Category Archives: Hacking

Google Docs users hit with sophisticated phishing attack in their inboxes

Posted on May 4, 2017 | Leave a comment

Google said it was investigating an email scam winding its way through inboxes across the country and had disabled the accounts responsible for the spam.

The scheme emerged Wednesday afternoon, when spammers dispatched malicious email, appearing to come from people the recipients knew, beckoning them to click on what appeared to be a shared Google document.

Recipients who clicked on the links were prompted to give the sender access to their Google contact lists and Google Drive. In the process, victims allowed spammers to raid their contact lists and send even more email.

“We are investigating a phishing email that appears as Google Docs,” Google said statement posted on Twitter. “We encourage you to not click through and report as phishing within Gmail.”

It is not clear who created the spam email or how many people it has affected.

In a second statement, on Wednesday evening, Google said that it had disabled the accounts responsible for the spam, updated its systems to block it and was working on ways to prevent such an attack from recurring.

If you receive suspicious email, here are some tips:

1. Do not click, even when the email is from your mother.

Even when you receive links from trusted contacts, be careful what you click. Spammers, cybercriminals and, increasingly, nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.

A quarter of phishing attacks studied last year by Verizon were found to be nation-state spies trying to gain entry into their target’s inboxes, up from the 9 percent of attacks reported in 2016.

In this case, the malicious emails all appeared to come from a contact, but were actually from the address “hhhhhhhhhhhhhhhh@mailinator.com” with recipients BCCed.

2. Turn on multifactor authentication.

Google and most other email, social media and banking services offer customers the ability to turn on multifactor authentication. Use it. When you log in from an unrecognized computer, the service will prompt you to enter a one-time code texted to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.

3. Shut it down.

If you accidentally clicked on the Google phishing attack and gave spammers third-party access to your Google account, you can revoke their access by following these steps:
https://myaccount.google.com/permissions

Revoke access to “Google Docs” (the app will have access to contacts and drive).

4. Change your passwords … again.

If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.

Make your password long and distinctive at least 12 characters. Security specialists advise creating acronyms based on song lyrics, movie quotations or sayings. For example, “StarWars” becomes !!$t@r|W@rz!!

5. Report it.

Report any phishing attacks to Google by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.” Companies count on those reports to investigate such scams and stop them.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Chipotle says payment system was hacked

Posted on April 26, 2017 | Leave a comment

Unauthorized activity detected from March 24 through April 18

Chipotle Mexican Grill Inc. said on Tuesday that it detected unauthorized activity on its payment system this spring.

The company did not have details about the extent of the hack, and how many restaurants or customers could have been affected. CFO Jack Hartung said during the company’s earnings call on Tuesday that the hack affected the company’s credit card systems from March 24 through April 18.

Chipotle Mexican Grill Inc. said on Tuesday that it detected unauthorized activity on its payment system this spring.

The company did not have details about the extent of the hack, and how many restaurants or customers could have been affected. CFO Jack Hartung said during the company’s earnings call on Tuesday that the hack affected the company’s credit card systems from March 24 through April 18.

Hartung said the company immediately began an investigation, working with cyber security firms.

“We believe the actions taken have stopped the unauthorized activity,” he said.

The news put a damper on an otherwise strong first-quarter earnings report for the Denver-based burrito chain.

Chipotle reported 17.8-percent same-store sales growth in the quarter ended March 31, along with improved profit margins. The numbers were unexpectedly positive and led to a spike that at one time put Chipotle’s stock price above $500 a share for the first time since February 2016.

After Chipotle revealed news of the hack, the stock price fell below $480.

Just another day at the office.

 

Leave a comment

Posted in Cyber Security, Hacking, Security

Tagged ,

Sound the alarm: Hacker sets off emergency warning sirens in Dallas

Posted on April 12, 2017 | Leave a comment

Emergency sirens around Dallas, Texas, activated late on Friday night, waking residents across the city for over an hour, and prompting a flood of calls to the city’s 911 center. Officials from the city’s emergency management office have confirmed that there was no emergency, and that the system was breached by hackers.

City officials said a hacker accessed the system and repeatedly sounded the sirens. The sirens were first heard at about 11:45 p.m. and sounded on and off intermittently for about an hour. Rocky Vaz, the director of the city’s Office of Emergency Management, said all 156 of the city sirens were hacked and activated.  Eventually, city officials were forced to essentially unplug the entire system to deactivate it completely. After investigating, they were able to locate “one area where we think [the attackers] were able to get into our system and activate all the sirens.”

Dallas City Fire and Rescue had to visit each individual siren site to manually turn them off. All sirens were completely shut off by 1:20 a.m. City officials said that Dallas 911 received 800 calls during a fifteen minute period around midnight.

Mayor Mike Rawlings said the hack was an attack on Dallas’ emergency notification system, and that the city will “find and prosecute whomever is responsible.”

“This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure,” Rawlings said. “It’s a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens.”

Dallas officials said they are working with the Federal Emergency Management Agency to create a wireless alert system that would circulate messages to every cell phone in the area, in the event of a real emergency.

This attack will open the eyes of City officials..

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking

Tagged ,

‘Can You Hear Me?’ Scam Hooks Victims With a Single Word

Posted on April 7, 2017 | Leave a comment

Scams recently reported to the Better Business Bureau’s Scam Tracker.

Don’t pick up the phone to answer calls from unknown numbers. Instead, let them go to voicemail.

That’s the operational security advice being promulgated to Americans by the U.S. Federal Communications Commission in response to an ongoing series of attacks designed to trick victims into uttering a single word.

The FCC says in a March 27 alert that the scam centers on tricking victims into saying the word “yes,” which fraudsters record and later use to attempt to make fraudulent charges on a person’s utility or credit card accounts.

“The scam begins when a consumer answers a call and the person at the end of the line asks, ‘Can you hear me?’ The caller then records the consumer’s ‘Yes’ response and thus obtains a voice signature,” the FCC warns. “This signature can later be used by the scammers to pretend to be the consumer and authorize fraudulent charges via telephone.”

Fake Tech Support

This isn’t the first time that fraudsters have “weaponized” the telephone.

Scammers have long phoned consumers, pretending to be from a government agency such as the Internal Revenue Service. Another frequent ploy is pretending to be from the support department of a technology firm, such as Microsoft or Facebook, and then trying to get victims to pay for bogus security software meant to fix nonexistent problems on their PC.

Authorities have made some related arrests. Last year, Indian police arrested 70 suspects as part of an investigation into a fake IRS call center scam.

Also last year, the FTC announced a $10 million settlement with a Florida-based tech-support scheme, run by an organization called Inbound Call Experts, also known as Advanced Tech support. The FTC and the state of Florida said the organization ran “services falsely claiming to find viruses and malware on consumers’ computers.”

Researchers Study Scammers

In a recent paper, “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams,” researchers at the State University of New York at Stony Brook described how the tech-support version of these scams work, as well as how they might be disrupted by targeting the infrastructure on which scammers rely.

“Scammers use specific words in the content of a scam page to convince the users that their machines are infected with a virus,” the researchers say.

The Stony Brook researchers designed a tool called ROBOVIC – for robotic victim – that found that of 5 million domains that it successfully connected to during a 36-week period beginning in September 2015, it logged 22,000 URLs as serving tech-support scams, connecting to a total of about 8,700 unique domain names.

But those 22,000 different web pages used a total of only 1,600 phone numbers, of which 90 percent were connected to one of four VoIP services: Bandwidth, RingRevenue, Twilio and WilTel.

The researchers also phoned 60 scam telephone numbers to log the social engineering tactics – aka trickery – used by scammers. The researchers found that on average, scammers waited until 17 minutes of a call elapsed before offering their services in exchange for money. Most would offer support packages that ranged from a one-time fix to multi-year support, with costs ranging from $69.99 to $999.99. Scammers would typically offer multiple options, then try to persuade victims to pick the middle-priced one, the researchers found.

Freelance attacks appear to be rare. “Through the process of interacting with 60 different scammers, we are now convinced that most, if not all, scammers are part of organized call centers,” the researchers write.

Fake Support is Lucrative

These attacks are relatively easy to launch, inexpensive to run, potentially very lucrative and show no signs of stopping.

Peter Kruse, head of the security group at Danish IT-security firm CSIS, this week warned via Twitter that multiple websites were pretending to be related to the technical support group from Czech anti-virus software developer Avast and urging individuals to call one of the listed phone numbers.

Needless to say, these numbers don’t lead to Avast, which develops free security software that’s used by many consumers. Instead, the numbers go to call centers tied to fraudsters. Avast has repeatedly warned that this a well-worn scam, with attackers often claiming to be connected to Avast, Dell, Microsoft, Symantec or other technology firms.

Advice for Victims

There’s no way to prevent criminals from running these types of scams.

But law enforcement and consumer rights groups have long urged victims to file a report, even if they didn’t suffer any financial damage as a result.

For anyone targeted by the “yes” scam, the FCC recommends immediately reporting the incident to the Better Business Bureau’s Scam Tracker and to the FCC Consumer Help Center. The FCC’s site also offers advice on tools for blocking robocalls, texts and marketing calls.

Anyone who thinks they may have been the victim of phone scammers, for example, by paying for fake tech support, can file a fraud report with their credit card company.

Authorities also recommend they report the attempt to relevant authorities, such as the FBI’s IC3 Internet Complaint Center. Law enforcement agencies use these reports as a form of crowdsourcing, helping them secure funding to battle these types of scams, as well as take them down.

 

Leave a comment

Posted in Cyber Security, Hacking, Security

Tagged , ,

People are talking about hackers ‘ransoming’ Apple — here’s what’s actually going on

Posted on March 24, 2017 | Leave a comment

If you don’t want to be hacked, don’t use the same password across different services.

And if you’re an Apple user, it’s a good idea to check your Apple ID and iCloud account today to make sure it’s using a unique and long password.

On Wednesday, a hacking group calling itself the Turkish Crime Family told Business Insider that it had about 600 million iCloud passwords it would use to reset users’ accounts on April 7.

Apple told Business Insider in a statement that if the hackers had passwords, they did not come from a breach of Apple systems:

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.

“We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”

It is still possible that the group has some users’ passwords. Information from several large breaches, including those of Yahoo and LinkedIn, have spread across the internet in recent years. If an Apple user has the same password and email for, say, LinkedIn and iCloud, there’s a good chance that iCloud password is already publicly available.

Here’s what you can do to protect yourself:

Turn on two-factor authentication. That means when you log in to your iCloud account you’ll be asked to send a six-digit code to your phone. It’s annoying, but it’s the best way to ensure that your account remains your own.

Don’t use the same password for multiple services. If one of your accounts is hacked or breached, hackers can essentially access all your accounts that used the same password. Make sure to use a different password for your Apple ID and your email account — here’s how to change your Apple ID password and how to check if your password may already be public.

Make sure your password is long, random, and unique. Don’t use your name, birthday, or other common words.

  • Why this matters now

    Over the past few days, the Turkish Crime Family has contacted media outlets saying it has 200 million, 250 million, 519 million, or as many as 750 million Apple ID account credentials culled from breaches of other services.

    The hacking group also said it had been in contact with Apple and was demanding $75,000 in cryptocurrency like bitcoin or $100,000 in Apple gift cards.

    If Apple did nothing, it would “face really serious server issues and customer complaints” in an attack on April 7, a member of the hacking group told Business Insider in an email. They said they were carrying out the attack in support of the Yahoo hacking suspect.

    A report from Motherboard said the group had shown the outlet an email from one of the hackers to an Apple product-security specialist that discussed the ransom demands. That email is fake, a person with knowledge of Apple’s security operations told Business Insider.

    Apple is in contact with law enforcement about the ransom demand, the person said. Apple is unsure if the group’s claims are true, but people at the company say they doubt they are.

    There are other reasons to doubt the hackers’ claims, such as their thirst for publicity and their fluid story.

    But even if the hackers are telling the truth, Apple users can protect themselves by making sure their Apple ID password is unique and hasn’t been revealed in a previous breach.

    “A breach means nothing in 2017 when you can just pull the exact same user information in smaller scales through companies that aren’t as secure,” the group purportedly said in a post on Pastebin in response to Apple’s statement.

    Best thing to do to insure this does not happen to you is “Change Your Passwords”

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged , ,

Over 20 million Gmail and 5 million Yahoo decrypted accounts now reportedly for sale on the Dark Web

Posted on March 21, 2017 | Leave a comment

Over 20 million Gmail and 5 million Yahoo decrypted accounts now allegedly for sale on the Dark Web

A dark web vendor is reportedly selling millions of decrypted Gmail and Yahoo accounts in an unspecified underground marketplace. Over 20 million Gmail accounts and five million Yahoo accounts from previous massive data breaches are now reportedly up for sale.

A dark web vendor going by the name “SunTzu583”, who has previously also allegedly listed over one million decrypted Gmail and Yahoo accounts on the dark web, now appears to have ramped up his efforts.

According to a HackRead report, in separate listings, the cybercriminal is allegedly offering 4,928,888 and 21,800,969 Gmail accounts, of which the latter has been listed for $450 (0.4673 Bitcoins). While the first listing includes email addresses and clear text passwords, 75% of the second listing allegedly contains decrypted passwords and 25% hashed passwords.

The Gmail data reportedly corresponds to those stolen in previous breaches, including the Nulled.cr hack and the Dropbox data breach.

The cybercriminal is also allegedly selling 5,741,802 Yahoo accounts for $250 (0.2532 Bitcoins). Most of the accounts listed were allegedly disabled and appear to have been stolen from MySpace, Adobe and LinkedIn data breaches.

For both the Gmail and Yahoo accounts, the dark web vendor claims that not all the email and password combinations work directly, warning potential buyers to not expect them to match in all cases.

The data has reportedly been matched against those on popular data breach notification platforms such as Have I Been Pwned and Hacked-DB. However, the data has not been independently verified by IBTimes UK.

How to keep your data safe

Cybercrime ramped up to alarming levels last year, which also saw a slew of massive cyberattacks. Those concerned about keeping their accounts and data safe should incorporate safe security practices. In the event of a breach, or even a potential one, it is recommended that passwords be changed immediately. It’s also essential that you not reuse passwords, instead use unique and strong passwords for each of your accounts.

Remember to stay safe out in the cyber world !!!

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged , ,

CIA Rant :-)

Posted on March 10, 2017 | Leave a comment

From a great friend in the business
Chris Roberts:
Chief Security Architect at Acalvio Technologies

Was asked to provide something to a media source….thought I’d post it here too…enjoy..was told to NOT use “its a wake up call….”

1. Of course it’s not a bloody wake up, Oh No! An intelligence spy agency is caught spying…headline news…my ass.

2. Of course it’s not a wake up call, 0Day exploits are as old (almost) as the hills AND the stuff that was in most of the files was nothing new.

3. Tactics, yes nice to see them, but nothing out of the ordinary we didn’t already know OR suspect..

4. Of course it’s not a bloody wake up call when it becomes public (again) that Samsung can’t code worth shit and their TV’s listen in 🙂

5. What IS surprising BUT NOT REALLY is the fact that our CIA friends could have helped THEIR FBI friends get into all sorts of Apple shit…and didn’t

  •  So does the CIA not trust the FBI and it’s inability to retain secrets…welcome to the pot calling the kettle black 🙂
  •  Or does the CIA not want people knowing what we already know…people can break into almost anything, again NOT a bloody wake up call.
  •  Nice to see the CIA practice code re-use, good to see the taxpayer dollars not being spent on re-inventing the bloody wheel, that’s got to be a first!

Chris is always entertaining in his post, thank you Chris !!!!

Leave a comment

Posted in Cyber Security, Hacking, Law Enforcement

Tagged ,

WikiLeaks publishes ‘biggest ever leak of secret CIA documents’

Posted on March 9, 2017 | Leave a comment

The 8,761 documents published by WikiLeaks focus mainly on techniques for hacking and surveillance

The US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices.

The thousands of leaked documents focus mainly on techniques for hacking and reveal how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices.

The leak, named “Vault 7” by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age. It follows disclosures about Afghanistan and Iraq by army intelligence analyst Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.

The new documents appear to be from the CIA’s 200-strong Center for Cyber Intelligence and show in detail how the agency’s digital specialists engage in hacking. Monday’s leak of about 9,000 secret files, which WikiLeaks said was only the first tranche of documents it had obtained, were all relatively recent, running from 2013 to 2016.

The revelations in the documents include:
1. CIA hackers targeted smartphones and computers.
2. The Center for Cyber Intelligence, based at the CIA headquarters in Langley, Virginia, has a second covert base in the US consulate in Frankfurt which covers Europe, the Middle East and Africa.
3. A program called Weeping Angel describes how to attack a Samsung F8000 TV set so that it appears to be off but can still be used for monitoring.

The CIA declined to comment on the leak beyond the agency’s now-stock refusal to verify the content. “We do not comment on the authenticity or content of purported intelligence documents,” wrote CIA spokesperson Heather Fritz Horniak. But it is understood the documents are genuine and a hunt is under way for the leakers or hackers responsible for the leak.

WikiLeaks, in a statement, was vague about its source. “The archive appears to have been circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” the organization said.

The leak feeds into the present feverish controversy in Washington over alleged links between Donald Trump’s team and Russia. US officials have claimed WikiLeaks acts as a conduit for Russian intelligence and Trump sided with the website during the White House election campaign, praising the organization for publishing leaked Hillary Clinton emails.

Asked about the claims regarding vulnerabilities in consumer products, Sean Spicer, the White House press secretary, said: “I’m not going to comment on that. Obviously that’s something that’s not been fully evaluated.”

Asked about Trump’s praise for WikiLeaks during last year’s election, when it published emails hacked from Clinton’s campaign chairman, Spicer told the Guardian: “The president said there’s a difference between Gmail accounts and classified information. The president made that distinction a couple of weeks ago.”

Julian Assange, the WikiLeaks editor-in-chief, said the disclosures were “exceptional from a political, legal and forensic perspective”. WikiLeaks has been criticized in the past for dumping documents on the internet unredacted and this time the names of officials and other information have been blacked out.

WikiLeaks shared the information in advance with Der Spiegel in Germany and La Repubblica in Italy.

Edward Snowden, who is in exile in Russia, said in a series of tweets the documents seemed genuine and that only an insider could know this kind of detail. He tweeted:
The document dealing with Samsung televisions carries the CIA logo and is described as secret. It adds “USA/UK”. It says: “Accomplishments during joint workshop with MI5/BTSS (British Security Service) (week of June 16, 2014).”

It details how to fake it so that the television appears to be off but in reality can be used to monitor targets. It describes the television as being in “Fake Off” mode. Referring to UK involvement, it says: “Received sanitized source code from UK with comms and encryption removed.”

WikiLeaks, in a press release heralding the leak, said: “The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server.”

The role of MI5, the domestic intelligence service, is mainly to track terrorists and foreign intelligence agencies and monitoring along the lines revealed in the CIA documents would require a warrant.

The Snowden revelations created tension between the intelligence agencies and the major IT companies upset that the extent of their cooperation with the NSA had been exposed. But the companies were primarily angered over the revelation the agencies were privately working on ways to hack into their products. The CIA revelations risk renewing the friction with the private sector.

The initial reaction of members of the intelligence community was to question whether the latest revelations were in the public interest.

A source familiar with the CIA’s information security capabilities took issue with WikiLeaks’s comment that the leaker wanted “to initiate a public debate about cyberweapons”. But the source said this was akin to claiming to be worried about nuclear proliferation and then offering up the launch codes for just one country’s nuclear weapons at the moment when a war seemed most likely to begin.

Monday’s leaks also reveal that CIA hackers operating out of the Frankfurt consulate are given diplomatic (“black”) passports and US State Department cover. The documents include instructions for incoming CIA hackers that make Germany’s counter-intelligence efforts appear inconsequential.

The document reads:

“Breeze through German customs because you have your cover-for-action story down pat, and all they did was stamp your passport.

Your cover story (for this trip):

Q: Why are you here?

A: Supporting technical consultations at the consulate.”

The leaks also reveal a number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high-security networks that are disconnected from the internet, such as police record databases. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB stick containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and extracts data.

A CIA attack system called Fine Dining provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos, presenting slides, playing a computer game, or even running a fake virus scanner. But while the decoy application is on the screen, the system is automatically infected and ransacked.

The documents also provide travel advice for hackers heading to Frankfurt: “Flying Lufthansa: Booze is free so enjoy (within reason).”

The rights group Privacy International, in a statement, said it had long warned about government hacking powers. “Insufficient security protections in the growing amount of devices connected to the internet or so-called ‘smart’ devices, such as Samsung smart TVs, only compound the problem, giving governments easier access to our private lives,” the group said.

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Uncategorized

Tagged ,

Yahoo’s hack warning comes from a third breach, Yahoo says

Posted on February 17, 2017 | Leave a comment

How many times does this have to happen??
Three strikes and your out

Yahoo’s newly issued warning to users about malicious hacks is related to a third data breach that the company disclosed in December 2016.

A warning sent to some Yahoo users Wednesday read: “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”

This breach was quietly revealed in a December 2016 statement from Yahoo that provided information on a separate hack that occurred in August 2013 involving more than 1 billion accounts. Some of 2015 and 2016 incidents have been tied to a “state-sponsored actor” that was involved in another 2014 breach that affected up to 500 million accounts.

“Forged cookies” are digital keys that allow access to information without re-entering passwords. The leaked data included email addresses, birth dates and answers to security questions. Yahoo declined to say how many people were affected.

“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” a Yahoo spokesperson said in an emailed statement. “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.”

A source familiar with the matter said the investigations for these breaches are nearing an end.

The earlier, catastrophic breaches that impacted over 1.5 billion accounts raised questions about Yahoo’s security, and called into question the company’s deal to sell itself to Verizon Communications.

Both SunTrust and CFRA retained their hold opinion on Yahoo shares, mostly tied to the fact that Verizon will likely still purchase the internet company and has renegotiated the purchase price. Bloomberg reported that the telecommunications company was able to reduce the initial $4.8 billion price by $250 million due to the data breaches.

I really think it time to delete that Yahoo account and put the matter to bed.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking

Tagged , ,

How to practice cybersecurity (and why it’s different from IT security)

Posted on February 13, 2017 | Leave a comment

Cybersecurity isn’t about one threat or one firewall issue on one computer. It’s about zooming out and getting a bigger perspective on what’s going on in an IT environment.

Credit: Thinkstock

Keeping companies safe from attackers is no longer just a technical issue of having the right defensive technologies in place. To me, this is practicing IT security, which is still needed but doesn’t address what happens after the attackers infiltrate your organization (and they will, despite your best efforts to keep them out).

I’m trying to draw attention to this topic to get security teams, businesses executives and corporate boards to realize that IT security will not help them once attackers infiltrate a target. Once this happens, cybersecurity is required.

In cybersecurity, the defenders acknowledge that highly motivated and creative adversaries are launching sophisticated attacks. There’s also the realization that when software is used as a weapon, building a stronger or taller wall may not necessarily keep out the bad guys. To them, more defensive measures provide them with additional opportunities to find weak spots and gain access to a network.

This mentality goes against the fundamental principle in IT security of erecting multiple defensive layers around what you’re trying to protect. By separating what you’re trying to protect from the outside world, you’re keeping it safe—at least in theory. While this works in physical security, where IT security has its roots, it doesn’t really work when you’re facing enemies who need to be successful just once to carry out their mission. Defenders, unfortunately, don’t have this luxury. They need to catch every attack, every time. Don’t take this statement as a knock against these antivirus software, firewalls and other defensive technologies; they’re still needed in conjunction with cybersecurity.

Cybersecurity means looking for attacker footholds, not malware

IT security and cybersecurity also differ on what action to take after an attacker breaks through your defenses. In IT security, when a problem is detected on one computer, it’s considered an isolated incident and the impact is limited to that machine.

Here’s how that scenario typically plays out: Malware is discovered on the controller’s computer, for example. An IT administrator or maybe a junior security analyst removes the machine from the network and perhaps re-images it. Maybe there’s an investigation into how the computer was infected and a misconfigured firewall is identified as the culprit. So, the firewall configuration is changed, the threat is neutralized, the problem is solved, and a ticket is closed. In IT security, where the quick resolution of an incident is required, this equals success.

Now, here’s how that same incident would be handled from a cybersecurity perspective. The team looking into the incident wouldn’t assume the malware infection is limited to one computer. And they wouldn’t be so quick to wipe the machine clean. They may let the malware run for a bit to see where it phones home and how it acts.

Most important, the incident wouldn’t be seen as a random, one-off event. When you apply a cybersecurity lens to incidents, the belief is that every incident is part of a larger, complex attack that has a much more ambitious goal besides infecting machines with malware. If you close a ticket without asking how an incident or incidents are linked (remember, attacks have many components and adversaries commonly carry out lateral movement) or where else attackers could have gained a foothold, you’re not doing your job.

To practice cybersecurity, zoom out

Practicing cybersecurity begins with security teams changing their mindset around how they handle threats. To start, they need to be encouraged to not quickly close tickets and spend time looking for a full-blown attack in their environment. They also need to understand that cybersecurity isn’t about one threat or one firewall issue on one computer. That view is much too myopic. Zoom out for a bigger view.

I admit this approach is a radical departure from how most organizations currently handle security. Further complicating this perspective is the fact that what I’m proposing can’t be learned in classrooms or professional development courses. The notion of experience being the best teacher applies to figuring out cybersecurity. Step one is thinking like a detective and asking questions about the incident like why was this attack vector used, are there any strange activities (however minor) occurring elsewhere in my IT environment, and why would attackers target our organization.

It’s this big picture thinking that separates cybersecurity from IT security. And it’s big picture thinking that will help companies detect and stop adversaries after they make their way into an organization.

 

Leave a comment

Posted in Cyber Security, Forensic, Hacking, Security

Tagged ,