Saturday, 25 January 2014

Amid Attacks, CEOs In The Dark About Cyber Security

Ponemon Institute When it comes to security, CEOs have no clue what is going on inside their organizations. So found a Ponemon Institute report released this week which examined how organizations prepared for, and responded to, security incidents. A whopping 80 percent of survey respondents said they did not "frequently communicate" with executive management about potential cyber-attacks threatening the organization. This extends beyond the CEO and encompasses the entire C-suite (CIO, CSO, COO, CTO, etc).
It was surprising that "the information is just not getting up to the C-suite," Mike Potts, president and CEO of Lancope, told Security Watch. "We talk about this stuff all the time," he added.
Companies are spending millions of dollars on security products and services and still getting breached, according to Lancope, who commissioned the study. In fact, Gartner said $67 billion was spent on IT security products globally in 2013. Yet $250 billion worth of intellectual property is stolen from companies each year. Where is the disconnect?
No Regular Updates
Many executives may look at all the security spending and think, "I got all this stuff, I am done," Potts said. If they are not receiving regular updates and information about the organization's overall security posture, then there is no reason to revise that view. But that's not how it should be. "The current scenario is not 'set and forget,'" Potts said.
While the survey didn't ask why IT personnel weren't raising the issues with the C-suite, Potts suggested the issue may be related to how security is measured within the organization. Half of respondents said they had no metrics to measure the effectiveness of their incident response capabilities. This means they are unable to translate the threats and problems into language the senior executives—concerned about the overall business—can understand or work with.
It's also very likely that even if the discussions about security happened, that executives were receiving a very "watered down" version of the problems, Potts said.
"Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis," Potts said.
Money Matters
Part of the problem is an investment issue. Half of the respondents in the survey said less than 10 percent of their overall security budget is earmarked for incident response, and despite the growing pace of attacks and threats, most said they have not increased that allocation in the past two years.
It makes sense. If the C-level executives don't realize what the risks and threats are, then they won't prioritize the budget. If the executives know the potential loss or damage is going to be fairly large, then they can act accordingly to close that gap. Executives need to "have the right information to make the right investments," Potts said.
Need to Change
About 68 percent of respondents said their organizations had experienced a data breach or some other security incident in the past two years. Of that group, almost half, or 46 percent, of the respondents said another incident was "imminent" and could happen within the next six months. This is serious, and clearly, the C-suite should be concerned and working with IT to make sure necessary steps are being taken, right?
Not according to the survey, because the majority of the 674 IT and security professionals in the survey claimed they were not escalating these issues or letting the senior executives know what was looming. Makes you wonder just how much the Target CEO knew before he was thrust into the national spotlight and asked to discuss the breach, doesn't it?
Potts was hopeful that the data breach at Target and other retailers would act as a wake-up call for others. Maybe Target will change how organizations communicate, and "make it easy to tell the C-suite about security problems," Potts said.
Ponemon Institute

Attackers Celebrate Macintosh's 30th Anniversary With Data Stealing Malware

This week, the researchers at Sophos posted an interesting breakdown of a nasty scam that's targeting both Windows and Mac users. As a Mac user myself, I know that it's easy to forget that anyone can be a target, and Mac malware, though rare, is a very real thing. A sobering reminder on the 30th anniversary of the Macintosh.
Pending Parcel
The attack begins with an email purporting to be from a courier company—sometimes a real one, and sometimes one invented by the attackers. Careful readers will remember that packages or Amazon deliveries are a favorite for social engineers, since they combine a common experience with an emotional response. In this case, the common desire to get something through the mail.
The email includes some kind of pretext for including a link. In the case Sophos investigated, it's a bit unusual since the sender ("FedEx") claims that they have scanned the contents of a document intended for delivery. While that's certainly comprehensive service, I'd personally be a little perturbed if my courier of choice decided to open and meticulously scan my mail instead of, you know, delivering it.
The link in the email is, not surprisingly, a phony one. Interestingly, the attackers tailor the payload to the victim. If you're on a mobile browser, you'll see an error message. Non-Safari users will receive a ZIP file containing a variant of the Zeus malware. Safari users receive a ZIP file masquerading as a PDF document. Clever.
Nasty RAT
Victims who launch the "PDF" are actually starting up a malicious application Sophos designates as OSX/LaoShu-A. "LaoShu-A as good as hands control of your Mac over to the attackers," writes Sophos. "But its primary functions appear to be more closely associated with data stealing than with co-opting you into a traditional money-making botnet." This is similar to the functions of a Remote Access Trojan, or RAT.
Once running, LaoShu-A can search for specific file types and then send them back to the attacker's server. It can also run arbitrary commands and download fresh malware on your Mac. Sophos reported that in their investigation, the malware attempted to take screenshots and send those back to the attackers as well.
A tantalizing possibility raised by this research is that attackers may be tailoring the behavior of malicious payloads to the victim's devices. Sophos writes that, "data thieves are interested in what Mac users have on their computers." More so than on PCs? Are Windows machines better for botnets and Macintoshes better for data exfiltration? Interesting questions.
Protecting Your Mac
Sophos has some hard truths for lackadaisical Mac users. They point out that Mac malware doesn't always need to ask for permission to run, doesn't always require installation, and can be dressed up with fake digital certificates to circumvent protections built-in to OS X.
And regardless of your operating system, you should scrutinize every message you receive. Were you expecting a link, an attachment, or a package? Is it normal for a courier company to open your mail and scan its contents? Taking just a few seconds to think before you click can save you a lot of trouble in the long run.

Fiesta hackers caught hitting Cisco customers with Java attack

Security padlock image
An evolved form of the Fiesta exploit kit has been uncovered hitting Cisco customers using Java and Microsoft Silverlight exploits.
Cisco chief security officer Levi Gundert reported that the company uncovered the hack campaign while working with newly acquired security firm Sourcefire. In a blog post he warned that the campaign has already hit at least 300 companies over the past 30 days.
"Now that we are collaborating with Sourcefire's Vulnerability Research Team (VRT) we have additional capabilities to quickly isolate and prioritise specific web exploit activity for further analysis," read the post.
"Thus when we were recently alerted to an aggressive Fiesta exploit pack (EP) campaign targeting our customers, we quickly compared notes and found that in addition to the typical Java exploits, this EP was also using a Microsoft Silverlight exploit. Over the past 30 days this specific Fiesta campaign was blocked across more than 300 different companies."
Exploit kits, referred to in the blog as exploit packs, are publicly traded hack tools that let non-computer experts easily mount automated hack campaigns. They are traded on a number of cyber black markets.
The Cisco chief said the new Fiesta exploit kits are being used to mount a series of drive-by download attacks against businesses. Cisco reported that the attacks aim to maximise the amount of web traffic going to websites and malicious servers owned by the hackers.
"EP users' primary goal is to force as much victim web traffic to their respective EP servers as possible, in order to execute a ‘drive-by' attack (really it's a reverse drive-by since the victim is moving and the attacker is stationary)," read the post.
"Thus any number of malicious mechanisms may be used to drive unsuspecting web users to the EP server including ‘malvertising' (injecting a rogue advertisement into an advertising delivery network), email/social media spam, and/or compromising a legitimate website and automatically redirecting visitors."
Cisco reported finding at least 400 distributed domain name services (DDNS) based domains receiving traffic from the compromised machines. The attack's success is troubling as the Microsoft Silverlight vulnerability was patched by Microsoft in 2013, meaning businesses with up-to-date systems should be safe.
Exploit kits have been a growing problem for the security community. In 2013 the Blackhole exploit kit was the most common hack tool being used by criminals, but use of it plummeted after the FBI arrested its alleged creator in November 2013.

Why did you upload this Facebook virus

Did you receive a link from a friend with the message, why did you upload this?, then the chance that it is a virus is very high. Users on Facebook and other social media websites are being targeted by malicious users. These malicious users are after your data and identity - they will try multiple tricks to obtain it.
Facebook virus
Earlier this year hackers tried to convince people to click on a malicious link by telling them that they have the video of a rollercoaster accident - a lot of people were tricked. In 2013 the hackers tried the same but they tried it with a fake video of Nicki Minaj being naked. The Facebook malware that hit a lot of Facebook users around the age of 20 were the users that were tricked by the "Facebook Black" malware.
Facebook police

New method for hacking Facebook accounts

Hackers on Facebook have multiple groups in which they educate their followers in how to hack other pages, facebook accounts and so on. Now it seems that there is a new method to hack Facebook accounts. The hackers on Facebook have published multiple videos which show how it is possible to hack someone their Facebook account. This video has been released in 2014 and it seems quite new.

طريقة اختراق حسابات الفيس بوك 2014 من اكتشافي بدون برامج ^_^

The video that has been published on Facebook has been published by a hacker that claims to be working at Vodafone Egypt.
Facebook account hack
They hacker also published a Pastebin file that contained code that is needed for the hack to work. The hacker explains in the video that the people should copy the code that can be found in the Pastebin file. This is needed to hack the Facebook account.
Facebook account hack, copy code
Once the code has been copied, the users are asked to paste the code in the console editor of the browse. This allows the code to be executed.
Facebook console hack
Facebook hack share
As you can see in the picture above the video has been shared more then 3000 times and the amount of likes is around 26000. This shows that a lot of users are interested in how to hack a Facebook account.


Credit card hack at retailer #Michaels

Crafts retailer Michaels is the latest company to suffer a credit card breach, warning customers that it is investigating the potential theft of payment details. The retailer, which operates around 1,250 stores in the US, has not disclosed how many customers it believes have been affected, nor whether the breach was in physical locations, online, or both; it is now working with federal law enforcement and data security experts to ascertain the extent of the damage, Michaels confirmed in a statement provided to researcher Brian Krebs.
Michaels describes the issue as "a data security attack" though isn't clear at this stage what information has been taken. The decision to notify customers is one of an abundance of caution, the retailer points out, so that they can monitor their accounts for any signs of unauthorized use.
According to Krebs, however, sources in the banking industry have already begun seeing evidence of fraud that they believe is linked to card details having been acquired through the Michaels hack. "Hundreds of cards" have been used in the latter half of last week, one unnamed fraud analyst at a credit card processor says, generally at chain stores like Target and Best Buy.
The chatter came on the tail end of talk of a similar breach through cards traced back to Aaron Brothers, which is owned by Michaels.
While the technical details behind the breach are unknown, it's not the first time the retailer has been targeted. That has included compromised payment hardware in-store, which happened back in 2011.
The news comes on the heels of a breach at retailer Target, which potentially saw as many as 1.1m customers' credit cards taken.