL breach claims to have had access to an NFL Social Media Staffer’s email that contained the login information for the @NFL account, although it’s unclear exactly how that access was gained.
Game Torrents Redirecting to PUA Downloads
Many people who download pirated copies of games are aware of the risks involved, as some of these downloads have the possibility to contain malicious software. However, a current trend across torrent sites is instead to bundle potential unwanted applications (PUAs) with legitimate game titles and have the file launch an executable rather than the zipped game files. Once the user allows the download, some variants are capable of silently downloading additional PUAs onto the machine without further notifications to the user.
Microsoft’s Anti-Macro Efforts Missing Target
With macro-based infections continuously on the rise, Microsoft has made an attempt to secure its users through the use of more messaging, which warns of macros launching out of Word or Excel documents. Unfortunately, the wording of these warnings has changed for the worse since early iterations of the Office Suite. Where once the messages warned users of possible malicious content and aimed them away from enabling the macro, they now show an almost cheerful dialog box with options only to enable the macro or ignore the bright yellow bar atop the screen.
Threat Recap: Week of May 30th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
MySpace Hack Could Be Largest in Recent History
Recently, LeakedSource announced that they had obtained the login credentials for over 300 million MySpace users. While the leaked database doesn’t show the full credentials for every user (as some usernames/passwords were missing), over 100 million of the passwords had a username attached. Along with posting the entire dataset, LeakedSource also posted the top 50 passwords being used and their frequency of use.
http://www.itnews.com.au/news/myspace-breach-potentially-the-largest-ever-420184#ixzz4A9aotQr4
Majority of Phishing Emails Contain Ransomware
This week, PhishMe published a report showing that a staggering 93% of all phishing emails contained a dropper for some version of ransomware. This number, which contributes to the overall steady increase in phishing attempts (which have risen nearly 800% since the end of 2015), is likely as high as it is thanks to ransomware becoming increasingly easy to deploy and having a high success rate for extortion. With these numbers always on the rise, it’s important to remain vigilant for any suspicious emails containing attachments, especially ones asking for sensitive information.
http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html
TeamViewer Possibly Hacked, Main Site Goes Offline
In news that has spread quickly over the past week or so, many users have claimed to have been hacked via TeamViewer, which has led to thousands of dollars of fraudulent charges being attained in only a few hours. According to many of the victims, the attacks took place in the early morning hours, with PayPal transfers to offshore accounts ranging from several hundred to several thousands of dollars. TeamViewer’s response to these claims has been the denial of any security issue. Rather, they’re stating that a DNS issue was at fault for their site and services being offline.
New Ransomware Variant Acts Like Virus
In the past week, a new form of ransomware, which behaves like a traditional computer virus by copying itself to new drive or network locations to continue propagating itself, was discovered. The variant, ZCrypt, comes through like typical ransomware via an email attachment from a seemingly harmless sender. It then requests downloading a zip file, which launches an executable of the same name (usually an Invoice or Order form), and displays the ransom splash screen.
https://nakedsecurity.sophos.com/2016/06/01/zcrypt-the-ransomware-thats-also-a-computer-virus/
Lenovo Warns of Security Flaw in Pre-Installed Software
This week, Lenovo has strongly recommended that all users should remove the pre-installed Accelerator Application from their computers, as the software makes no security checks when searching for and downloading updates. Amongst the flaws, the application doesn’t use encryption when making outside connections to download updates, nor does it check the validity of digital signatures for said updates, leaving users open for man-in-the-middle attacks during the time the system makes these update checks.
Threat Recap: Week of May 23rd
Government IT Systems Long Outdated
In a recent study done by the Government Accountability Office, a large portion of the US government’s critical business systems have been found to be requiring an increasing amount for maintaining their basic operation, but also they are a major security risk. From defense systems to scientific research systems, these agencies are constantly working to maintain the aging infrastructure with little to no plans for replacement or any significant overhauls.
Microsoft Steps In To Increase Business Security
With the recent news of LinkedIn’s security breach, Microsoft has announced that users of Azure Active Directory will no longer be allowed to use passwords that were found in the LinkedIn breach to be the most common, and therefore vulnerable. By stopping these weak passwords from being used, Microsoft hopes to stop the bad habits that form around password creation, and keep more businesses secure.
http://www.theregister.co.uk/2016/05/25/microsoft_password_policy/
Kansas Hospital Pays Ransomware, Remains Encrypted
In the past week, another hospital was the focus of a ransomware attack that was fortunately mitigated enough to allow continuing operations and maintaining patient data. Although the hospital did pay the ransom initially, not all of their data was restored and a second demand for additional payment was issued. The hospital refused the demand and was able to resume operations quickly as they had a plan in place for a possible cyber attack.
http://www.techspot.com/news/64954-hackers-demand-ransom-payment-kansas-heart-hospital-files.html
Employees Still Number One Security Risk
It comes as no surprise that the majority of security breaches are caused by employee negligence and lack of knowledge on potential security hazards. A study released in the last week shows that half of the nearly 600 companies had experienced some for of security issue due to employee negligence, and of those companies, 60% felt it unnecessary to require additional security training. The study also revealed that most companies provide neither incentive for following correct security procedures nor consequences for the employee found to be at fault for the breach.
https://www.experianplc.com/media/news/2016/dbr-ponemon-institute-managing-insider-risk/
Hong Kong Bitcoin Exchange Hacked
Recently, the Hong Kong firm, Gatecoin was hacked and the attackers made off with nearly $2 million worth of cryptocurrencies. The company is still unsure of how the breach occurred, though Gatecoin has already begun work on improving it’s cyber security to prevent or deter these types of attacks in the future. In addition, the company has also offered a bounty for the return of any bitcoins that were taken.
Threat Recap: Week of May 16th
A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
TeslaCrypt Closing It’s Doors
Here’s a bit of good ransomware news, for once. This week, it was brought to the attention of the security world that TeslaCrypt, one of the largest ransomware creators/distributors, was shutting down their operation for good. Researchers from ESET contacted TeslaCrypt via their support chat function and requested the master decryption key, which was provided freely, along with an instruction guide on how to use it.
https://www.helpnetsecurity.com/2016/05/19/end-of-teslacrypt/
New World Hackers Group Continues With University Hack
The New World Hackers (NWH), a hacktivist group participating in the OpAfrica Anonymous campaign, have targeted Limpopo University in South Africa in response to the ongoing human rights violations that are occurring in the country. Along with replacing the university’s main webpage, the group was able to gain access to both alumni and faculty personal information, which was then released publicly online.
http://news.softpedia.com/news/anonymous-leaks-data-from-south-african-university-504081.shtml
LinkedIn User Data On Sale
Recently, it was reported that the user account information of nearly 167 million LinkedIn users was available on the dark web 5 bitcoins, a small price. The leaked data likely comes from the 2012 hack of LinkedIn, in which over 6 million user accounts were made available, and resulting in hackers working to successfully crack a majority of the hashed passwords. While this breach doesn’t affect all of LinkedIn’s customers, it is advisable that all users change their passwords to avoid any potential future attacks on personal accounts.
Apple Pushes Out High Volume of Security Updates
This week, Apple started sending out security updates for all platform versions of its operating systems, with iOS alone receiving 39 different patches. These updates come just months after Apple participated in Pwn2Own, a hacking event focused on finding security vulnerabilities in the products of several industry leaders. Many of the patches are around the ways Apple product users view web content, with the goal being to keep them safe from any malicious attachments or redirects that may be lurking around.
http://www.eweek.com/security/apple-makes-security-improvements-to-ios-and-os-x.html
Germany Blames Russia for Cyber Attacks
German intelligence officials are pointing their fingers at Russia in regards to attacks dating back to 2015 on the German parliament, as well as the the more recent attacks on Chancellor Angela Merkel. In the past year, attacks originating in Russia have become increasingly common and have a wide spread of targets, including Ukraine’s power grid, TV stations in France, and computer system in the Netherlands. While it’s impossible to know for sure, many of the victims believe it to be the work of the Russian government rather than individual hackers.
http://www.securityweek.com/evidence-russia-behind-cyber-attacks-germany-secret-service?
Hacker Selling Pornhub Shell Access was a False Claim
In the past week, a hacker claimed to be selling shell access to Pornhub’s site, though this information later proved to be false. When contacted by Pornhub in regards to the vulnerability, the hacker was unable to provide any evidence of his capability to gain access or execute any injected code on the site. Pornhub has an ongoing bug bounty program, which will pay out up to $25,000 USD for the discovery of vulnerabilities on their sites.
Threat Recap: Week of May 9th
A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Microsoft and Adobe Vulnerabilities Revealed
In the past week, Microsoft announced a vulnerability in Windows, which would allow attackers to target users visiting a specific site and execute malicious code automatically. In the same statement, Adobe also issued a warning for Flash users, as an exploit was discovered that could allow remote access to unsuspecting computers. Patches for both issues are in the works, and users are strongly encouraged to run these updates promptly.
Google Breach Attributed to Third-Party Vendor
Recently, Google sent out an email to its employees, notifying them of a data breach that occurred with their benefits management partner. Fortunately for Google employees, the recipient of the unauthorized data contacted the company and deleted the information that was sent. As a result of the incident, Google is providing its employees with credit monitoring to safeguard against any fraud that may occur.
British Retailer Hacked for Customer Information
Kiddicare, a British children’s retailer, was recently targeted by attackers who gained access to the personal information of nearly 800,000 customers. The issue stems from a test website that Kiddicare created in late 2015, which contained a large quantity of real customer information, and was never secured or disposed of properly after testing was complete. It is still unclear why the test site was publicly accessible, but some customers have claimed to have received multiple phishing messages via text and email.
School District Hit With Ransomware Attack
In the steadily-rising trend of infrastructure cyber attacks, a Texas school district is seeing the impacts firsthand. Multiple district websites were taken down when the Education Services Center’s servers were struck with ransomware. The district refused to pay the ransom and has been reasonably successful at restoring their systems from secure backups. Fortunately, no data was compromised and the sites have been mostly restored to their previous states.
GPS Security Still Major Concern
GPS is used around the globe by nearly 4 billion individuals on a daily basis, and while it has become a necessity for many, it’s susceptible to be jammed, which makes it a potential security issue. GPS jamming can range from a localized area to a much larger region, with the user having no knowledge that the jam is occurring, and can cause a large disruption in functionality. Currently, the U.S. Air Force is working on a better version of GPS, which uses a stronger signal that has less chance of being broadcast over by a signal jammer.
http://www.csmonitor.com/World/Passcode/2016/0510/Why-GPS-is-more-vulnerable-than-ever
Threat Recap: Week of May 6th
Canadian Gold Mining Company Hit With Cyber Attack
In the past week it was discovered that Goldcorp, a major gold-mining company in Canada, had been hacked and employee information had been taken. The leak contains W2’s, dozens of bank account documents, and other sensitive employee information coming to a total of nearly 15GB of data and spanning the last 4 years. In addition to the leaked information, the company also received a demand for money in exchange for not releasing further data.
https://www.hackread.com/canadian-gold-mining-company-hacked/
Hackers Target Dridex Botnet
Ransomware has been a major player in the past couple years, with the Dridex botnet being used for a good portion of the distribution. Recently, researchers discovered a dummy file, containing only the words “STUPID LOCKY”, as the main payload of what appeared to be a malicious email attachment. While not every recipient is so fortunate, it does show that even the hackers aren’t completely hidden and susceptible to their own schemes.
https://www.helpnetsecurity.com/2016/05/05/dridex-botnet-hacked/
US Utility Companies Face Growing Ransomware Concern
Recently, a Michigan utility company was targeted with a ransomware attack that left many of their system utilities non-functioning. It appears no customer data was stolen as only their internal systems were compromised, however they’re still operating under limited functionality. This attack is just one in a long string of growing threats to infrastructure, be it in America or abroad.
http://www.theregister.co.uk/2016/05/03/michigan_electricity_utility_downed_by_ransomware_attack/
NSA Announces Increased Spying on Employees
In an effort to increase national security, the NSA has determined that their agents should have all internet access be monitored, both in the office and at home. To ensure NSA agents aren’t doing illegal activities on their own time, the agency does occasional network scans to monitor sites visited, online transactions, and use of social media. While under the claim of verifying whether the employees can handle highly sensitive information, it appears to be just another reason to invade the privacy of the people who are presumably highly trusted to ensure the security of the country.
Wendy’s Credit Card Breach Leads them to Court
In the months following Wendy’s data breach, a credit union has filed a class action suit stating Wendy’s failed to update it’s card processing systems and left itself and it’s customers vulnerable to fraud for months. It is still unconfirmed how many of their nearly 6,000 stores were affected by the breach, but Wendy’s is still working with law enforcement and credit card companies to come to a good resolution.
Threat Recap: Week of April 29th
Bangladesh Bank Still Attempting to Recover
In the months following one of the largest cyber heists in history, the Bangladesh Central Bank is still in the process of retrieving the $81 Million that was stolen from it, and which remains unaccounted for. The latest update comes from SWIFT, the financial transaction co-op, that has publicly stated that the Bangladesh Central Bank incident was not singular, but rather part of a larger string of cyber attacks. With this declaration, SWIFT has also pushed out a security update that will hopefully make these types of attacks more difficult in the future.
http://www.reuters.com/article/us-cyber-banking-swift-exclusive-idUSKCN0XM2DI
Uber User’s Data Security is Not So Secure
With the rise in app-based ride services across the globe, Uber riders are seeing spikes in fraudulent charges from distant locations. In other words, users are getting charged for rides they couldn’t possibly have been on. While Uber is still confident they’ve had no security breach of user information, more and more accounts are popping up on the Dark Web, at surprisingly reasonable costs. The most likely explanation is that consumers are using the same usernames and passwords for multiple apps, an ill-advised practice that’s not secure by default, which could be causing the harvesting of these credentials.
Qatar National Bank is the Latest Financial Target of Cyber Attacks
In the past week, Qatar National Bank has stated they were the victim of a cyber attack, which allowed 1.4GB-worth of sensitive customer information to be leaked onto the Dark Web. Among the data, researchers have found transactions and other financial records of many high profile clients, including the Qatar Royal Family, possible intelligence agents from around the world, and even data on Al Jazeera employees. Qatar National Bank has made no confirmation of a security breach, although the leaked information would appear to be legitimate.
Lifeboat Breach Could Lead to More Vulnerabilites
Recently, it was reported that Lifeboat Network, a Minecraft server provider, was hacked, with usernames/passwords being compromised. While Lifeboat issued a password reset to all users, who aren’t required to enter any personal or financial information when creating a login, users should still be cautious if they have re-used their passwords for other sites and change their passwords if this is the case.
https://www.helpnetsecurity.com/2016/04/27/lifeboat-data-breach/
Dating Site Exposes User Data
This week, yet another online dating site has been hacked and this time, the personal information of over 1 million individuals has been leaked. The site in question, Beautifulpeople.com, has stated that the leaked data was from a test server containing no user data. The server, which had no admin password to access, has since been taken offline.
https://www.wired.com/2016/04/beautiful-people-hack/
Separate tags with commas
SWIFT, Uber, Bangladesh Central Bank Breach, Dating site breach, Uber data security, data security, Minecraft, Lifeboat breach, cyber attacks, financial breach
Threat Recap: Week of April 22nd
A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Quicktime for Windows No Longer Supported
This week, Microsoft announced they would no longer be supporting the Quicktime media player and strongly recommended to completely uninstall it in order to avoid any malicious attack through the software, which will no longer receive patches. Several flaws have been found that could leave users open for attackers to access and infect the system. At present, the Mac version of Quicktime is still being supported with security updates.
http://n4bb.com/uninstall-quicktime-windows-microsoft-stops-support/
Security Flaw Leaves Phone Users Vulnerable
Most telecom companies around the world use the same routing protocol, SS7, for allowing users to contact others around the globe. However, SS7 also allows access to an individual phone and can even be maliciously aimed at gaining call recordings, geographical locations, and other personal information. This flaw, while dangerous in the hands of cyber criminals, is also used by the NSA and other intelligence agencies for data gathering and monitoring for suspicious activities.
Cyber Security Lacking in Majority of Companies
In a recent threat intelligence report, it was discovered that over 75% of business organizations have no method of response for cyber attacks, and only obtain these critical services after they have been targeted. While individual sectors are seeing a steady rise in malware attacks on their systems, it’s difficult to believe that a large portion are still unprepared for the attacks being reported in the news on a daily basis. And yet, here we are.
Latest Encrypting Ransomware Aims at Bitcoin
In the past week, a new ransomware variant known as CryptXXX has been spotted in the wild that will both encrypt your data and steal bitcoins and other sensitive information located on the system. It appears to be from the same creators as Reveton, an older variant of encrypting ransomware, but with several advances that help it access stored passwords and lock users out of the system.
http://bravenewcoin.com/news/cryptxxx-set-to-become-the-worst-bitcoin-stealing-ransomware-yet/
End-to-End Message Encryption On the Rise
With the recent news about the FBI breaking Apple’s encryption to access sensitive information, more and more companies are working towards enhancing their current encryption standards. Viber, which makes the popular messaging app, has just announced they will be providing full end-to-end encryption for any and all data sent in messages, though it will take some time for all of its 700 million users to update to the latest version. Moreover, with Viber being an Israel-based company, they will not be directly affected by any US Congress decisions regarding encryption and the governments ability to access encrypted information.
Bringing Threat Intelligence to the Device
Previous posts in this series provided an overview of threat intelligence, its role within the IoT space, and how it can be used to prevent threats at the network perimeter in IoT Gateways. With the evolution of internet-connected devices and their growing resource capabilities, these “things” will increasingly become connected directly to the internet, forgoing connectivity through traditional perimeter appliances, and in essence becoming their own gateways or firewalls. This evolution will require a new approach to security in terms of moving protective mechanisms from robust perimeter equipment into the devices themselves. This post focuses on how the use of separation kernel technology can help in this move from security at the perimeter to enabling the use of threat intelligence on the device.
An effective way of bringing threat intelligence to devices is through the use of a separation kernel. Separation kernel technology provides a mechanism for controlling the flow of data and commands between an operating system and the hardware on which the operating system resides. In its simplest form, it is a tiny kernel that sits between all hardware functions on a device and the operating system. This separation provides a mechanism for identifying threats outside of a host operating system. Here are two very straightforward ideas on how to quickly implement threat intelligence at the device level through the use of separation kernels:
- Traffic Flow Monitoring: Most gateway or perimeter devices provide a mechanism for traffic flow analysis through the use of packet inspection and threat intelligence. This can be achieved on a device by building tiny monitoring applications that live in a secure memory space outside of a host operating system, but are accessible by the separation kernel. Traffic can be analyzed in this secure space for threats so action can be taken before it is allowed to pass into the operating system or out of the device. This essentially brings the ability to apply network security and policy management to the “thing”.
- Malicious File Identification: Using the same model described above, it would be possible to analyze files outside of a user’s operating system by identifying threats before they have access to user memory and application space. Files could be assembled in a secure memory space for hashing and looked up in a cloud-based ecosystem for threat determination. In the case of unknown files, additional analysis could be performed locally to identify any threats before they have access to the user memory or application space.
These are only two basic examples of what could be done through the use of threat intelligence on a device. As the Internet of Things continues to expand, there will undoubtedly be more and more approaches that bring existing network and perimeter security to the device. The next and final installment of this series will explore some of these ideas.
Threat Recap: Week of April 4th
A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Credit Card Breach at Trump Hotels
It has recently been reported that the Trump Hotel chains have been the target of yet another credit card breach, which is currently affecting several locations around the world. This comes less than a year after their last report of suspicious payment activity, in which they confirmed their systems had been hit with info-stealing malware.
http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/
Panama Papers Released
In what is currently considered to be the largest data leak in history (containing over 2.6 TB of information), a laundry list of celebrities and major political figures have been tied to offshore bank accounts. While having an offshore corporation is perfectly legal, many of those listed were using tax havens to hide their considerable wealth by using an offshore law firm, Mossack Fonseca, to manage their funds.
http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers
Updating Passwords Occurs Less Among IT Admins
Most people understand the importance of changing passwords for sensitive accounts regularly, but those who often recommend these changes are at times ending up as the worst offenders. In a recent survey, IT Admins were shown to insist users change their credentials more often than they changed the credentials themselves. Furthermore, an astounding 10% of IT Admins admitted to having never changed the administrative credentials used in their organizations.
Visa Database Potential Identity Risk
In the past week, an internal study conducted by the U.S. State Dept. revealed vulnerabilities in the visa application database, which contains hundreds of millions of confidential personal records. Currently, there has been no indication of a breach, but work is being done to seek out any vulnerabilities that haven’t already been resolved. Many of the issues they’re facing are related to aging technical systems and lack of upgrades.
LA Times Confirms their Site was Hacked
On Wednesday, it was reported that someone was able to access the LA Times website using a vulnerability in WordPress, and was offering this access for purchase. According to the LA Times, the security flaw has been resolved and they have added additional security precautions to prevent future breaches.