Skip to content

 

Worried about Cybersecurity?  Or do you want to improve your Cybersecurity program?

With the new Facebook data leak scandal in the spotlight - are you concerned over how your company deals with customer data?

 

Our latest blogpost at Oversitesentry: http://oversitesentry.com/protect-privacy-of-client-data-using-new-ways/ discusses what could happen as the new EU privacy regulations are going to be enforced.

Make no mistake the regulations in America will also change (towards Cyber privacy).  As self-regulation has not worked for the industry.

You may have needed a security policy for PCI(Payment Card Industry) compliance in the past, but you will likely need a way to write down what your policies are, hence the need for a security policy for many regulations today and tomorrow.

Good news on that front  -  At Fixvirus.com we have a spring cleaning special April - through May   we will offer our Alpha scan at half price.

If you are in need to just discuss some Cybersecurity first - contact us and the half off - still stands.  Half off consulting time and material up to 10 hours.

 

There are many projects we are involved in, but we have a strict policy of not discussing our projects with the world. For the right project, we are willing to make monetary concessions so that we can use your project as an example on our marketing efforts.   We would never divulge details just general items such as:

Company ABC has improved security policy - performed Alpha scan due diligence.

 

   

CISA Certified Information Systems Auditor®

 

Do you need a fresh perspective?

Is your IT staff overworked? Do they get projects completed on time and under budget?

What is the true value of knowing your Cybersecurity risks and threats?

Does your IT staff have the experience to give you a proper report of your Cybersecurity compliance reports?

CISA certified means Certified Information Systems Auditor. Which means you will get a proper report after a thorough review.

We know that 25% of companies do not patch their computers within any reasonable time period, this is a very large amount of companies. We also know that 22% of companies do not backup their files.

So there is a large amount of entities not doing what they should to protect themselves and us as well.

since the problem is if they get infected, now their machines may have your email address in their address list.

And then you wonder, why is this person sending me an email?  Well, their machine was compromised and is now sending spam malware to everyone.

And guess what, the badly configured machines will get attacked again and again.

This is not like lightning - Cybersecurity strikes again and again until you fix the processes for good. although there are no guarantees at least you can make the risk minimal.

Contact Us to discuss how to check your IT staff and make sure you will stay in business even after an attack. Or to get your ship in shape before something happens.

https://www.youtube.com/edit?o=U&video_id=QNLB185u9Nw

I bet you did know you are playing Cybersecurity Russian Roulette? Do you have a 500Barrel Gun or a 1000barrel gun?

How would you find it? Well we have to find out what kind of software you have…  and the vulnerabilities they have.

Attack timeline vulnerabilities

What can be done? Patch your devices, learn how to perform risk management with all digital devices.

Don’t play Cybersecurity roulette, you can have risk management that can mitigate risks and keep things manageable.

Also posted on my Blog at Oversitesentry

 

Malware is becoming more sophisticated - and it is difficult if not impossible to catch every virus/malware that is being created constantly.

cantcatchallmalware

If this is a true statement:  "My IT department will not catch all malware that is being created"  even with anti-virus Next gen firewall and more. Now what?

 

We have to try to detect the malware as fast as possible after it affects the computer - and then react to it.

 

But you say - what do you mean - I catch all the viruses and malware...  i have anti-virus and a new firewall that inspects network traffic, I have anti-spam which removes all the known viruses.

Ok let me do this for you:   100% of all KNOWN viruses and malware are caught by your awesome people and technologies.  Known only.

Are you familiar with new attacks that can exploit software before it has been patched? Otherwise known as Zero-day or 0-day.

I have discussed this before at my blog Oversitesentry¹ Zero-days are very dangerous as there is no defense against them. So at this point I want to show you our difficulty in defense of the network and computers:

 

nevermindthedetails  from youtube Video of Pablo Breuer CircleCityCon²

For example: At any 1 point in time there are 0.001% of people that can write one 0-day exploit per year (this is a reasonable timeframe) 1 out of a 100,000.

We know China is very interested in Cyber warfare and stealing secrets - making money etc. So in China there are 1.357 Billion people in China(2013) as per Google.

So therefore there will be 13,570 0-days written in a year. So let's say 85% of these 0-days are caught by our defenses because the attack looks similar to a current known virus (which we detect) or otherwise effect.

So 85% of 13,570 = 11,535  of which consists of detected zero-days.

So unfortunately 2,036 0-day attacks will not be identified.

 

And now you know why the Attacker has the advantage  - it is hard to keep up with 2000+ new attacks per year - almost 6 per day.

I have said this before(attacker advantage)³

morepredatorsthanprey

Offense only has to be right once to penetrate successfully. Whereas the defender has to work 365 days of the year.

We have our work cut out for us - as every IT function must work just right, this is too important and thus must get audited by a separate entity like us.

Contact Me Tony Zafiropoulos 314-504-3974  to get the conversation started.  To increase your focus on the things that matter - detect and react.

  1. https://www.youtube.com/watch?v=lVkTI-3BMY8
  2. http://oversitesentry.com/newsflash-software-has-bugs-0day-vulnerabilities/
  3. http://oversitesentry.com/reviewing-all-of-the-changes-in-2015/

 

 

 

Please consider taking this survey as we are interested in your cybersecurity needs and are exploring products (apps etc.) to create and fulfill market needs.

fixvirus-logo300x200  Survey

What Do I mean when I say "Start With Some Cybersecurity"?

At Fixvirus.com we will help you design your own Cybersecurity department, or help you with just enough Cybersecurity.

What do i mean 'with just enough Cybersecurity'?

 

I think it is safe to say that most of us do not think about the security of our phones, computers and tablets. As a whole people want their electronic devices to work.

Is this indicative of what we want in our companies? Do we expect the IT department to keep us safe and secure?  We don't want to think about this we just want it to happen.

So what to do? Why does the IT department need oversight? Because testing their abilities in a nice way tells them they are doing a good job and tells you the IT job is being done well.

You can still get hacked, but at least the i's were dotted and T's crossed.

The key in our environments anyway is what happens after the hacker is in. You don't want them to steal anything and get away with it. You have to set up methods to track down when a hacker is doing their work and shut down the exfiltration (or stealing of data to an external machine).

 

So to start we have to audit the environment and count all the computers before doing the next steps.

  1. audit environment - count the computers, find out what is running on the computers. (count computers = find them all and review what is running on them)
  2. Audit the software since just knowing what hardware or in virtual machines, the instances of servers is not enough. We must know the type and version of software running, since a vulnerability alert can cause PCI compliance to be in jeopardy. The criminal hacker is looking for your software, so you should know what is in your environment as well.
  3. Doing vulnerability assessments means trying to uncover unpatched software in your environment. ( just like the criminal hacker would do and like you are supposed to do for PCI compliance - HIPAA compliance and all other governance) as it only makes sense.
  4. What about the Zero-day attacks? the attacks that cannot be patched? Since the hackers found a problem that can be exploited. Well for these situation we have to have a detect and monitor program. Check the logs, check the network traffic (which means a SIEM - Security Information Event Manager) and IPS (Intrusion Prevention System).
    1. Although  the SIEM-IPS systems will not prevent all attacks, they will prevent a lot and with vigilance we can keep up with attacks on our environment with enough resources.

 

riskmanagamentframework

[Image from NIST(National Institute of Standards and Technology) 800-37 documents¹]

If risk management is to work properly in an entity it must be assessed given enough time to review all your data and usage of computers.

So yes the first thing one must do is to find out what and how your Info tech is being used. so don't just learn what is running on each computer, but rate each item to its risk factor:

You must classify data from High importance, to Low importance.

riskmanagmentmatrix

High Importance data can then be properly classified in Cyber Risk categories.

We will review each step of the path to better Cybersecurity again and again as that is what we are all about.

Contact us to discuss Contact me Tony Zafiropoulos 314-504-3974

 

Our hashtag #testYourSecurity should be everyone's hashtag that wants more Cybersecurity.

cropped-cropped-Header-logowordpress1600x320.png

 

 

 

 

  1. http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf

We have added many pages in the last few days.  And will continue to add pages in the coming months.

Notice how the menu opens at "Our Services"

Now there are three submenus - Offensive, Defensive Cybersecurity services, and Reports.

 

fixvirusmenu

Offensive Cybersecurity Services

We test - audit your environment to make you safer  with our 4 security service products: A(Alpha), Σ(Sigma)Ω(Omega), and Ψ(Psi)

Reports for the test audits

The Alpha(A) service   - Report Alpha

The Sigma(Σ) Service    -  Report Sigma

The Omega(Ω) Service  - Report Omega

The Psi(Ψ) Service - or Wifi - Report Psi

Defensive Cybersecurity Services

Cloud Company evaluations

Social Enginering Knowledge

Offense Has Advantage - We Must Analyze Logs

Security and PCI compliance is part of defense

Security Policies (Network, Computers, and More) 

Cybersecurity Consulting Services  (another submenu)

What does it mean Certified Ethical Hacker ?

Explaining the hacker attack cycle to understand how the criminals are battering against your castle (your network)  This section could be a bit technical.

Why Test your systems?

The Fixvirus video show that explains it:

According to Kaspersky Group  report:

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf

There is malware that can infect hard drive firmware and then perform other tasks

At page 23 #14 says:

23

 

"14.
What C&C infrastructure do the Equation group implants use?
The Equation group uses a vast C&C infrastructure that includes more than
300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.
All C&C domains appear to have been registered through the same two major
registrars, using “Domains By Proxy” to mask the registrant’s information.
Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."
C&C means command & control.
The infected hard drive means nothing without being able to "phone home".  So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.
Contact Us to help you with setting up your IPS or purchasing an IPS system that works for you.


johnstewartbloomberg   Bloomberg screenshot this morning.

The news reports are out - a Stuxnet malware was installed in your firmware thus infecting your hard drives and you cant do anything about it.

the news reports are everywhere:

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

As usual The Storm Center has the detailed information:

https://isc.sans.edu/forums/diary/A+Different+Kind+of+Equation/19345/

This is the money quote:

"You can find the original blog post here: http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

 

This is also the true detail: http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf"

 

But my point will be I dont care if the NSA has " listening device" on my hard drive. You can shut down the NSA completely by running an IPS system as I discussed in my blog post at oversitesentry.com

http://oversitesentry.com/2-steps-stops-all-cyberattacks/

commandandcontrol

Check that communication out the client (your computer) running the malware(NSA or other) always wants to talk to C^2 or Command&Control.

 

You can stop C&C communications!

All you have to do is install an IPS (Intrusion Prevention System) and configure it correctly. It will reset the network connection and thus drop the connection.

 

The IPS can be built into the firewall (they are now called NGFW or Next Generation Firewalls) to save on the amount of problems and

The problem that this disclosure created is the idea in the criminal mindset to create a stuxnet clone. So it is going to be even more important for all businesses to install a firewall

with IPS capabilities.

 

Contact Me for more...

TonyZ

 

 

 

First we made a special short video on what an Ethical hacker does:

Second the Video for the Fixvirus Security show:

News of Day is about this week's  patch Tuesday, there are several critical patches for Microsoft software and your IT department should patch multiple patches, as they are remote code execution (and thus very dangerous). Hackers can create attacks any time now, and if you do not patch your machine then it will be hacked by criminal Hackers.

 

Tip of Day: We need to move to a Six Sigma IT methodology - which means we need to

A. Define

B. Measure

C. Analyze

D. Improve

E. Control

 

So we need to test your IT environment to ensure it is performing as prescribed.

The only way to create an environment where only 1 mistake in a million can occur is if you are constantly testing from the outside.

that is where we can help: http://www.fixvirus.com/contact-us/