Skip to content

hacker process explained:

Don't get SVAPEC'd

Criminal Hackers use this method:

Scan-> Vulnerability Assessment --> Penetrate and Exploit --> Control = SVAPE&C

You should do the SVA - Scan--> Vulnerability Assessment --> Mitigate the vulnerability or fix the problem.

 

we can help you with SVA Contact US

Why do hackers want to hack you? To steal your data and reputation, so they can make money. (a criminal in Romania - $10000 is a lot of money)  or Russia - please add all countries with lax laws and legal systems.

fbi-criminals  fbi-russianexpansionintocrime

(images from black hat 2014)   My blog post at OversiteSentry  This all started with some Russian criminals figuring out they can make money using hacker techniques in the late 1990's

How do hackers attack you?

  1. Assess first – what systems are there?
  2. What is vulnerable? (vulnerability analysis)
  3. Figure out what to attack (what will make most money/achieve goals)
  4. Exploitation – attack and go on system – steal the information
  5. Control the system leave behind programs to come back- allows the ability to use your system

Russian criminal organizations as well as other criminal organizations have automated attacks to find weak spots. If you have a weak spot it will be found.

attacklifecycle

Mandiant has developed an attack lifecycle diagram with China's Attack hacker section of the PLA

My blogpost http://oversitesentry.com/easier-to-steal-technology-than-create-your-own-says-china/

Essentially - it is very easy for a hacker once they learn how to attack one computer, to attack a thousand computers.  If you have a vulnerability they will find it. and then exploit, so the only thing you can do is to employ your own hacker - an ethical hacker like us. at Fixvirus.com - check our scan solutions:   http://oversitesentry.com/solutions

2nd show Fixvirus Security Show

NewsofDay:

POODLE(Padding Oracle On Downgraded Legacy) resurfaces -

i.e. Not just the original issue https://www.openssl.org/~bodo/ssl-poodle.pdf -

But the new one: https://www.imperialviolet.org/2014/12/08/poodleagain.html

F5 has issued a list of products needing patches

You can scan your website (to see if vulnerable) from Qualys free Server test: https://www.ssllabs.com/ssltest/

Video:

 

Tipofday:

raspberry-fixvirusshow  Here is the screenshot of raspberry+ with wifi the hack of day: what if one of these devices is in your network (dropped off by a hacker to steal your network information)

it is a good idea to audit your network to uncover any devices that you may not be aware of. All IP addresses need to be accounted for.  

We would help your IT department in the audit process, or audit using open source security(hacker) tools, then inform you and your IT department.

 

 

We will set up a daily(M-F) Tip-of-day and News-of-day segment

Here is the first one - about tomorrows Patch Tuesday and plan for next year - replace old machines/ AV software replace/upgrade.


Always better to replace the AV software engine rather than just renewing the service agreement.

If you have questions, or need help with decisions to be made, we can help you - Contact Us Tony Zafiropoulos - 314-504-3974 tonyz"@"fixvirus.com

Our Blog at Oversitesentry.com goes over in some detail the new XSS attack vector.

An exifdata image could include scripts that may affect you or your website visitors in unimagined ways.

 

Only the evil hackers with their money making ventures causing untold damage and their imagination creating havoc, so only time will tell what attacks will be coming our way.

 

Essentially whenever  a new type of attack is uncovered:

1. are you susceptible?   Is your website accepting images automatically?

2. Is your blog software susceptible?

3. When downloading images, a separate process of checking the details of the images should be done from unknown sites.

Contact Us if you have any questions on this issue or other Security issues.

It means anyone with Internet can email you anywhere in the world - that is a good thing (it may not be that useful if you have a business in Saint Louis, unless one exports)

But besides email it means anyone with an Internet connection can check your machine out using free scanners (nmap.org)

If you think about it for a minute, all hackers in the world are looking for mischief, that means that as more and more people go online there will be more criminals that go online. More people with free scanners checking into your machines.

ciscointernetofthings

So more scanners, more hackers, more devices attacking.

The good thing of global Internet is that someone in Europe with money could buy your stuff (if one is set up for it)

And there are good hackers called Certified Ethical Hackerscertified-ethical-hacker-Logo

which will scan your systems, write a report  We write the report after scanning

remember that the PCI DSS 3.0 standard has been updated (as of November 2013)

Specifically this part:

pci11-3

Notice how after 6/30/2015 Penetration testing quarterly is not "recommended", now it is required.

contact us to review your security profile

 

Securosis discusses the "CloudSOC"

 

And as usual one has to decide what they will protect - is your data on the cloud? Where is your data?

I liked this comment:

"You can take some hints from folks that have already grappled with this decision: security monitoring providers. These services either built their own private cloud to accommodate (and protect) client data, or leverage yet-another IaaS or PaaS cloud to provide the infrastructure to store the data. Many of you will find the financial and scalability advantages of storing cloud data in a cloud services is more compelling than moving all of that collected data back to an on-prem system."

IaaS - Infrastructure as a Service, PaaS - Platform as a Service.

At Fixvirus.com -  we have reviewed many a cloud company and have set up http://www.fixvirus.com/cloud-systems-providers/  Link prominently on the Menu above.

 

Since we believe that the cloud is an important aspect of today's computing environment. The CloudSOC will also be important to create.  As usual it is important to decide how to enter the cloud - even as a Security operations center, what data is to be stored there, how will it be reviewed and analysed. Setting up the cloud correctly is important.

 

There are some players in this space already:

Elastica  with a free SaaS(Software as a Service) audit

Cloudsoc.com also has set up some apps and looks to be DNS analytics based.    Crunchbase notes the founders and a quick overview of CloudSOC the company

To Some degree some people can set up a "CloudSOC" with Splunk (an app about searching on data), more on this later... Splunk: "Search, monitor and analyze any machine data. Empower people with powerful visibility and insights. "

As you can surmise this is not a 5 minute thought process, as it has to be reviewed with the various aspects of your compliance, data, network, and computing processes. In short order a comprehensive review and audit should be done before deciding on how a CloudSOC can help you.

 

Contact Us to perform an audit.