Information Archives - IT Security Guru

50 million iMesh records up for sale on dark web

The Gurus — Wed, 15 Jun 2016 11:57:33 +0000

iMesh, a now defunct service that was once one of the biggest P2P sites in the US, reportedly suffered a data breach in 2013 which has now led to a huge database of 51 million users’ credentials going for sale on the dark web. This is the latest in a string of huge databases coming up online, after the recent breach at MySpace and LinkedIn led to tens of millions of users’ info being loaded onto the dark web.
The hacker behind this leak, Peace, has set an asking price of just half a bitcoin, which converts to roughly £245 ($350). Such a low price is surprising at first, however starts to make sense with a little closer analysis.
Javvad Malik, Security Advocate at AlienVault, told us that the low price would primarily be due to the face that“iMesh is now defunct, so the value is only in seeing if users have reused the passwords elsewhere. The other factors would boil down to market pressures. There are other big breaches out there so in order to sell, it needs to be priced competitively.”
Itsik Mantin, Director of Security Research at Imperva, added that it was likely the data had been aggregated from various sources and that with such a large trove of data, you can expect brute force attacks to become a lot easier and a lot more frequent. He added that “to prevent brute force attacks security officers should not only rely on password policies, but should also take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, being cautious about logins from unexpected countries and anonymous sources and comparing login data to popular passwords and stolen credentials.”
It seems again that the all too common malpractice of using the same password for different online services is what the hackers are gambling on to make their hacking attempts worthwhile. Lamar Bailey, Senior Director of Security R&D at Tripwire, advised users to “create strong unique passwords for each site they visit and that is harder than it sounds given the sheer number of sites people visit every day. The best way to accomplish this is to use a password generator and vault to keep track of your passwords. Many of the products have very minimal costs and they will remind you to change passwords and alert you of breaches to sites you access.”
So it’s another big breach in the news, will we ever learn? The issue is that so much data has been left online by web users, giving hackers reams of intelligence to work off should they decide to target you. Lisa Baergen, Director of NuData Security, explained to us why this matters:
“While it’s good practise to change your usernames and passwords often, victims of a breach need to understand that every single piece of identifiable information exposed is important. Credentials from various breaches are sold in packages on the dark web used, and used to build a “Fullz”, or full online identify profile. These full profiles are sold for higher value than just pieces, because the more complete the information, the more fraud can (and likely will) take place.
“For example, if I’m a hacker and gain access to geographical data on John Smith from breach one e.g. LinkedIn, and bank account information from breach two, I can fill out a loan application or apply for a new credit card as John regularly would. OR more frighteningly, gain access to your work credentials, where the damage could be colossal.
“Where credit card fraud was all the rage a couple years ago, it is this kind of account takeover and new account fraud that is on the painful and dramatic rise. We saw in our own database of nearing 81 billions of behavioural events annually, a 10% month-over-month increase in new account fraud.”

The post 50 million iMesh records up for sale on dark web appeared first on IT Security Guru.

Q&A with David Venable, Masergy

The Gurus — Mon, 06 Jun 2016 09:33:14 +0000

The Guru was lucky enough to get this Q&A with ex-NSA analyst and current VP of cybersecurity at Masergy David Venable – here’s what we found out.
Can you tell me a little about insider threats – how much of a problem are they?
While the entire threat landscape is changing dramatically with the increased sophistication of adversaries, nation state and state-sponsored actors, and rapidly evolving attack surfaces, one of the few things that hasn’t changed is that the insider threat is one of the most, if not the most, insidious threat in almost any environment. That’s not FUD (Fear, Uncertainty and Doubt) either, just look at the negative impact that Edward Snowden’s leak of thousands of files from the US National Security Agency [NSA] has had on the the US intelligence apparatus.
According to A Preliminary Model of Insider Theft of Intellectual Property, a paper published by Carnegie Mellon University, 75% of cases of insider IP thefts were performed by employees. Some 65% had already accepted a new job somewhere else while 35% stole to gain an immediate advantage at a new job. And 25% of cases resulted in the stolen information being given to a foreign government or company.
How widespread or common are these types of threats?
Today external attacks are almost constant and less damaging [with the exception of high-profile attacks and near-total breaches, such as those against Sony and Ashley Madison. By contrast, insider attacks are more rare, but typically far more damaging such as the damage caused by Edward Snowden’s leak of NSA documents to the government’s security infrastructure.
Are business paying enough attention to the threat posed by their employees?
From what I’m seeing in the field, the vast majority of organisations are overlooking the insider threat. Very few organisations are actively posturing against, or frankly even considering, insider threats.
How can technology help to detect and prevent insider attacks?
Behavioral analysis on internal network traffic is one of the best defenses against a ‘Edward Snowden-style’ insider attack. Users typically behave in certain ways. When that behaviour changes, it usually means something. For example, according to Wired, Snowden, who famously leaked thousands of NSA documents, spent a great deal of time scouring the private classified NSA network for documents and downloading them to his workstation, memory sticks and CDs — a dramatic shift from typical behaviour of someone in his role. This would have easily been detected with behavioral analysis.
Data Loss Prevention (DLP), which typically scans outbound data for known sensitive information, can also help, although it’s not a replacement for good physical security. DLP wouldn’t have prevented either Snowden or Chelsea Manning from walking out with secrets burned onto CDs labeled “Lady Gaga.”
Another good prevention technique is to ensure that sensitive documents are properly protected and only accessible by people who have a business ‘need-to-know.’
Unfortunately, none of these will detect or prevent the most dangerous insider threat: when an employee takes sensitive information they have been entrusted with to do their jobs. Unfortunately, this is less preventable via technology and requires insight into employees’ changing behaviors and attitudes.
How do these types of attacks happen, what are the main weaknesses that are being exploited?
One of the most common mechanisms is not a technical one: it’s asking a friend. In fact, according to a Carnegie Mellon University paper, A Preliminary Model of Insider Theft of Intellectual Property, 19% of intellectual property theft cases involved colluding with another insider. In the case of malicious collusion, not much can be done. However, good security awareness training can be invaluable in preventing social engineering attacks – where an employee tricks another employee into providing sensitive information.
Another common technique is improper sharing permissions on drives, folders, and documents.
Finally, and this seems to be rarer, is the use of technological exploitation techniques against internal systems.
Do insider attacks need to be treated differently to external attacks?
First and foremost, CISOs and CIOs need to stop treating the internal network like it’s a safe or trusted zone. It’s not. BYOD environments realise this, but the more important lesson here is that non-BYOD networks aren’t safe either.
Regular internal vulnerability assessments and penetration testing are key to finding and remediating internal weaknesses. Remediation is the key. I can’t even tell you how many internal assessments we’ve performed to check a compliance box that it was done — but the results were never acted upon. The addition of Behavioral IDS (intrusion detection system) sensors on the internal network will improve the situation dramatically, as will regular evaluation of access rights and sharing permissions.
Will insider attacks get better or worse?
It gets worse every day. As Willie Sutton, the infamous American bank robber said, when asked why he robbed banks, “That’s where the money is.” The insider threat is getting worse because that’s where the valuable information is — but there’s an additional component here: that’s also where the weakest controls often are.
We lock down the external. As an industry, we’ve become better at that over the years. However, as long as there’s valuable information, someone’s willing to get access via the HVAC network like the case with retailer Target, recruit an unscrupulous employee, or in some of the worst cases – get a job at a company to gain access to information in order to steal it.

The post Q&A with David Venable, Masergy appeared first on IT Security Guru.

The Guru Briefing: Graeme Stewart, LogPoint UK & Ireland

The Gurus — Fri, 27 May 2016 08:55:26 +0000

In security, SIEM is sometimes hailed as a ‘holistic’ approach – while others look upon it as a box-ticking facet of security, there for compliance purposes rather than actually defending from and reacting to security incidents. With so much confusion over the issue, the Guru felt it was time to sit down with someone who knows the topics inside out – enter Graeme Stewart, managing director at LogPoint UK & Ireland. We were lucky enough to be able to pose some questions to him on all things SIEM to demystify the subject.
ITSG: What is SIEM?
GS: To explain simply, SIEM (Security Information and Event Management) is a technology that reconciles security information in order to provide real-time analysis and security alerts. All network information, from routers to web servers, generates logs regarding what is happening on a network.
The more complex the device, the more sophisticated the information is contained within these logs. Organisations are spending billions of pounds protecting this data from external parties; a SIEM solution helps businesses make greater use of this wealth of data so IT analysts are able to detect security incidents and provide enhanced business intelligence.
ITSG: How does it work?
GS: In theory, every device connected to an IT network generates logs. The problem is that these logs are all generated in a different format. It’s similar to attending an EU Summit whereby officials are not wearing a language headset; everyone is speaking to each other in a different language. The information is available, but nobody is able to understand it.
A business’ IT structure may utilise multiple vendors and systems, all of which are generating different types of information. SIEM takes this information and ‘normalises’ it, effectively converting it into a single language. This then lets users analyse security data in context, allowing departments to make informed decisions based on the information available.
ITSG: How has this form of technology come about and where did it evolve from?
GS: This technology has evolved from older generations of Systems Management technology. Many years ago, security professionals were only interested in generating vast amounts of security logs so they could understand what was happening within their network. For as long as computers have existed, users have always wanted to monitor their systems to extract value from the information logs.
Back in the 90’s this was known as data mining, and in modern times, this process has allowed websites to make intelligent decisions based on the sheer amount of data that is available. This can especially be seen in the advertising industry, for example, whereby Facebook is able to examine users’ profile details and based on the content a person likes or shares, is able to advertise similar products that may be of interest to that specific user. In essence, this is how a SIEM functions.
ITSG: What kinds of data are most useful in apprehending cyberattacks?
GS: In general, most data could be used to help businesses make intelligent decisions, if utilised correctly. In regards to security, if a company has been collecting security logs over a number of years, it can review a previous virus or cyber-attack that has taken place. This is useful because every cyber-attack has specific characteristics attributed to it. This data therefore enables businesses to identify whether they’ve previously had the ‘symptoms’ of a virus, investigate any previous potential breaches and thus help prevent further attacks of a similar nature. Unfortunately, this is something that the majority of antivirus technology is unable to do because when deploying an anti-virus system, it will only function from the moment of installation until the licence expires, looking forward rather than backwards.
ITSG: How do SIEM systems assist with compliance?
GS: Almost all government organisations have a requirement to hold logs and events for investigatory purposes in a tamper-proof way that can be used in a forensically appropriate manner. Many CIOs within organisations see compliance as a ‘tick box exercise’, not understanding the true value a SIEM solution could provide. We want to educate the market regarding how businesses can utilise this data and do something more valuable with the information obtained.
ITSG: What kind of advancements do you foresee in this field of security in the coming years?
GS: SIEM is an extremely intelligent tool, and should be considered as much more than just a box ticking exercise. For example, a SIEM solution can identify that an employee has logged into a database in which he or she has no authority to do so, which could result in disciplinary action. If the SIEM solution is also plugged into the HR infrastructure, it may notify the user that the employee is on annual leave, and therefore the security situation must be addressed in a completely different way.
The additional context the system can provide is where SIEM will become increasingly useful to businesses going forward, helping companies to make more informed decisions. We believe the future of SIEM involves more than just compliance. This is a tool that, in a world with more data than ever before, helps sift through the noise to make the most intelligent security and business decisions.

About Graeme Stewart, Managing Director of LogPoint UK & Ireland
Graeme leads the UK team for LogPoint, an innovative Danish SIEM vendor whose intuitive, adaptable solution is already deployed across Europe and Scandinavia.
Graeme is passionate about improving organisational information security with a practical, real-world approach, and has been involved in multiple industry and Government initiatives to highlight the importance of cyber security to Board and Public Sector executives. He has 20 years’ experience in IT and organisational data security with management roles at McAfee, Sophos, ClearSwift, PGP and Symantec. Graeme is a published thought leader, and an accomplished public speaker and media spokesperson.
About LogPoint
Founded in Denmark, LogPoint is a SIEM specialist with over 300 clients across Europe experiencing its technology since 2008. LogPoint SIEM collates millions of data logs from the disparate systems in your organisation and extracts meaningful information from them that you can act on.
Users enjoy how easily it adapts to stay in sync with client needs, from surpassing compliance demands, to seamlessly defending against cybercrime and fraud, and optimising IT operations. LogPoint’s SIEM software is NATO standard EAL3+ certified, costed on a direct affordable basis and flexible to suit your changing requirements. The scale-as-you-grow principle allows for quick and easy visualisation with only a few resources – no matter how vast the IT landscape, no matter how dense the data. With headquarters in Copenhagen, its sales and support offices are located throughout Europe and its partnerships reach across the globe.

The post The Guru Briefing: Graeme Stewart, LogPoint UK & Ireland appeared first on IT Security Guru.

FBI lawyer refuses to say whether data extracted from San Bernardino iPhone is 'useful'

The Gurus — Wed, 06 Apr 2016 10:36:38 +0000

During an interview at Tuesday’s International Association of Privacy Professionals conference in Washington, FBI lawyer James A. Baker said data extracted from an iPhone linked to San Bernardino terror suspect Syed Rizwan Farook is being applied to the agency’s ongoing investigation, reports The New York Times. He was less forthcoming when asked if the phone contained useful information.
“We’re still working on that, I guess is the answer,” Baker said, adding, “It was worth the fight to make sure that we have turned over every rock that we can with respect to the investigation. We owe it to the victims and the families to make sure that we pursue every logical lead.”

Original source: AppleInsider
View the full story here

The post FBI lawyer refuses to say whether data extracted from San Bernardino iPhone is 'useful' appeared first on IT Security Guru.

FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

The Gurus — Tue, 05 Apr 2016 09:10:52 +0000

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.
The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.
Original Source: Motherboard
View the full story here

The post FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years appeared first on IT Security Guru.

Russian cyberspies Pawn Storm add Turkey to the target list

The Gurus — Tue, 08 Mar 2016 10:56:28 +0000

Cyberattack group Pawn Storm have added Turkish political targets to an ever-increasing list of people to spy upon for the benefit of Russia.
On Monday, Trend Micro researchers said in a blog post that Pawn Storm, well-known for spying upon political targets across the world, is now targeting several government offices — including the Prime Minister’s office and the Turkish parliament — as well as one of the largest media publications in the country.
Pawn Storm’s cyberattacks, aimed at compromising networks and systems for the sake of cyberespionage, often correlate to Russian politics. The group, believed to be state-sponsored, has attacked a diverse range of targets in the past including the military, diplomats, journalists, developers and political dissidents.
Original Source: ZDNet
View the full story here

The post Russian cyberspies Pawn Storm add Turkey to the target list appeared first on IT Security Guru.

Clark County water district hit with cyber attack

The Gurus — Tue, 08 Mar 2016 10:53:35 +0000

The Clark County Water Reclamation District has been hit with a cyber-attack but officials say operations haven’t been disrupted and no customer or employee information was hacked.
The agency said in a statement Monday that its computer system was attacked late Friday night.
Computers were shut down as a precaution but operations at all seven treatment facilities and customer service centers were not affected.
Authorities are investigating and law enforcement has been notified.

Original Source: KOLO
View the full story here

The post Clark County water district hit with cyber attack appeared first on IT Security Guru.

Former DoE worker was hacking to steal nuclear secrets and resell them

The Gurus — Thu, 04 Feb 2016 11:00:10 +0000

A former employee at the Department of Energy (DoE), Charles Harvey Eccleston [62], has pleaded guilty of cyber espionage. The man attempted to infect al least 80 colleagues at the DOE spreading a malware with the intent to gain control of the victims’ machines.
The man was operating to open the door to foreign hackers, allowing them to exfiltrate sensitive information related to nuclear weapons.
According to the US Department of Justice, Eccleston attempted unauthorized access and intentional damage to a protected computer.

Original Source: Security Affairs
View the full story here

The post Former DoE worker was hacking to steal nuclear secrets and resell them appeared first on IT Security Guru.

Nasa hack: AnonSec attempts to crash $222m drone, releases secret flight videos and employee data

The Gurus — Tue, 02 Feb 2016 11:04:50 +0000

Hackers from the AnonSec group who spent several months hacking Nasa have released a huge data dump and revealed they tried to bring down a $222m Global Hawk Drone into the Pacific Ocean. The hack included employee personal details, flight logs and video footage collected from unmanned and manned aircraft.
The 250GB data dump contained the names, email addresses and phone numbers of 2,414 Nasa employees, 2,143 flight logs and 631 videos taken from Nasa aircraft and radar feeds, as well as a self-published paper (known as a “zine”) from the group explaining the extensive technical vulnerabilities that the hackers were able to breach.

Original Source: International Business Times
View the full story here

The post Nasa hack: AnonSec attempts to crash $222m drone, releases secret flight videos and employee data appeared first on IT Security Guru.

Businesses face significant challenge in applying new EU Data Protection Regulation to paper records

The Gurus — Wed, 27 Jan 2016 10:55:25 +0000

Iron Mountain advises on the key areas to address
At the end of last year, the European Parliament and Council reached agreement on the General Data Protection Regulation (GDPR) proposed by the European Commission. The new rules, which will come into force in early 2018, represent the greatest change to data protection legislation since the dawn of the Internet. They will affect any organisation across the world that handles data of European origin.
According to information management and storage company Iron Mountain (NYSE: IRM), the reforms, which aim to reflect the changing needs of the digital economy and champion the data privacy rights of the individual, could prove difficult to apply to paper-based information. To help companies ensure their paper records don’t fall foul of the regulations, Iron Mountain has prepared the following guidance on some of the key components of the GDPR:

Make sure you can find the information you need. Before you can de-identify or delete information you need to be able to find it. The reforms will enshrine the consumer’s ‘right to be forgotten’ in European law and businesses will need to respond to requests to delete personal information. Unfortunately, while it may be easy to remove digital data from a record or database, hard copies are far more difficult to amend. Iron Mountain research shows that close to a quarter (22 per cent) of companies have no policy regarding paper filing and allow employees to decide what to do for themselves. As a result, in many organisations, no single person or defined team has complete oversight of what information is stored where. Even when the information can be located, there are the practical challenges of having to partially edit documents, often by hand.

Iron Mountain advises organisations to identify the departments and functional areas most likely to create and store records containing personally identifiable information (PII) and to prioritise scanning and secure offsite storage for those records. Organisations should also implement and enforce a clear filing and identification system for all paper records, with tags and metadata marked on box files and cartons, with clearly defined access rights and accountabilities.

Be aware that paper often leads a double or triple life. Clearly defined processes for managing information from creation to secure destruction may not be enough on their own. Paper can slip through the cracks of the strictest information classification and storage policies, simply by being copied or printed and left lying around, carelessly disposed of, or even removed from a secure building. The 2015 Privacy and Security Enforcement tracker report from PwC reveals that many European data security incidents that result in a penalty stem from human error in the handling of paper documents. Consequently, despite the best intentions of an organisation to comply with a data deletion request, employees may be keeping the data alive in a desk drawer or home office environment.

Iron Mountain advises companies to complement their information management policies and processes with regular employee training and communication that show staff how to manage information securely and support a business-wide culture of information responsibility. Every employee should understand what constitutes private or confidential data and how to handle it.

Build privacy into your processes. The GDPR want privacy to be a forethought in how information is produced, managed and disposed of. For paper this will all be about information handling processes. Iron Mountain advises that organisations should make it difficult, if not impossible, for unauthorised people to access or make copies of documents that carry personally identifiable information. Information storage, retention and destruction processes should all be reviewed with privacy requirements in mind – and adapted where necessary.
Accept that some rules simply won’t apply. Elements of the GDPR, such as data portability will be difficult to apply to information stored only on paper. In some cases this lack of applicability is an advantage. For example, demands for robust cyber-security measures do not apply to paper, because it can’t be hacked.

“There is a wealth of business advice available on how to prepare for the new legislation, but it’s almost all focused on electronic data and IT security – ignore paper at your peril,” advises Gavin Siggers, Director of Professional Services from Iron Mountain. ”Organisations continue to create and process paper documents carrying personal information. Many have accumulated vast paper archives, stretching back decades. This legacy will present problems for any organisations no longer sure what information they hold in the archive. It is now more important than ever to know what you have, know where it is and know how to get to it when you need it. ”
www.ironmountain.co.uk

The post Businesses face significant challenge in applying new EU Data Protection Regulation to paper records appeared first on IT Security Guru.