Thursday, July 31, 2014

Cyber Security: Home Security Systems Can be Hacked

Dale Baker has an ADT home security system. He'd be at home when it would start chirping. "I was hearing that a lot, but no doors or windows were open," Baker says. He called the company and learned something that disturbed him.  His system is wireless and signals from the sensors on doors and windows could be intercepted. Watch the video here.

Wednesday, July 30, 2014

Cyber Security: Canada says China tried to hack into key computer system

High-level Chinese hackers recently tried to break into a key Canadian computer system, forcing Ottawa to isolate it from the main government network, a senior official said on Tuesday. Click here to read the fully story.

 


Tuesday, July 29, 2014

Cyber Security: Anonymous group warns of more Kenya cyber attacks

The ongoing cyber attacks on web and social sites operated by the government, the military, and top leaders is part of an effort to expose corruption in Kenya, a 'hacktivist' group has claimed. Read the article here.

Monday, July 28, 2014

Cyber Security: Malware Can Hide in the Most Obvious Places

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers. Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things.” Malware can be hiding in the most obvious places. Click here to read more.

Cyber Security: ICS-CERT Vulnerability Summary for Week of July 21

Click the link below to view the summary of cyber security vulnerabilities for the week of July 21 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB14-209



Friday, July 25, 2014

Cyber Security: More than 1,600 StubHub Users Affected in International Cybercrime Scheme

Six people have been indicted for their roles in an international crime ring involving online ticket-reseller StubHub, officials announced Wednesday. Read more about it here.

Thursday, July 24, 2014

Cyber Security: Big DDoS Attacks Hit Record in 2014

The number of distributed denial-of-service (DDoS) attacks set a record in the first half of 2014, according to a report by Arbor Networks. Click here to read the article.

Wednesday, July 23, 2014

Cyber Security: Phishing Alert -- 8 Tips to Protect Yourself from Attacks

It's as easy for hackers to phish out your personal data as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite. Click here to read about tips to protect yourself from attacks.

 

Tuesday, July 22, 2014

Cyber Security: Government-grade malware in hacker hands

New research suggests that 'government-grade' malware designed to operate undetected on computer systems is in the hands of cybercriminals who are integrating it into rootkits and ransomware. Click here to read the article.

Monday, July 21, 2014

Cyber Security: Is Your Car Vulnerable to Hackers?

By 2017, more than 60% of cars will be connected to the Internet, literally creating a moving target for cyber criminals. Read more about it here.

Cyber Security: ICS-CERT Vulnerability Summary for Week of July 14

Click the link below to view the summary of cyber security vulnerabilities for the week of July 14 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB14-202



Friday, July 18, 2014

Cyber Security: Choking on Data by Roy Solis, consultant for Critical Infrastructure & Security Practice, Invensys

Roy Solis, consultant for Critical Infrastructure & Security Practice, discusses the benefits of a SIEM.

 
Choking on Data
 
Ever hear the phrase “Choking on data, starving for information?”  I credit my exposure to this phrase during a meeting I had with my new Vice President as a fresh-out-of-college employee.  He discussed and displayed a massive amount of spreadsheet business data and pointed out how over time management becomes unenthusiastic to data with large quantities of generic numbers.  He then switched over to a single bar chart that showed a summarization of the futile numbers with attractive colors and easy-to-view upper and lower limits.  His next statement—“Now this is information!”—created a preservation I embrace daily about how data becomes valuable to an organization as information.

Meaningful information is a challenge for any department, organization, or compliance program.  When management commits to spend large sums of capital and investments into a security or compliance program, they enjoy seeing ROI in attractive meaningful information.  This is where a SIEM (Security Information and Event Management) solution can help correlate an organization’s appetite for information and the harsh quantities of collected signal data.  “We have no need for a SIEM,” you say?  Well, let’s take a quick look at some data. 

A typical Windows 8 user login will generate six (6) Windows Security events in less than a second, not including access to network resources such as mapped printers and network drives.  Now, take this number and multiple it by each station on your network (let’s say 100 workstations) during a peak working hour (8am to 9am).  That is over 2,160,000 events in 1 hour (6 events x 60 seconds x 60 minutes)!  Now you can start to imagine how quickly your organization can be choking on data.  Try factoring in security appliances (firewalls, VPNs, proxies, IDS/IPSs) and your ability to analyze data goes from excruciating to borderline impossible.  Furthermore, what happens in the event of an unauthorized or unsanctioned security event? Did you get an alert?  How do you correlate/relate events from multiple devices scattered across your network? How does your organization take this massive amount of data and make it meaningful information?  Do you have a single dashboard to view categorize this data? Enter the SIEM. A SIEM can be an appliance (server), customized software, or vendor service that combines the collection of information and designated events or alerts from multiple data sources.  It silently listens to data collection sources, such as services, Workstations, Servers, Firewalls, IPS/IDS, etc. for event data.  This event data can consist of almost any instance generated by applications, security, and hardware.  With a SIEM, data is analyzed and correlated in real time, which can be displayed via a dashboard, acted upon via scripts or alerts, and stored for compliance or historical information. 

 
Visibility/Reaction

Using the 2,160,000 event example above, let’s say you wanted to know how many failed logins occurred this morning from all of your 100 stations.  You also want to know if any of these events occurred from your outside VPN IP address range.  A SIEM would take these events and correlate them with all of your data sources (firewalls, IPS/IDS, Active Directory), and generate a dashboard to show you all failed logins during the specific time frame and relate them to all VPN logins.  You can then further filter the data down to the single event or even the entire communication channel, such as outside IP addresses, VPN addresses, permitted/denied firewall sessions, SSO, or authenticating workstation.   With a SIEM, you can even perform additional actions such as banning the IP address/range, adding an email/text alert, sandboxing, or executing customized scripts.
 

Compliance

From a compliance perspective, you can create customized dashboards, reports, or correlations to categorize and display all relevant data in conjunction with your compliance program.  A SIEM can serve as compliance evidence and a change management information historian.  Some SIEMs, such as McAfee’s ESM Nitro, contain prebuilt compliance views for NERC/CIP, PCI, SOX, HIPAA, 27002, FISMA, and others.  These dashboards/views will drastically reduce information gathering and decrease required man power during those stressful audit times.
 

Vulnerability Views

Vulnerability assessment data can also be imported into a SIEM.  Popular vulnerability scanning software (think Rapid7’s Metasploit Pro, NeXpose, or Nessus) can be directly imported into a SIEM.  With vulnerability scan data, you can easily create automated scans, imports, and dashboards for those critical Electronic Security Perimeter devices and remote access servers.  When used with a defense-in-depth program, these intermediary devices become critical gateways to a facility’s operations or an organization’s intellectual property.

In short, a SIEM can drastically reduce man hours, monitoring costs, forensic data gathering, and compliance fines by providing a synergy for a mass majority of your infrastructure.  This remarkable transformation of incomprehensible data into meaningful information will not only keep you from choking, but it will also fill your appetite for information.   

 

Cyber Security: Minimizing the risk of identity theft

Identity theft is a very real and present danger. In the past 12 months some seven million Canadians became victims of identity theft with an average direct cost per victim of US$372.00, according to internet/computer security company Norton. Read the article here.

Thursday, July 17, 2014

Cyber Security: US Secret Service warns that hotel PCs are targeted by hackers

The United States Secret Service has told the hospitality industry to check their business center PCs for keystroke logging malware. The Secret Service sent this warning to companies in the lodging industry, but has not publicly disclosed it. Brian Krebs of Krebs on Security has seen the missive and he said it suggests that PCs might have been penetrated by thieves with their eyes on personal and financial data. Click here to read more.

Wednesday, July 16, 2014

Cyber Security: Bank-stealing virus returns after crackdown

Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, security researchers say. Read the article here.



Tuesday, July 15, 2014

Cyber Security: Security Firm Manages To Access Deleted Data On Used Android Devices

You might want to think twice before selling your old smartphone, as one prominent computer security firm cautions that not even wiping the device's data and performing a factory reset guarantees that your old files and personal information will be inaccessible to the new owner. Click here to read the article.

Monday, July 14, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of July 7

Click the link below to view the summary of cyber security vulnerabilities for the week of July 7 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB14-195



Cyber Security: Insurers struggle to get grip on burgeoning cyber risk market

Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market but their lack of experience and skills handling hackers and data breaches may keep their ambitions in check. Read the article here.

Friday, July 11, 2014

Cyber Security: Hackers Are Costing Companies Millions - And It's Going To Get Worse

The world's leading insurance market has reported a sharp increase in companies seeking insurance cover from hackers stealing customer data and cyber terrorists shutting down websites to demand a ransom. Read more about it here.

Thursday, July 10, 2014

Cyber Security: Chinese hackers target think tanks instead of U.S. tech firms — to protect oil interests

China’s Deep Panda hacking crew, considered one of the world’s best for its skilled insertion of malware into adversaries’ data streams, has apparently changed its snooping habits. Deep Panda has switched its focus, at least temporarily, from American technology giants and financial targets to major U.S. think tanks who employ former ranking government officials. Read the article here.

Wednesday, July 9, 2014

Cyber Security: The Global Cyber Advisor Newsletter - June 2014 Vol. 33

Welcome to the latest Global Cyber Advisor Newsletter,

As we continue to position the organization to support our clients, the global cyber environment is in flux. You should be reading about the cyber risks our clients are operating with today. Be assured that we are well positioned to help our clients reduce those risks and continue their operations. Our OPERATIONAL TECHNOLOGY (OT) approach is much more robust and focused on their needs over the typical INFORMATIONAL TECHNOLOGY (IT) approach we see that is prevalent in the market.

Continuously Secure:   We continue to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their Cyber posture. We have developed suites of products with complementary consulting, which are unmatched in the industry.   

This month's Consultants Corner contribution covers “Cyber Security Return on Investment” by Bernie Pella.
                                                                                            
The Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire cyber security program. We have essentially the industry’s largest vendor-based cyber security team that assists our clients secure their entire process environment. We understand that cyber security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure. Cyber security is so much more than product features, firewalls, and anti-virus software. 
 
If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the June 2014 newsletter.




Cyber Security: Accused Russian point-of-sale hacker arrested, faces US charges

A Russian man suspected of hacking into point-of-sale systems at U.S. retailers has been arrested and faces charges in a U.S. court, the Department of Justice said. Click here to read the article.

Tuesday, July 8, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of June 30

Click the link below to view the summary of cyber security vulnerabilities for the week of June 30 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB14-181



Cyber Security: Insurers want to protect critical infrastructure from cyber attack

A leading insurance underwriter told British politicians and security experts in London last week that insurers must be involved in the fight against cyber warfare. Read the article here.

Monday, July 7, 2014

Cyber Security: Are Digital Retailers Focusing Their Security in the Wrong Place?

High-profile data breaches have plagued retail this year — Target, Neiman Marcus, Michael's and other U.S. retailers have seen headlines about their woes splashed across both digital and print media.
In Target's case, the breach of 40 million credit cards and 70 million personally identifiable information (PII) database records led the CIO and then the CEO to resign. Could retailers be focusing their security efforts in the wrong areas? Read the article here.

Friday, July 4, 2014

Cyber Security: 10 Ways to Keep Windows XP Machines Secure

Now that Microsoft's support for the popular Windows XP operating system has ended, you'll need to use every trick in the book to stop your machines from being compromised. Click here to read about 10 ways to keep Windows XP machines secure.

Thursday, July 3, 2014

Cyber Security: Airport Breach a Sign for IT Industry to Think Security, Not Money

The two U.S. airports that had their computers compromised by an unknown group of hackers is a wake up call that America's best IT talent needs to focus less on money and more on national security, an expert says. Read more here.

Wednesday, July 2, 2014

Cyber Security: Internet of Things Has Security Vulnerabilities

Back in the old days, people worried about their computers getting hacked. Today, they worry about their refrigerators being hacked. Click here to read the article.

Tuesday, July 1, 2014

Cyber Security: Hacker Posts Fake Bomb Threat Message

Brazil's government says a hacker breached the Twitter account of the nation's federal police and posted false word that there was a bomb threat in the World Cup stadium where Brazil took on Chile. Read the article here.