• Editor’s Note:

    The following applies just as much to physical security as electronic security. Thieves of all kinds often pose as employees or insiders.

    Attackers Posing as Legitimate Insiders Still an Enormous Security Risk

    Help Net Security (09/30/15)

    Cyberattacks that result in the exploitation of privileged and administrator accounts are among the greatest threats to enterprise security, according to a CyberArk survey. The survey polled 573 IT security and C-level executives, and found 61 percent identified privileged account takeover as the the most difficult stage of cyberattacks to mitigate; this was up from 44 percent in 2014. Twenty-one percent of respondents cited malware installation as the most difficult to mitigate stage of an attack, while 12 percent cited the reconnaissance phase. Stolen privileged or administrator accounts also were identified as posing the greatest security risk by 38 percent of respondents, compared to 27 percent who pointed to phishing attacks and 23 percent who cited malware. Respondents also displayed a great deal of overconfidence in their security abilities. Studies routinely find it takes enterprises months to detect breaches, but 55 percent of respondents said they believe they can detect a breach within a matter of days, and 25 percent said they believe they can detect a breach within hours. Forty-four percent said they can completely keep attackers off their networks and 48 percent said lax employees were to blame for breaches. Respondents were most concerned about password hijacking and phishing attacks.

    Web Link

  • Terrorism and Building-Security Technology
    GlobeSt.com (09/23/15) Rossenfeld, Carrie

    Building-security technology is changing as the threat of terrorist attacks evolves, according to Universal Protection Service’s business development manager Christy Gramann. Advancements such as voice or eye/retina bio-metric recognition, and fingerprint bio-metric recognition are opening up new solution possibilities for building access control. Live or active video surveillance is also a focus, as intrusion alarms and motion detection are becoming antiquated, says Cale Dowell, regional director for Houston-based THRIVE Intelligence. When used with a robust remote-monitoring center, new “smart” video analytics can boost the level of actionable situational awareness and response, which can reduce false alarms and speed up intervention. Video technology now allows for “virtual guard tours,” during which a remote live security officer views a sequence of different cameras to simulate walking through a property, which can enhance coverage and save on labor costs. New cameras with built-in DVRs and analytics software can be costly, but existing analog cameras may be retrofitted to work with a new system. Building owners and security managers can stay current on security by partnering with knowledgeable security entities, both private contractors and non-profit security organizations.

    Web Link

  • Spy Chief Warns About Hackers Disrupting Financial Markets
    Bloomberg (09/10/15) Strohm, Chris

    Director of National Intelligence James Clapper told a House intelligence committee hearing Thursday that hacking attacks designed to alter electronic data, rather than steal it, may grow more common as terrorists and criminals seek to undermine financial markets. Clapper’s warning is one of the starkest to date about a new and potentially debilitating form of hacking. U.S. authorities in August broke up an alleged insider trading ring that relied on hackers to steal corporate press announcements, which were then used to trade stocks on the information before it became public. Institutional checks and balances can help prevent the manipulation of data, Clapper said, citing the market monitoring and clearing functions in the U.S. financial sector.

    Web Link | Return to Headlines

    Phishing Schemes Target IT Workers at Critical Infrastructure Companies
    Wall Street Journal (09/09/15) King, Rachael

    Hackers have launched an email campaign that targets government facilities and critical chemical, manufacturing, and energy companies, the Department of Homeland Security (DHS) said in a report released Friday. The DHS Industrial Control Systems Cyber Emergency Response Team’s report follows previous incidents in which the same hackers used social media to target company employees, partially infiltrating one network. Critical infrastructure operators have been facing a greater amount of phishing attempts to try to trick employees into allowing access to networks. Both campaigns involved employees clicking on a URL in the email that prompted them to unknowingly download malicious software that targeted a vulnerability in Adobe Flash Player. According to DHS, in one case a malicious actor posed as a perspective job candidate on social media and got a company employee to download malicious software by opening a file disguised as a resume. One reason that attackers have been able to enter control systems is that some companies have connected business and production networks to get billing and sales data to the business side faster, says Dragos Security CEO Robert M. Lee.

    Web Link | Return to Headlines

    The Hacked Data Broker? Be Very Afraid
    Wall Street Journal (09/08/15) Mims, Christopher

    Many security and privacy researchers are sounding warnings about the potential for a data breach on a scale that would make recent breaches like that of infidelity website Ashley Madison look insignificant: a breach of the data brokers who collect, aggregate, and sell massive amounts of information about consumer behavior. Grady Summers, chief technology officer at FireEye, says that the data collect apparatus built up by data brokers, which tracks everything from browsing history to buying patterns and more, is an extremely tempting target for criminals and intelligence agencies. “You’d want to see everything they do on the Web, everything they’re buying. We’ve built this incredible machine that does that and we don’t even realize it,” said Summers. A breach of one or more of these brokers could have serious implications. Hackers could use the data to craft fiendishly clever phishing emails, something that could be a threat to national security. Experts warn that the status quo, even without the involvement of hackers, has failed to protect consumers. In one case a data broker sold data to a company that later used that data to steal millions of dollars from thousands of people. And there is no guarantee that one or more data brokers hasn’t already been compromised, says security researcher Samy Kamkar.

    Web Link | Return to Headlines

    ICS Flaw Disclosures at High Levels Since Stuxnet Attack
    Security Week (09/09/15) Kovaks, Eduard

    The number of vulnerabilities and exploits affecting industrial control systems (ICS) has increased since the 2011 Stuxnet attack on Iran’s nuclear facilities brought the issue to most people’s attention, according to Recorded Future report. After conducting an analysis of the National Institute of Standards and Technology’s vulnerability database, Recorded Future found that before 2011, fewer than a dozen ICS vulnerabilities were disclosed each year. That number increased to 50 in 2011, reached more than 100 in 2012, and has stayed high ever since. Almost 50 new ICS vulnerabilities were reported in 2015 through mid-July. The number of exploits has also increased. In 2010 there were only six ICS exploits, but that number more than tripled by 2014 and there were already 14 ICS exploits reported in 2015 by mid-July. Siemens and Schneider Electric accounted for nearly have of all ICS vulnerabilities and were affected by the highest number of exploits, although this is unsurprising as they are the vendors with the largest market share. The report notes there have been relatively few actual attacks targeting ICS since Stuxnet, especially in contrast with the “level of fear and paranoia” around such attacks, but it warns the companies and critical infrastructure are still vulnerable and should take precautions.

    Web Link | Return to Headlines

    Hackers Using Victim’s Own Software to Breach Network, Firm Says
    eWeek (09/06/15) Lemos, Robert

    Attackers are increasingly using less or no more malware to compromise and steal data from their targets, according to managed security services firm Dell Secureworks. An alert posted by Dell Secureworks on Sept. 2 detailed that nearly every intrusion investigated by security analysts at the company in the past year involved attackers using compromised credentials to gain entry into the network and legitimate administrator tools to move from system to system. Phil Burdette, senior security researcher for Dell Secureworks, said that such attacks will evade the defenses of companies who only focus on detecting malware-based attacks. Dell Secureworks recommends that companies use two-factor authentication to limit access to employees and make user credentials less useful to attackers. Privileged user accounts should be audited regularly and valuable intellectual property should be identified and closely monitored as well.

    Web Link

  • Report: Some Top Baby Monitors Lack Basic Security Features
    Associated Press (09/03/15)

    A new report from security firm Rapid-7 found that several of the most popular Internet-connected baby monitors currently on the market lack security functions and are vulnerable to even the most basic hacking attempts. Rapid-7 tested nine different baby monitors from companies including iBaby, Lens Laboratories Inc., Withings, Summer Infant, and WiFi Baby. The monitors ranged in price from $55 to $260. The monitors are cameras, frequently mounted above a crib, that provide parents with access to a live video of their baby. Some include other features, like motion or noise detectors that can provide parents alerts when their baby moves or makes a noise. Rapid-7 rated the monitors on a 250-point scale, assigning each a grade between “A” and “F.” Eight of the monitors received and “F,” while one received a “D.” “When one gets an ‘F’ and one gets a ‘D minus,’ there isn’t an appreciable difference,” said Rapid-7’s Mark Stanislav. Vulnerabilities included failing to encrypt data from the monitor, meaning hackers could easily watch the video stream, and weak access controls that could allow hackers to take control of the monitors or use them to launch attacks on other devices connected to the home network.

    Web Link

« Previous Entries